How to prevent LDAP Settings overwrite?

simong

Hi,

I currently have the problem that Cloudron overwrites the LDAP entries that I have entered in the admin interface. Is there a way to prevent this behaviour?

Thanks,

Simon

nebulon

@simong at the moment the Snipe-IT package only comes with Cloudron usermanagement integration, so it will always ensure the LDAP settings are bound to the LDAP server on your Cloudron.

If we want to support other external user-management systems, then we have to change the package to support non-Cloudron user management as well.

simong

@nebulon Hi, for 2 years now I have to manually overwrite the LDAP Settings 2-3 times a week. Would it be possible to not use the cloudron LDAP in any way? Maybe with a startup script? I need some custom LDAP filters.

nebulon

The package was not changed to support non-Cloudron logins, so this is still the same situation. We haven't gotten much interest at all about changing this so far.

plusone-nick

Could this not be overwritten with env var?
Or maybe the config should be moved to env for end user config?

girish

@simong Seeking clarification. Are you using another LDAP server altogether or just wanting to modify a filter while using the Cloudron LDAP server? Depending on your situation, we can fix the package.

girish

Currently, we configure it like this:

        $settings = Setting::first();
        $settings->custom_forgot_pass_url = env('CLOUDRON_API_ORIGIN') . '/login.html?passwordReset';
        $settings->ldap_enabled = 1;
        $settings->ldap_server = env('CLOUDRON_LDAP_URL');
        $settings->ldap_uname = env('CLOUDRON_LDAP_BIND_DN');
        $settings->ldap_pword = $encrypter->encrypt(env('CLOUDRON_LDAP_BIND_PASSWORD'));
        $settings->ldap_basedn = env('CLOUDRON_LDAP_USERS_BASE_DN');
        $settings->ldap_filter = '&(objectclass=user)';
        $settings->ldap_username_field = 'username';
        $settings->ldap_lname_field = 'sn';
        $settings->ldap_fname_field = 'givenname';
        $settings->ldap_auth_filter_query = 'username=';
        $settings->ldap_email = 'mail';
        $settings->ldap_pw_sync = 0;
        $settings->save();

simong

@girish I want to use this filter:
&(objectCategory=person)(objectClass=user)(department=*)(title=*)
I use the Azure ADDS Server directly to use this filter.

It would be really great to have these settings in the env file.

nebulon

just for clarification, you are using and configuring azure as your ldap server for this app, not using CLOUDRON_LDAP_URL and such?

plusone-nick

i think they want $settings->ldap_filter = env('CLOUDRON_LDAP_FILTER');

simong

@nebulon yes
I just want to define the LDAP server, filter, user, basedn, password and fields in the env file or somewhere else or have the option to disable that the ldap settings get overwritten after every restart.

girish

@simong I have published a new package where you can install with user management disabled. Importing your existing setup might be a bit complicated though because we don't support LDAP support being turned on/off dynamically. Maybe you can try this:

• Update your existing installation to new package
• Install a fresh installation (in another subdomain) with no user management
• Import the latest backup of old installation into the fresh installation - https://docs.cloudron.io/backups/#import-app-backup
• Configure LDAP in new installation
• If everything works ok, you can switch things over.

simong

@girish I did a fresh installation and added some ldap credentials there. But after a reboot, they are overwritten with empty values and some predefined filters:

This is without any import of a backup or other changes.

girish

@simong I can reproduce this, seems like a bug in the package I just released.

girish

@simong I have published a new one, can you re-install the package and try?

simong

@girish It works now