Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Dolibarr
  3. unusual ldap / user workflow

unusual ldap / user workflow

Scheduled Pinned Locked Moved Dolibarr
ldap
12 Posts 6 Posters 2.2k Views 6 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • luckowL Offline
      luckowL Offline
      luckow
      translator
      wrote on last edited by girish
      #1

      What is the reason to login as an admin, select ldap users from a dropdown and add them to the userbase in dolibarr? Without that workflow it isn't possible to login as an allowed user (from the cloudron app/dashboard perspective).

      Tested with a fresh installation.

      Pronouns: he/him | Primary language: German

      1 Reply Last reply
      3
      • robiR Offline
        robiR Offline
        robi
        wrote on last edited by
        #2

        Apparently in the LDAP Setup > Global parameteres > LDAP synchronisation module, LDAP-Dolibarr sync isn't working.

        Testing the LDAP connection:

         TCP connect to LDAP server successful (Server=172.18.0.1, Port=3002)
         No administrator or password provided. LDAP access will be anonymous and in read only mode.
         LDAP server configured for version 3
        

        Conscious tech

        1 Reply Last reply
        0
        • girishG Do not disturb
          girishG Do not disturb
          girish
          Staff
          wrote on last edited by
          #3

          I think @erics is on vacation and he will fix things up when he is back.

          E 1 Reply Last reply
          0
          • girishG girish

            I think @erics is on vacation and he will fix things up when he is back.

            E Offline
            E Offline
            erics
            App Dev
            wrote on last edited by erics
            #4

            @girish @robi and @luckow sorry for the delay, vacation was sooooo goood i want to stay on hollidays πŸ’¨

            So, now i'm back and i will have a look to LDAP, thanks for your tests and reports !

            BrutalBirdieB 1 Reply Last reply
            3
            • E erics

              @girish @robi and @luckow sorry for the delay, vacation was sooooo goood i want to stay on hollidays πŸ’¨

              So, now i'm back and i will have a look to LDAP, thanks for your tests and reports !

              BrutalBirdieB Offline
              BrutalBirdieB Offline
              BrutalBirdie
              Partner
              wrote on last edited by
              #5

              @erics hope you had a great and refreshing vacation!
              Welcome back πŸ’™

              Like my work? Consider donating a drink. Cheers!

              E 1 Reply Last reply
              0
              • E Offline
                E Offline
                erics
                App Dev
                wrote on last edited by
                #6

                Hello,
                LDAP preconfiguration is now ok, could you please make some tests ?
                Thanks

                luckowL 1 Reply Last reply
                3
                • BrutalBirdieB BrutalBirdie

                  @erics hope you had a great and refreshing vacation!
                  Welcome back πŸ’™

                  E Offline
                  E Offline
                  erics
                  App Dev
                  wrote on last edited by
                  #7

                  @brutalbirdie thanks πŸ™‚

                  1 Reply Last reply
                  0
                  • E erics

                    Hello,
                    LDAP preconfiguration is now ok, could you please make some tests ?
                    Thanks

                    luckowL Offline
                    luckowL Offline
                    luckow
                    translator
                    wrote on last edited by
                    #8

                    @erics the two form fields Administrator DN and Administrator password on global parameters are not prefilled with the values from the env.
                    That's why you get a

                     TCP connect to LDAP server successful (Server=172.18.0.1, Port=3002)
                     No administrator or password provided. LDAP access will be anonymous and in read only mode.
                     LDAP server configured for version 3
                    

                    instead of a

                    TCP connect to LDAP server successful (Server=172.18.0.1, Port=3002)
                    Connect/Authenticate to LDAP server successful (Server=172.18.0.1, Port=3002, Admin=cn=LONGID,ou=apps,dc=cloudron, Password=*****)
                    LDAP server configured for version 3
                    

                    if you fill in the values manually. But to be fair, I do not know if this is really necessary πŸ˜‰

                    On the Groups tab, there is a wrong value in Groups' DN. The current value is

                    ou=groups,dc=example,dc=com
                    

                    the correct value has to be

                    ou=groups,dc=cloudron
                    

                    Same with above. I don't know if Cloudron LDAP promotes the groups to Dolibarr. IMHO not.

                    Ups. In the tab Users in the LDAP Mapping you put in a wrong mapping at the Name. It's not displayName it has to be sn That why last name is the value of first and last name in one field.

                    369f5fad-be0d-4160-b4be-c040e5a8dc3b-image.png

                    Pronouns: he/him | Primary language: German

                    E 1 Reply Last reply
                    0
                    • luckowL luckow

                      @erics the two form fields Administrator DN and Administrator password on global parameters are not prefilled with the values from the env.
                      That's why you get a

                       TCP connect to LDAP server successful (Server=172.18.0.1, Port=3002)
                       No administrator or password provided. LDAP access will be anonymous and in read only mode.
                       LDAP server configured for version 3
                      

                      instead of a

                      TCP connect to LDAP server successful (Server=172.18.0.1, Port=3002)
                      Connect/Authenticate to LDAP server successful (Server=172.18.0.1, Port=3002, Admin=cn=LONGID,ou=apps,dc=cloudron, Password=*****)
                      LDAP server configured for version 3
                      

                      if you fill in the values manually. But to be fair, I do not know if this is really necessary πŸ˜‰

                      On the Groups tab, there is a wrong value in Groups' DN. The current value is

                      ou=groups,dc=example,dc=com
                      

                      the correct value has to be

                      ou=groups,dc=cloudron
                      

                      Same with above. I don't know if Cloudron LDAP promotes the groups to Dolibarr. IMHO not.

                      Ups. In the tab Users in the LDAP Mapping you put in a wrong mapping at the Name. It's not displayName it has to be sn That why last name is the value of first and last name in one field.

                      369f5fad-be0d-4160-b4be-c040e5a8dc3b-image.png

                      E Offline
                      E Offline
                      erics
                      App Dev
                      wrote on last edited by
                      #9

                      @luckow said in unusual ldap / user workflow:

                      Administrator DN and Administrator password

                      Hello @luckow

                      at first : thanks a lot for all your tests !!!

                      Then, for Admin DN and pass are from env parameters from cloudron world so we don't put it in dolibarr config files and don't store it (good idea in case of backup then restore dolibarr in an other cloudron server).

                      But for group and users mapping i think i made a mistake, really thank you, i will make some updates as soon as possible.

                      Γ‰ric

                      E 1 Reply Last reply
                      1
                      • E erics

                        @luckow said in unusual ldap / user workflow:

                        Administrator DN and Administrator password

                        Hello @luckow

                        at first : thanks a lot for all your tests !!!

                        Then, for Admin DN and pass are from env parameters from cloudron world so we don't put it in dolibarr config files and don't store it (good idea in case of backup then restore dolibarr in an other cloudron server).

                        But for group and users mapping i think i made a mistake, really thank you, i will make some updates as soon as possible.

                        Γ‰ric

                        E Offline
                        E Offline
                        erics
                        App Dev
                        wrote on last edited by
                        #10

                        @girish or @nebulon what about LDAP group mapping ?

                        there is no informations about that on documentation (https://docs.cloudron.io/custom-apps/addons/#ldap)

                        so could you please help me ? thanks

                        11fc49aa-e7c3-423b-ba02-b3088b5e4966-image.png

                        Γ‰ric

                        1 Reply Last reply
                        1
                        • nebulonN Offline
                          nebulonN Offline
                          nebulon
                          Staff
                          wrote on last edited by
                          #11

                          Generally groups within apps and Cloudron groups should not be mixed. We found that they usually have different meanings.

                          The ldap server only exposes two groups and that is only a workaround for apps which need to find admins (which we are not sure if that is even a good idea). So there is an LDAP group for Cloudron admins and one for other users.

                          To summarize this, do not configure LDAP groups in the app πŸ™‚

                          E 1 Reply Last reply
                          3
                          • nebulonN nebulon

                            Generally groups within apps and Cloudron groups should not be mixed. We found that they usually have different meanings.

                            The ldap server only exposes two groups and that is only a workaround for apps which need to find admins (which we are not sure if that is even a good idea). So there is an LDAP group for Cloudron admins and one for other users.

                            To summarize this, do not configure LDAP groups in the app πŸ™‚

                            E Offline
                            E Offline
                            erics
                            App Dev
                            wrote on last edited by
                            #12

                            @nebulon nice i like this sort of reply πŸ™‚

                            1 Reply Last reply
                            1
                            Reply
                            • Reply as topic
                            Log in to reply
                            • Oldest to Newest
                            • Newest to Oldest
                            • Most Votes


                              • Login

                              • Don't have an account? Register

                              • Login or register to search.
                              • First post
                                Last post
                              0
                              • Categories
                              • Recent
                              • Tags
                              • Popular
                              • Bookmarks
                              • Search