Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Adding ldap add-on to Cloudron manifest

    App Packaging & Development
    5
    9
    191
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tomw last edited by

      Hello,

      I noticed that adding the ldap add-on to my Cloudron manifest did not have any effect until I uninstalled and reinstalled the app (i.e. after doing a cloudron update, even with a new version number in the manifest, the ldap environment variables remained unset and the Cloudron UI also still stated that the app still did its own user management).

      I'm not sure if this is the intended behaviour but thought maybe it would be good to note it in the documentation (apologies if it is already there, but I couldn't see it).

      This is a bit of a 'My First App' so nothing that is worthy of consideration for the App Store at the moment, but I will let you know if that changes! 🙂

      Tom

      Lonkle girish 2 Replies Last reply Reply Quote 0
      • Lonkle
        Lonkle @tomw last edited by

        @tomw I feel like this same thing happened to me with my app, I had to do a re-installation when adding that add-on IIRC. Threw me for a loop for awhile.

        1 Reply Last reply Reply Quote 1
        • girish
          girish Staff @tomw last edited by girish

          @tomw Right, if you add or remove an addon, then it will get reflected immediately on cloudron update. However, the LDAP addon alone is a bit special.

          At install time, Cloudron keeps track of whether an app was installed with or without "sso" i.e cloudron user management. This flag cannot be changed later. It's this way because we just wanted to keep it simple when we started. It was unclear back then what's supposed to happen if an app was installed with sso initially and then later the user removed it. ie. What happens to existing users? In some apps, admin user might need to be created explicitly because they don't support LDAP and local db login simultaneously etc. There is no mechanism at the moment for an app package to adapt dynamically to LDAP addition and removal. Currently, it detects if LDAP is enabled or not using the CLOUDRON_LDAP_* env vars existence.

          Anyway, that was the long reason for the behavior you saw 🙂 Because the app had no ldap at install time, we set sso to false for the app. Any later update has no effect since this flag will always be false for the life time of the app. Thus those variables never appear.

          robi 1 Reply Last reply Reply Quote 1
          • robi
            robi @girish last edited by

            @girish sounds like it would be useful to be able to clone a live app changing some of these parameters w/o having to reinstall from scratch.

            Life of Gratitude.
            Life of Advanced Technology

            mehdi 1 Reply Last reply Reply Quote 0
            • mehdi
              mehdi App Dev @robi last edited by

              @robi Defining the behaviour to have in this case is non-trivial. When you don't have SSO and enable it, it could just keep both non-LDAP users, and LDAP users, but what if there is a conflict on the username ? And when you do have SSO and disable it, you probably won't have any valid user left.

              In any case, I think having this single parameter impossible to change after app install is quite acceptable, in order to avoid dealing with this kind of headache ^^ Especially with the support overhead it will create.

              However, it most definitely does deserve a note in the LDAP addon doc

              robi Lonkle 2 Replies Last reply Reply Quote 1
              • robi
                robi @mehdi last edited by

                @mehdi point taken.. but each failure case can be handled by making sure there's a documented admin user left to continue with access & config.

                Life of Gratitude.
                Life of Advanced Technology

                1 Reply Last reply Reply Quote 0
                • Lonkle
                  Lonkle @mehdi last edited by

                  @mehdi said in Adding ldap add-on to Cloudron manifest:

                  However, it most definitely does deserve a note in the LDAP addon doc

                  This! I'm totally fine with it only allowed to be set during install, but if what @girish just explained had been in the Cloudron docs I was using to build my Cloudron OpenVPN Client, it would have saved me an hour or two of debugging why it wasn't working.

                  1 Reply Last reply Reply Quote 1
                  • girish
                    girish Staff last edited by

                    I put a note here - https://docs.cloudron.io/custom-apps/addons/#ldap

                    1 Reply Last reply Reply Quote 2
                    • Lonkle
                      Lonkle last edited by Lonkle

                      Was going through my Open VPN development log (since I'm prepping to make this all a reality in 6.1) being all nostalgic and found out when I ran into this issue, what a funny coincidence: https://forum.cloudron.io/post/16266

                      1 Reply Last reply Reply Quote 1
                      • First post
                        Last post
                      Powered by NodeBB