Directus with LDAP or SSO auth
-
Hi there, are there any plans to add LDAP or other means of SSO authentication to the current package? It seems to be supported, but LDAP is not activated in the manifest
-
@girish I tried repacking it with LDAP earlier today and wasted quite some time, because of "Unexpected Errors". But there's an already merged PR that that will come with the next release, maybe that fixes the issue.
For reference, this is what I added to my env file, at least the LDAP tab shows up, but it wouldn't let me in:
export LOG_LEVEL="trace" export AUTH_PROVIDERS="ldap" # AUTH_DISABLE_DEFAULT="true" export AUTH_LDAP_DRIVER="ldap" export AUTH_LDAP_CLIENT_URL="ldap://172.18.0.1:3002" export AUTH_LDAP_BIND_DN="cn=...,ou=apps,dc=cloudron" export AUTH_LDAP_BIND_PASSWORD="superlongpwd" export AUTH_LDAP_USER_DN="ou=users,dc=cloudron" export AUTH_LDAP_GROUP_DN="ou=groups,dc=cloudron"
Leaving AUTH_LDAP_BIND_DN and AUTH_LDAP_BIND_PASSWORD empty resulted in the same
[Error]: Invalid provider config
from the PR, but maybe I'm missing something else. -
I was able to get login to work but users are created with no roles . There is a discussion here - https://github.com/directus/directus/discussions/9854
I used the following settings:
export AUTH_PROVIDERS="ldap" export AUTH_DISABLE_DEFAULT="true" export AUTH_LDAP_DRIVER="ldap" export AUTH_LDAP_CLIENT_URL="${CLOUDRON_LDAP_URL}" export AUTH_LDAP_BIND_DN="${CLOUDRON_LDAP_BIND_DN}" export AUTH_LDAP_BIND_PASSWORD="${CLOUDRON_LDAP_BIND_PASSWORD}" export AUTH_LDAP_USER_DN="${CLOUDRON_LDAP_USERS_BASE_DN}" export AUTH_LDAP_USER_ATTRIBUTE=username
Had to patch our ldap server a bit with:
gServer.search('ou=apps,dc=cloudron', function(req, res /*, next */) { const obj = { dn: dn.toString(), }; finalSend([obj], req, res, next); });
-
-
-
@girish they just added SAML support in one of their last releases, any chance you could check again if LDAP works as well? Maybe with
DEFAULT_ROLE_ID
orAUTH_LDAP_GROUP_DN
? I don't remember seeing that the last time I checked this page. -
@msbt tried this again and it crashes.
21:41:35 - [20:41:34] ERROR (146 on 6278be82-2fa6-460d-bbbe-93a0b7594d5e): name (string) required 21:41:35 - err: { 21:41:35 - "type": "TypeError", 21:41:35 - "message": "name (string) required", 21:41:35 - "stack": 21:41:35 - TypeError: name (string) required 21:41:35 - at Object.parse (/app/code/node_modules/ldapjs/lib/dn.js:158:43) 21:41:35 - at ensureDN (/app/code/node_modules/ldapjs/lib/client/client.js:85:15) 21:41:35 - at Client.search (/app/code/node_modules/ldapjs/lib/client/client.js:596:18) 21:41:35 - at /app/code/node_modules/directus/dist/auth/drivers/ldap.js:71:29 21:41:35 - at new Promise (<anonymous>) 21:41:35 - at LDAPAuthDriver.validateBindClient (/app/code/node_modules/directus/dist/auth/drivers/ldap.js:69:16) 21:41:35 - at LDAPAuthDriver.getUserID (/app/code/node_modules/directus/dist/auth/drivers/ldap.js:185:20) 21:41:35 - at AuthenticationService.login (/app/code/node_modules/directus/dist/services/authentication.js:45:37) 21:41:35 - at /app/code/node_modules/directus/dist/auth/drivers/ldap.js:317:84 21:41:35 - at /app/code/node_modules/directus/dist/utils/async-handler.js:3:66 21:41:35 - }
Have to debug.
-
3/12