Add mattermost-ldap configuration for OAuth server #63
Conversation
| after that you have to manually modify the file environment to adjust some variables | ||
|
|
||
| - LDAP_DOMAIN: the userdomain you want to use | ||
| - LDAP_SEARCH: the LDAP attribute ID for login ( openldap: `uid`, AD: `sAMAccountName`) |
There was a problem hiding this comment.
kindly modify this to be this way.
- LDAP_SEARCH: the LDAP attribute ID of the login; for ( openldap:
uid, AD:sAMAccountName)
|
This PR sheds alot of light into implementation of Authentication into alot of solutions that would/do support LDap authentication. i think it can serve as a good reference point on implementing NS8 Ldap to the authentication scheme of the various applications. ofcourse its diferent for each app, but after going through this, alot of questions would be answered and would as well reduce alot of questions your way as core devs. thank @stephdl for the nice comments on the commits, they surely also help. |
…rvice dependencies
stephdl
force-pushed
the
mattermostLDAP
branch
from
08914ee to
785b497
Compare
| stdout_logfile_maxbytes=0 | ||
| stderr_logfile=/dev/stderr | ||
| stderr_logfile_maxbytes=0 | ||
| autorestart=false |
There was a problem hiding this comment.
What happens if a supervised service terminates? I'd expect the container terminates with an exit code, so the systemd unit can restart it.
This behavior is already implement without supervisord and with a simple shell script. For example see Mail. It is documented by https://docs.docker.com/config/containers/multi-service_container/
What are the advantages of using supervisord in this case?
There was a problem hiding this comment.
modern way , it is widely used in the container's world, I will test what happen, if one service stops, for what I know the container stops
There was a problem hiding this comment.
Ok to keep it if terminates as expected. In the future evaluate also the alternative shell implementation: in the same document, supervisord is considered too, as a "more involved" solution https://docs.docker.com/config/containers/multi-service_container/#use-a-process-manager. I agree with that definition!
There was a problem hiding this comment.
should be good, I added an event listener, I bet that nextcloud could get some benefice of it, if php-fpm is killed the container is still up @DavidePrincipi
stephdl
force-pushed
the
mattermostLDAP
branch
2 times, most recently
from
b5b9bee to
ff59f30
Compare
stephdl
force-pushed
the
mattermostLDAP
branch
from
0901bc6 to
c5fc7ce
Compare
stephdl
force-pushed
the
mattermostLDAP
branch
from
9050edc to
5b74914
Compare
- Remove the second FQDN requirement - Configure an additional host + path HTTP route for oauth backend
| command=nginx -g 'daemon off;' | ||
| stdout_logfile=/dev/stdout | ||
| stdout_logfile_maxbytes=0 | ||
| stderr_logfile=/dev/stderr |
There was a problem hiding this comment.
Does this setting work? I see no logs at all from nginx. Whilst it can be considered ok for the stable release, during the development it is something I miss very much. I'd like a DEBUG flag to increase log verbosity...
|
A new SSO feature should replace this feature |
This pull request adds the necessary Docker configuration files for setting up the OAuth server. It includes the Dockerfile for the mattermost-ldap container. Additionally, it adds the oauth files for build images and the necessary network and host configuration to the mattermost.service file.
NethServer/dev#6850
you need to read the readme on how to enable it, by default it is disable