Integrate Mattermost with Yunohost LDAP

[kemenaran]

Mattermost allows integrating the accounts with an LDAP system. This would let Mattermost users use the same credentials than their Yunohost account.

However LDAP integration is only available in Mattermost Entreprise, which users need to pay for.

Is it worth supporting features that users need to pay for?

Pros:

• Paying for software is good, it helps supporting a viable system ;
• Mattermost paid features are actually open-source (behind a feature-flag).

Cons:

• Harder to developers to test without paying for a license ;
• Looks like free work to support a revenue-generating feature for Mattermost.

[Zykino]

Maybe you can ask them if they are ok with it. Maybe they want to restrict to small communities which is the userbase of most yunohost, but not all. Maybe they will even make this feature in the free version since they were not aware that a project like yunohost enable every one to use LDAP and not just Enterprises.

I personnaly think that I won’t try or use the app as long as this question is not sorted. And I did not find a way to test Mattermost other than installing it myself in standalone/yunohost…

[ImaCrea]

Hello there, I'm setting up a Yunohost server for MailTape collective and mattermost looks like the perfect fit to get rid of fb messenger.. LDAP support sounds good and I think we would be ready pay.

How could we make that work do you think? Is this some kind of feature easy to add on a point and click dashboard or does it need to build a new package?

thanks for your dear help

[kemenaran]

Hi there! Manually integrating Yunohost LDAP should be doable. I guess the steps would be:

1. Purchase a Mattermost Entreprise Edition license, to unlock the LDAP feature of Mattermost;
2. In the now unlocked Mattermost settings, configure the LDAP server to use Yunohost one (I don't know the exact parameters, but maybe Yunohost documentation could help)

And it should work (in theory) – without even needing a modification to this package.

If you try it, could you report here if this works or not?

[ImaCrea]

Not sure I will try in the end. I'm playing with Synapse package and it includes ldap for free. So unless people in the crew really don't like Riot's interface I guess we won't test that.

[ketsapiwiq]

For the record, there's this open source extension for mattermost ldap support (I didn't test it): https://github.com/Crivaledaz/Mattermost-LDAP

[kemenaran]

@lucaskev interesting! I didn't thought it could be possible to transparently implement an LDAP connector for the Free Edition of Mattermost.

I looked a bit at the code of https://github.com/Crivaledaz/Mattermost-LDAP, and I'm not sure it could be reliably integrated into the Yunohost package: it seems a young project, with many dependancies and moving parts. But as a proof of concept it definitely is interesting.

[dosch]

@kemenaran in this time of crisis it is good to work on alternatives as these. I am hoping to set up an alternative communication channel next to WhatsApp and Signal. Did anyone progress with the LDAP integration?

[kemenaran]

@dosch as far as I know, nobody worked on integrating the LDAP bridge to this Yunohost package yet.

That said, I you know a little about system administration, you can try to:

1. Install Mattermost using this Yunohost package;
2. Install the free LDAP bridge manually, and connect it to the Yunohost LDAP.

If it works, you'll have a working LDAP integration with Yunohost. And we can look at how it could be integrated into the package itself.

[markfoodyburton]

Seem https://github.com/Crivaledaz/Mattermost-LDAP has been updated since October 2019. Worth looking again?

[biva]

Hello, I think the suggestion of @Zykino in https://github.com/YunoHost-Apps/mattermost_ynh/issues/58#issuecomment-476814976 makes sense. Amyblais is posting here every time there's a Mattermost update, it means that Mattermost is interested in the Yunohost project. Maybe they could consider the LDAP integration for free if it goes through Yunohost? I'm just a Yunohost and Mattermost user, so I won't do anything without your advice, but if you want me to ask, I can do it.

[kemenaran]

@biva sure, that makes sense. If you feel like asking the Mattermost team for a solution to this, please do 👍

[amyblais]

Thank you @biva for sharing this with me. I asked our product managers about this, and here is what they shared:

At this time, we have no plans to move LDAP into our Team Edition. It is available in Professional Edition which is targeted at teams who need to work cross-functionally and typically require more directory management services to manage user access. Team Edition is best suited for a single or small group of teams who do not require directory services.

We understand that many teams use Mattermost Team Edition because of its open source and free. Our commercial and paid versions allow us to continue to provide this offering to our community. Given the separation of the editions, there unfortunately isn't an easy way technically to "unlock" LDAP for your purpose.

[biva]

Thank you very much @amyblais for having considered this request and having taken the time to investigate... even if we would have hoped for another answer ;)

[SveDec]

Hi everyone,

For my own use, i wrote a bash script that installs Crivaledaz' module and makes it work with my YunoHost install.

I thought it may interest people here, so feel free to take a look at it, test it, improve it, or even integrate it to the YunoHost app if you want to. The code is here : https://github.com/SveDec/Mattermost-Yunohost-LDAP.

Hope it'll help.

[stepcellwolf]

@SveDec very nice indeed, however when I try to run it on YunoHost 11.2.1.0 I get Mattermost_LDAP.sh: 84: Bad substitution Any how-to/guide how to install? Thanks.