Am having issues setting up
Anyone who can help on how to setup openbao
add-module ghcr.io/geniusdynamics/openbao:latest 1
for those not aware, OpenBao is the opensource community fork of Hashicorp VAult
OpenBao
1 Like
The installation goes smoothly. The same goes for the initial configuration with fqdn and Lets Encrypt certificate. But instructions on how to connect the device to the LDAP of my NS 8 would be very helpful.
Regards…
Uwe
1 Like
@transocean weve not even gotten to the point of being able to login to the platform yet, let alone configuring ldap and SSO, which are all supported actually, and we intend to support all options.
We are stuck at, retriving the initial User credentials, to be able to login, getting slightly lost form their docs abit Documentation | OpenBao
did you succeed to login withbuilint credentials, i know they have to be generated first with
bao operator init
then
then unseal it
bao operator unseal
once unsealed, you can authenticate using the generated root token. This token grants full administrative access.
I can log in here right away with the root token. No need to go through unseal. However, I don’t think it’s not very secure that the root token and the Unseal key can be seen in the system log of the NS 8 application. I’ve got as far as the point where I find a selection menu under Authentication Method and can select LDAP there. However, I can’t get to grips with the multitude of possible settings.
1 Like
Sorry, can you dumb it down for me please(doing many things at one)
What did you do in NS to get the initial Credentisl, to login to UI?
You’re welcome.
If you select the Openbao application in the NS 8 system log, you will see various entries. Among other things, you will find Unseal Key: UnsealKey
And Root Token: RootToken
You can easily log in with the root token.
1 Like
How Did i miss that, thak you, i guess its why there is power in collaboration.
So we can now begin working on other things that might be necessary for the system to work and operate.
Do you have Ideas of some of the things we can directly impelment and Support.
The Entire OpenBAO can be run and managed from NS even, via terminal and robust hooks it provides
1 Like
First and foremost, the account providers used in NS 8 should be reliably integrated.
Would need @mrmarkuz help on this
This can only be seen once, During the Initial installation/configure of the app, and i think should be possible to change them, i guess they are to get you started. Alot of Apps do this, i think
1 Like
I see useful potential in this app if it is consistently developed/modified for NS8. I know very well that you are very hard working and that the result feels good. But perhaps you should proceed according to the principle that less can also be more. What I mean is that fewer apps, but ones that are mature and useful, also offer you added value. It is not always quantity that makes the difference. As examples, I would mention Listmonk, PasswordPusher, 2Fauth and Wallos. These are all apps that I personally find brilliant and that currently work well and are easy to use. You should stay on this path. But that’s just my personal opinion.
Thanks, Alot of Apps i bring onboard are for our internal use(now and future preparedness), as well as those that we feel some of the clients we support might have need for them.
Otherwise we build, because we know the community might benefit from them, or that would bring more community members, i stumbled upon Nethserver because iw as looking for an easy way to deploy Ldap, and some other tools then, its morphed to something more.
When it comes to Application and software Deployment, maintainability and repeatability matters more than anything
So yes, Quality Applications that are production grade, We recently started using alot more keys that we though we would, while we surveyed, and even posted about infisicle before, its beautiful UI, but lacks alot of the things that hashicorp vault offered.
Also, alot of important and critical functions were locked behind a paywall, Since its already available in coolify(which is in NS) and has limitations, Openbao was the best close alternative. We intend to use it more, and support it alot more.
1 Like
@transocean can you update the App, and try adding Ldap provider manually please, then let me know how it goes.
Whatever settings that work or fail, share here for reference…
@mrmarkuz do you think manual config wil work without these
I think it should work without certs but I don’t know.
Unfortunately, I can’t help at the moment. When I try to open the app, I only get a ‘Bad Gateway’ message.