After the next release (4.0), LDAP, SAML, and Custom Oauth will be available only in Enterprise Edition and Gold plan

marcusquinn

Please notice that after the next release (4.0) advanced functionalities of LDAP, SAML, and Custom Oauth will be available only in Enterprise Edition and Gold plan. Check the official announcement for more info: https://go.rocket.chat/i/authentication-changes

A bit rude

fbartels

was about to post about this here as well.

The community edition LDAP feature will allow workspaces to connect to an LDAP server and sync user names and identifiers, but additional capabilities such as syncing extended user attributes, managing group & team assignments and background synchronization will require an enterprise license. Here’s a full description of the feature set available with each edition and an FAQ.

Edit: the biggest limitation seems to be that you can no longer filter which users are supposed to be able to login. A strange (but probably investor driven) decision.

marcusquinn

@fbartels Very frustrating, as we invest a lot of time in setups and feedback to help apps improve to justify charges.

I just loath all per-user costing, as it's just not relative when all organisations are so different in their needs.

Wondering what the community reaction will be now, maybe forking, restoring features as community extensions, who knows now, their respect for our need to plan has just gone out of the window...

bubonicfred

@fbartels
blah, we'll see how this affects us,
rocket.chat has been annoying us for some time, simple bugs slipping through, poor overall development.

A fair number of apps that only support LDAP in paid versions, especially when that the only feature that we would be missing is fairly annoying. Mattermost springs to mind, though they do have oauth.

bubonicfred

@marcusquinn Ah, just noticed this is the changelog for 3.17.0
Collect data about LDAP, SAML, CAS and OAuth usage. (#22719)

marcusquinn

@bubonicfred Hmmm, sounds like the decisions are made and then the data is sought to justify them.

I'm OK with paying for things - just not per-user, it's artificial limitations that do not consider their side-effects from then distorting decisions that should be purely based on what is most energy efficient.

It's not like the community charges per bug write-up — that they would otherwise have to employ more QC testers for.

timconsidine

@marcusquinn said in After the next release (4.0), LDAP, SAML, and Custom Oauth will be available only in Enterprise Edition and Gold plan:

distorting decisions that should be purely based on what is most energy efficient.

It's eff-ing investors .... again.
Especially the ones who know diddly-squat about IT and even less about community support.

It's not like the community charges per bug write-up

Now there's an idea for effective community push-back.

marcusquinn

@timconsidine Just annoying that we put a lot of time into these Apps, and rely on LDAP because it's not Active Directory.

By all means charge for integrations to other proprietary choices, but not for the open alternative!

luckow

Overall. That.is.not.true.

It is important to note that, [...] Rocket.Chat will still be the only major open source communications platform to include any LDAP feature in its community edition.

girish

@luckow So LDAP syncing will go away I think but normal LDAP login will work?

luckow

Taken from here "Basic LDAP Login" https://docs.rocket.chat/guides/administration/administration/settings/ldap IMHO that is what the Cloudron app needs. But "the only major open source communication" doesn't realize that Matrix/Element is another major open source solution that supports LDAP. Next Nextcloud. And we have another pile of oss communication tools around the corner. Bla bla marketing. That's cheeky.

marcusquinn

Who knows At least forewarned. Will have to have a think about it all nearer the time, see if they are negotiable too.

marcusquinn

And now the Sales Rep support outreach ransom demands begin:

marcusquinn

Well, this is gonna be fun - feel free to add your points to the debate to help keep them informed:

robi

I happen to know the founders of RC, and can pass on this thread if desired.

marcusquinn

@robi Sure, thank you kindly. It's a nice product and ambition... Until this little faux pas.

LDAP is the most viable open-source antidote to Active Directory.

I agree that Enterprise needs are fair-game for encouraging support retainers, but IMHO they seem to have got this one wrong.

Please anyone, correct me if I'm wrong, I'm sure they all work hard and do great things. We all do though.

Let's hope they see some sense and keep open-source for the open-standards — and the line in the sand for those things that enterprises are already buying into.

Community goes both ways, and I'd rather see the energy keep flowing towards improving the product than micro-managing licences and artificial limitations.

I mean, it's almost more effort to make this change than not

bubonicfred

@marcusquinn The only reason we're using RC is that there doesn't seem to be a cloudron alternative (chat or forum) with ldap

sing.li 0

Hi guys,

This is Sing Li from Rocket.Chat -- and thank you @robi for notifying us

There is definitely some misinformation floating around.

First, basic LDAP, SAML, most Oauth and Custom Oauth features will remain available on Community Edition and non-Gold plans. The details of which you can see in this chart - please scroll down to see the details.

Second, we are in the community input / feedback gathering phase for the upcoming changes.

Every Rocket.Chat community member, including all of you, are invited to the open call to community where you can discuss the matterr directly with our leadership.

Thank you for your attention and hope to see you this Friday!

nebulon

@sing-li-0 hi an welcome here!

Thanks for the clarification and the link provided. Looks like this will not affect the Cloudron package in any way as far as I can tell, so we should be good

marcusquinn

@sing-li-0 Welcome and thank you kindly for reaching out from one community to another, it really does help.

Link for anyone missing it in Dark Mode like I almost did:

https://forums.rocket.chat/t/open-call-to-community-re-upcoming-changes-to-identity-management-integrations/12101

I certainly feel it's right for us not to just complain but actively get involved with providing feedback and testing support for all the good work you do, and I look forward to hearing more about your plans and discovery of what works well for all those that care for your good product.

girish

I have pushed an update to 4.0 now. We will roll it out slowly, just to make sure there are no major breakages. The list of LDAP changes are at https://docs.rocket.chat/quick-start/identity-management-ee-vs-ce#ldap3 . Overall, it seems that LDAP filter, basic sync etc are all there in CE.