First time setup/Admin notes show incorrect + LDAP default role not functioning

Fuko

Hi all,

it seems the either the docs or first time install notes are incorrect regarding setting the default ldap role, first time install says the path is "/app/data/env" while the docs say "/app/data/env.sh"
I am not sure which is correct, as I can not get either to work.
I am also having to assume you get the role ID from the url like this "/admin/settings/roles/524eadcb-5b8b-4bf6-ae4e-7f0e02c54ed6" as that is also not in the docs.

Any clarification on this would be appreciated, as well as a correction of whichever location is wrong.

First time install notes

https://docs.cloudron.io/apps/directus/

Thanks all!

nebulon

Looking at start.sh script of the app, both files are currently treated the same essentially: https://git.cloudron.io/packages/directus-app/-/blob/master/start.sh?ref_type=heads#L112

The one in the long run will be /app/data/env.sh and I have fixed up the postinstall for the next package version now.

For the role value, the id from the browser URL bar is indeed the correct ID, this only applies to first time login

Fuko

@nebulon Thanks for the clarification and patch! I appreciate you looking into this.

joseph

Just a heads up: the directus package is using OIDC and not LDAP

osobo

@nebulon Thank you for the clarification but I'm still confused regarding roles id.
I understand there are 4 main key build-in roles in Directus (Admin, Editors, Viewer and Public).
For instance if I want all Cloudron's users (except the Admin that has logged first) to be given by default the build-in role "Viewer" in Directus what role id should I use in AUTH_LDAP_DEFAULT_ROLE_ID=<id of role>? Thank you for your support

nebulon

At least in a fresh installation I cannot see those roles you refer to in the UI. So I also don't know where to get the ID or if those even exist or if those are just some convention.

osobo

@nebulon Thanks. No they don't exist by default. You start with only Admin and Public ones and have to create the other roles you need, along with their related policies, with or without Admin rights. So ultimately you got a custom id role for each new role created.

I've then edited the env.sh and add export AUTH_LDAP_DEFAULT_ROLE_ID=<id of new role without Admin rights> but whenever I log a new Cloudron user it still inherits the Admin rights by default..

nebulon

OH! only now I realized the hint from @joseph about LDAP. So the env variable now has to beAUTH_CLOUDRON_DEFAULT_ROLE_ID

The app uses AUTH_<provider>_... schema for those variables and we have switched over from LDAP to a custom Cloudron OIDC provider.

osobo

@nebulon said in First time setup/Admin notes show incorrect + LDAP default role not functioning:

AUTH_CLOUDRON_DEFAULT_ROLE_ID

Thanks a lot. It works ! I really like this app. The UI is neat (dark mode from the start !) and it has a lot of potential. Let's try to develop something with it.
Best wishes

nebulon

Also fixed up the docs at https://docs.cloudron.io/apps/directus/ then