HashiCorp Vault
-
@ultraviolet yes, that is the workaround I am using at the moment as well.
-
@ultraviolet do you have ldap working already?
You had the ldap script missing (not added with
git add
) so I tried my own, but even after config has completed I cannot login and only getAuthentication failed: ldap operation failed: unable to retrieve user bind DN
-
@fbartels I did try to get ldap going, the issue doing it automatically during install is you need to unseal and login to the vault before you can enable the LDAP. Which is hard when the login info is in a text file I am sure it is possible but my knowledge is a bit limited on that, plus it might not be idempotent.
When I tried it manually it gave me that exact error I am still checking to see what the issue might be but I have kind of drawn a blank at the moment. Will take a fresh look later this week when I get a bit of time.
-
@ultraviolet https://github.com/euanmcgregor/vault-cloudron/pull/2 fixes the mlock issue
-
thanks both, I have never had a pull request before!! I am just looking at them now.
-
@ultraviolet I managed to get ldap login working. In the end I needed to change the lookup attribute (it weird that you can configure a search filter for groups, but not for users).
Change is in https://github.com/euanmcgregor/vault-cloudron/pull/4
Edit: OIDC login is not yet working btw.
-
@fbartels awesome stuff on the LDAP.
I have made a few more tweaks with permissions and I have merged your request too. I have also removed the initial init for the vault. It is now done via the GUI which I like better because there are no keys being added to the container plus the user experience is a bit nicer. I have still kept the logic in in case someone wants to automate it.
-
@ultraviolet I think it will be a great addition to the store. Are you able to add a license file to the package? Like https://git.cloudron.io/cloudron/pixelfed-app/-/blob/master/LICENSE (MIT). You can change copyright to be yours.
Once you do that, I can fix it up and get it published.
@fbartels @ultraviolet How does the LDAP login work ? I don't see ldap-config.sh called from anywhere.
-
I have now published this as unstable! Thanks @ultraviolet . The repo is at https://git.cloudron.io/cloudron/vault-app and you should have push access already. I am writing tests before marking it as stable.