Question about the AD/LDAP integration
-
My new users can not sign into my rocket.chat instance. They have tried the following
username
username@domain.com
cloudronemail@domain.comBut nothing is working.
Nextcloud works flawlessly with the LDAP integration, am I missing something here?
-
My new users can not sign into my rocket.chat instance. They have tried the following
username
username@domain.com
cloudronemail@domain.comBut nothing is working.
Nextcloud works flawlessly with the LDAP integration, am I missing something here?
-
@privsec Same issue here. Just tried Rocket.chat because of my nextcloud talk issues. Turns out LDAP is messed up. Even with a manual sync it brings in every user BUT mine...
@atrilahiji @privsec Did you name the initial admin user as
adminor did you give the Cloudron's username? If it's the latter, then the usernames with conflict with LDAP and it won't work. -
@atrilahiji @privsec Did you name the initial admin user as
adminor did you give the Cloudron's username? If it's the latter, then the usernames with conflict with LDAP and it won't work.@girish I made it admin
-
This still seems to be working fine for me.
@thetomester13 is a new user on my Cloudron and he managed to login to https://chat.uniteddiversity.coop fine yesterday.
-
I just created a brand new user, and had them try to sign in, and its not working. I have my main account for rocket.chat as admin.
-
So this is what I see for every combination. The last image is what I have in my user information table in cloudron
-
@privsec The only way I can get in is by registering. I have confirmed this to also be true in my osTicket instance
It seems my ldap is somehow borked
@privsec So it seems like its not just a blanket issue with LDAP. Likely config on those specific apps? Just tried verdaccio and it works just fine.
-
@privsec So it seems like its not just a blanket issue with LDAP. Likely config on those specific apps? Just tried verdaccio and it works just fine.
-
@privsec Heh I goofed. Should have been obvious. Did you by chance register the admin account using the same email you have for your cloudron admin account? That will cause this issue. It tries to map the email and can't because theres a duplicate.
-
@privsec Heh I goofed. Should have been obvious. Did you by chance register the admin account using the same email you have for your cloudron admin account? That will cause this issue. It tries to map the email and can't because theres a duplicate.
-
@atrilahiji To be clear, my cloudron sign in email needs to be the same email as my admin account for rocket.chat?
Is that the same for all apps?
@privsec No no no. It should not be. Make your initial admin account have an email like admin@local.com (doesn't need to be real) and ensure it has a username that does not match any account pulled in VIA LDAP
-
@privsec Heh I goofed. Should have been obvious. Did you by chance register the admin account using the same email you have for your cloudron admin account? That will cause this issue. It tries to map the email and can't because theres a duplicate.
@atrilahiji said in Question about the AD/LDAP integration:
It tries to map the email and can't because theres a duplicate
Yup, exactly. I actually put the message in the post install dialog but it's easy to miss it. You can also see this text in the top right of the app configure view. In the drop down select, First time setup instructions.
Here it is again:Please follow the following guidelines to complete the Rocket.Chat admin setup: * Use `admin` as the admin username in Rocket.Chat. This will avoid any conflict with Cloudron usernames. * Use an email address that is different from the Cloudron primary email. This will avoid any conflict with Cloudron email ids. -
@privsec No no no. It should not be. Make your initial admin account have an email like admin@local.com (doesn't need to be real) and ensure it has a username that does not match any account pulled in VIA LDAP
-
@atrilahiji Then it is set up correctly.
My admin account is not tied to any real account in cloudron and the email is tied to email account that was created specifically for this app.@privsec In the Access Control section, does it say "User management " or does it say "Dashboard Visibility" ?
-
@privsec In the Access Control section, does it say "User management " or does it say "Dashboard Visibility" ?
-
To be clear, this is how my mailboxes are set up currently
This wouldn't be a problem, right? If it is, how do I fix this?
@privsec The cloudron email server and the user email ids are totally separate things (i.e Cloudron LDAP integration point of view). The mailboxes is just local to the Cloudron Email and is not part of the LDAP directory and thus apps have no idea about it.
The email id that apps know about is the one in the Users page. Users can also change this email in their profile page.
This doesn't answer why you are unable to login as
testuserthough. I am not sure what is happening, can you send us an email on support@cloudron.io, so we can look into this? Our own rocket.chat instance seems to be working fine. I also tried a new local instance and that too works fine. -
@privsec The cloudron email server and the user email ids are totally separate things (i.e Cloudron LDAP integration point of view). The mailboxes is just local to the Cloudron Email and is not part of the LDAP directory and thus apps have no idea about it.
The email id that apps know about is the one in the Users page. Users can also change this email in their profile page.
This doesn't answer why you are unable to login as
testuserthough. I am not sure what is happening, can you send us an email on support@cloudron.io, so we can look into this? Our own rocket.chat instance seems to be working fine. I also tried a new local instance and that too works fine.
