Mattermost LDAP authentication module

to awaken a dead topic.

i saw this ikoula/Mattermost-LDAP: This module provides an external LDAP authentication in Mattermost for the Team Edition (free). (github.com)

can it not be adopted somehow to get nethserver ldap working with matermost?

just curious

1 Like

That collides a bit with the intent of the developer of Mattermost. IDK if this could be considered fair…

It seems a quite dead project. We need something supported by upstream.

well since there is no project mattermost ldap project thats supported, coulnt it be adopted. i beleive Neth has experience working and dealing with ldap.

will look around for any relevant projects.

mattermost is released as open source, so anyone can fork it, and do anything they would like to do with it, including adding functions not intended by original dev team, so long as you have the means.

Actually this seems to be the official version, of the module Crivaledaz/Mattermost-LDAP: This module provides an external LDAP authentication in Mattermost for the Team Edition (free). (github.com)

Easy, download and install it on a VM, if you need this…

If you’re not interested in spending your time for a project you’re interested in,
why expect someone else in this forum to do your work for you?

My 2 cents
Andy

1 Like

@oneitonitram I can agree, but currently you don’t know if the LDAP support is already part of the community (MIT License) or the other license used for Enterprise Edition.
Moreover, Mattermost could easily try to put roadblocks into code for not allowing LDAP plugins.
They are using OpenSource as Marketing Resource for spreading the product? Yes. But it’s still “their” product.
And 120$ par user/year is not cheap, i know. But still cheaper than Slack Business+, and far more than Microsoft 365 Business Basic. (Sharepoint + Exchange + OneDrive + Teams)
And without LDAP, you’re getting at no cost and thanks to NethServer on a single click, with a nice script for importing users already into LDAP db.

that part, based on the provided instructions should not be hard to follow through. i was simply mentioning a hypothetical case of having a builtin implementation of the same, since mattermost is an official module of NethServer, and there is a means to actually implement Ldap.
since that means is through GitLab, which is not supported on nethserver, its getting a clever implementation of the same.

if they are to implement roadblock, then they would or should completely remove ldap Support with gitlab, and i am very sure that decision will not go well with the community.

refer to Microsoft Dotnet fiasco this week.

I used the term “roadblock” not for nothing. It’s enough a digital signage check from the plugin to the code to shut the door.

That does not mean that this could not run into… “feedback” as Microsoft poster named it. Also as RedArmonkHat received “feedback” for some licensing decisions few months ago.

Sometimes a company decide to cut the rope… So feedback will happen. Pissing the company off maybe could start the plan earlier, with more anger or more evilness.

I don’t see how it could be otherwise. You release a F/OSS project, you’re explicitly allowing others to do with it whatever’s compatible with its license. And if you think you’re going to lock some desirable features behind a paywall, it’s absolutely fair game for someone else to implement them. And if you then take active steps to block what that “someone else” is doing, you’re treading on very thin ice.

1 Like

And this prevent the sponsor/owner of the project on behaving like it wants… exactly how?
IDK, @danb35, don’t you remember CentOS 8 sudden death from RedArmonkHat?

1 Like

yap. there are two masisvely great open source projects, proxmox and truenas. for someone who really needs support and ent features they will pay.

for others, well just go ahead and use it. and its also made the projects a success.

no need to force, just provide something compelling and youll be paid for it.

Mmm this one seems a live project.
It could be promising as an experimental addiction.
Did you have time to get it a try?

am having a major DNS issues on my servers, but once resolved ill try this one.

You mean the project that’s now pretty much irrelevant, has been replaced by at least two community distros (Rocky and Alma), and has a very strong parallel with a third (Oracle)? Yes, I remember–but I think that favors my position rather than yours.

i wrote an issue to inquire if the project is active and i received a response as shown here

viability · Issue #81 · Crivaledaz/Mattermost-LDAP (github.com)

so the project works as per them, ill attempt to install the same with matttermost and report instructions or challenges that we might face along the way.

the Docker compose file details are listed here: Mattermost-LDAP/docker-compose.yaml at master · Crivaledaz/Mattermost-LDAP (github.com)

Hopefully, if we can get it working, then we can have a module that installs together with Nethserver mattermost that will be automatically installed and configured.

As stated on the reponse, the desktop version has some slight issues with authenticating with ldap this way, Auth fails with Mattermost Desktop 4.7.0 with “Prevented desktop from navigating to” · Issue #80 · Crivaledaz/Mattermost-LDAP (github.com)

there is though a workaround that can be applied, and in our case the module could implement that workaround altogether during install.

Workaround

I was able to work around this by rewriting index.php to look like one of the approved custom login url strings:

  • Enabling .htaccess in apache, eg:

<Directory /var/www/html/oauth> AllowOverride All

  • Added to .htaccess :

RewriteEngine on RewriteRule ^access_token$ index.php [L] allow from all

  • Changed index.php line 33 to header('Location: access_token');