Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Directus
  3. Directus with LDAP or SSO auth

Directus with LDAP or SSO auth

Scheduled Pinned Locked Moved Directus
ldapauthdirectus
12 Posts 2 Posters 2.5k Views 2 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      M Offline
      msbt
      App Dev
      wrote on last edited by msbt
      #1

      Hi there, are there any plans to add LDAP or other means of SSO authentication to the current package? It seems to be supported, but LDAP is not activated in the manifest

      girishG 1 Reply Last reply
      2
      • M msbt

        Hi there, are there any plans to add LDAP or other means of SSO authentication to the current package? It seems to be supported, but LDAP is not activated in the manifest

        girishG Do not disturb
        girishG Do not disturb
        girish
        Staff
        wrote on last edited by
        #2

        @msbt Great find! I wasn't aware it supported LDAP.

        M 1 Reply Last reply
        2
        • girishG girish

          @msbt Great find! I wasn't aware it supported LDAP.

          M Offline
          M Offline
          msbt
          App Dev
          wrote on last edited by msbt
          #3

          @girish I tried repacking it with LDAP earlier today and wasted quite some time, because of "Unexpected Errors". But there's an already merged PR that that will come with the next release, maybe that fixes the issue.

          For reference, this is what I added to my env file, at least the LDAP tab shows up, but it wouldn't let me in:

          export LOG_LEVEL="trace"
          
          export AUTH_PROVIDERS="ldap"
          # AUTH_DISABLE_DEFAULT="true"
          
          export AUTH_LDAP_DRIVER="ldap"
          export AUTH_LDAP_CLIENT_URL="ldap://172.18.0.1:3002"
          export AUTH_LDAP_BIND_DN="cn=...,ou=apps,dc=cloudron"
          export AUTH_LDAP_BIND_PASSWORD="superlongpwd"
          export AUTH_LDAP_USER_DN="ou=users,dc=cloudron"
          export AUTH_LDAP_GROUP_DN="ou=groups,dc=cloudron"
          

          Leaving AUTH_LDAP_BIND_DN and AUTH_LDAP_BIND_PASSWORD empty resulted in the same [Error]: Invalid provider config from the PR, but maybe I'm missing something else.

          1 Reply Last reply
          3
          • girishG Do not disturb
            girishG Do not disturb
            girish
            Staff
            wrote on last edited by
            #4

            I was able to get login to work but users are created with no roles . There is a discussion here - https://github.com/directus/directus/discussions/9854

            I used the following settings:

            export AUTH_PROVIDERS="ldap"
            export AUTH_DISABLE_DEFAULT="true"
            
            export AUTH_LDAP_DRIVER="ldap"
            export AUTH_LDAP_CLIENT_URL="${CLOUDRON_LDAP_URL}"
            export AUTH_LDAP_BIND_DN="${CLOUDRON_LDAP_BIND_DN}"
            export AUTH_LDAP_BIND_PASSWORD="${CLOUDRON_LDAP_BIND_PASSWORD}"
            export AUTH_LDAP_USER_DN="${CLOUDRON_LDAP_USERS_BASE_DN}"
            export AUTH_LDAP_USER_ATTRIBUTE=username
            

            Had to patch our ldap server a bit with:

                gServer.search('ou=apps,dc=cloudron', function(req, res /*, next */) {
                    const obj = {
                        dn: dn.toString(),
                    };
                        finalSend([obj], req, res, next);
                });
            
            M 2 Replies Last reply
            3
            • girishG girish

              I was able to get login to work but users are created with no roles . There is a discussion here - https://github.com/directus/directus/discussions/9854

              I used the following settings:

              export AUTH_PROVIDERS="ldap"
              export AUTH_DISABLE_DEFAULT="true"
              
              export AUTH_LDAP_DRIVER="ldap"
              export AUTH_LDAP_CLIENT_URL="${CLOUDRON_LDAP_URL}"
              export AUTH_LDAP_BIND_DN="${CLOUDRON_LDAP_BIND_DN}"
              export AUTH_LDAP_BIND_PASSWORD="${CLOUDRON_LDAP_BIND_PASSWORD}"
              export AUTH_LDAP_USER_DN="${CLOUDRON_LDAP_USERS_BASE_DN}"
              export AUTH_LDAP_USER_ATTRIBUTE=username
              

              Had to patch our ldap server a bit with:

                  gServer.search('ou=apps,dc=cloudron', function(req, res /*, next */) {
                      const obj = {
                          dn: dn.toString(),
                      };
                          finalSend([obj], req, res, next);
                  });
              
              M Offline
              M Offline
              msbt
              App Dev
              wrote on last edited by
              #5

              @girish nice one! I was about to say, I could swear I tried with AUTH_LDAP_USER_ATTRIBUTE=username as well 😄

              M 1 Reply Last reply
              1
              • M msbt

                @girish nice one! I was about to say, I could swear I tried with AUTH_LDAP_USER_ATTRIBUTE=username as well 😄

                M Offline
                M Offline
                msbt
                App Dev
                wrote on last edited by
                #6

                @girish what's the status on this, won't it work properly even with the patched LDAP server?

                1 Reply Last reply
                0
                • girishG girish

                  I was able to get login to work but users are created with no roles . There is a discussion here - https://github.com/directus/directus/discussions/9854

                  I used the following settings:

                  export AUTH_PROVIDERS="ldap"
                  export AUTH_DISABLE_DEFAULT="true"
                  
                  export AUTH_LDAP_DRIVER="ldap"
                  export AUTH_LDAP_CLIENT_URL="${CLOUDRON_LDAP_URL}"
                  export AUTH_LDAP_BIND_DN="${CLOUDRON_LDAP_BIND_DN}"
                  export AUTH_LDAP_BIND_PASSWORD="${CLOUDRON_LDAP_BIND_PASSWORD}"
                  export AUTH_LDAP_USER_DN="${CLOUDRON_LDAP_USERS_BASE_DN}"
                  export AUTH_LDAP_USER_ATTRIBUTE=username
                  

                  Had to patch our ldap server a bit with:

                      gServer.search('ou=apps,dc=cloudron', function(req, res /*, next */) {
                          const obj = {
                              dn: dn.toString(),
                          };
                              finalSend([obj], req, res, next);
                      });
                  
                  M Offline
                  M Offline
                  msbt
                  App Dev
                  wrote on last edited by
                  #7

                  @girish they just added SAML support in one of their last releases, any chance you could check again if LDAP works as well? Maybe with DEFAULT_ROLE_ID or AUTH_LDAP_GROUP_DN? I don't remember seeing that the last time I checked this page.

                  091995f3-cbbf-4ffe-8f37-6844c501d86f-grafik.png

                  girishG 2 Replies Last reply
                  1
                  • M msbt

                    @girish they just added SAML support in one of their last releases, any chance you could check again if LDAP works as well? Maybe with DEFAULT_ROLE_ID or AUTH_LDAP_GROUP_DN? I don't remember seeing that the last time I checked this page.

                    091995f3-cbbf-4ffe-8f37-6844c501d86f-grafik.png

                    girishG Do not disturb
                    girishG Do not disturb
                    girish
                    Staff
                    wrote on last edited by
                    #8

                    @msbt tried this again and it crashes.

                    21:41:35 - [20:41:34] ERROR (146 on 6278be82-2fa6-460d-bbbe-93a0b7594d5e): name (string) required
                    21:41:35 - err: {
                    21:41:35 - "type": "TypeError",
                    21:41:35 - "message": "name (string) required",
                    21:41:35 - "stack":
                    21:41:35 - TypeError: name (string) required
                    21:41:35 - at Object.parse (/app/code/node_modules/ldapjs/lib/dn.js:158:43)
                    21:41:35 - at ensureDN (/app/code/node_modules/ldapjs/lib/client/client.js:85:15)
                    21:41:35 - at Client.search (/app/code/node_modules/ldapjs/lib/client/client.js:596:18)
                    21:41:35 - at /app/code/node_modules/directus/dist/auth/drivers/ldap.js:71:29
                    21:41:35 - at new Promise (<anonymous>)
                    21:41:35 - at LDAPAuthDriver.validateBindClient (/app/code/node_modules/directus/dist/auth/drivers/ldap.js:69:16)
                    21:41:35 - at LDAPAuthDriver.getUserID (/app/code/node_modules/directus/dist/auth/drivers/ldap.js:185:20)
                    21:41:35 - at AuthenticationService.login (/app/code/node_modules/directus/dist/services/authentication.js:45:37)
                    21:41:35 - at /app/code/node_modules/directus/dist/auth/drivers/ldap.js:317:84
                    21:41:35 - at /app/code/node_modules/directus/dist/utils/async-handler.js:3:66
                    21:41:35 - }
                    
                    

                    Have to debug.

                    1 Reply Last reply
                    1
                    • M msbt

                      @girish they just added SAML support in one of their last releases, any chance you could check again if LDAP works as well? Maybe with DEFAULT_ROLE_ID or AUTH_LDAP_GROUP_DN? I don't remember seeing that the last time I checked this page.

                      091995f3-cbbf-4ffe-8f37-6844c501d86f-grafik.png

                      girishG Do not disturb
                      girishG Do not disturb
                      girish
                      Staff
                      wrote on last edited by
                      #9

                      @msbt I pushed a new package with LDAP.

                      M 1 Reply Last reply
                      1
                      • girishG girish

                        @msbt I pushed a new package with LDAP.

                        M Offline
                        M Offline
                        msbt
                        App Dev
                        wrote on last edited by
                        #10

                        @girish ohhh very nice! appreciate the effort, going to check it out asap 😄

                        girishG 1 Reply Last reply
                        0
                        • M msbt

                          @girish ohhh very nice! appreciate the effort, going to check it out asap 😄

                          girishG Do not disturb
                          girishG Do not disturb
                          girish
                          Staff
                          wrote on last edited by
                          #11

                          @msbt See https://docs.cloudron.io/apps/directus/#cloudron-directory as well

                          M 1 Reply Last reply
                          1
                          • girishG girish

                            @msbt See https://docs.cloudron.io/apps/directus/#cloudron-directory as well

                            M Offline
                            M Offline
                            msbt
                            App Dev
                            wrote on last edited by
                            #12

                            @girish happy to report that this is working like a charm, thanks a lot!

                            1 Reply Last reply
                            0
                            Reply
                            • Reply as topic
                            Log in to reply
                            • Oldest to Newest
                            • Newest to Oldest
                            • Most Votes


                              • Login

                              • Don't have an account? Register

                              • Login or register to search.
                              • First post
                                Last post
                              0
                              • Categories
                              • Recent
                              • Tags
                              • Popular
                              • Bookmarks
                              • Search