Oicd groups not working
Hello. I am using oicd to connect auth to authelia. There i have groups
admins and arrs. I dont really know the difference between owner and admin in homarr, but i have set arrs as admin and admins as owner. But after login, i cannot modify the dashboards, saying I do not have the persmission.
Authelia config:
Solution:Jump to solution
So, the issue with my sites was my new shiny catchall.
Homarr also no longer gives group errors.
It does not sill work however.
I will try to reset the volume and see if that helps...
38 Replies
Thank you for submitting a support request.
Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
❓ Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
Your groups are the same. Can you try different groups?
This was the latest try
I will retry
One moment
Same result. Would it affect if my user is member of both groups?
I would try to see whether it does
Ensure that you log out and in again as this may have some effect
One moment
It doesnt fetch any groups?
Just checked quickly, both groups being the same shouldn't be a problem. @Tag can you jump in?
I have changed the groups, but noticed this in the logs
So, this was working before right?
Or are you setting it up right now and just not working?
I was just setting it up
Had authelia working on other services before tho
Alright, so this is not an issue that came with the new version, good to know
You use Authelia, and what do you use as a database? Ldap?
Openldap yes
Is it possible you haven't configured the groups properly in Authelia?
Hmmm, let me try it out
It does appear so, i will check it out more as soon as i get to the PC
https://gist.github.com/dgalli1/3193fd3e0476a0495c0fd91e1e055022
I am thinking the groups are not working because authelia is not transmitting any groups.
This is a link to how Authelia is configured with OpenLdap
The funny thing is my setup is based directly from this
I will investigate
I actually believe you, I followed the same for LLDAP instead but they're quite easy to find
I was thinking of migrating to lldap but i didnt find any info on if they can send login info to the user like ldap-user-manager does (what i use atm)
That's a good question, I'd say just try it. You don't need to delete your openLdap to try LLDAP.
I did, since i use traefik i can make the reverse proxy straight from the compose so its quite quick
But i didnt find any options
So i thought it might be an env var
I remember checking that too actually, I've searched arround a bit more and it seems you can't modify the lldap database from outside, so apps like user-ldap-management wouldn't work. You can only use the GUI of LLDAP
So, i have noticed this log in authelia:
time="2024-05-13T02:40:56+02:00" level=debug msg="Check authorization of subject username=zbe groups=admins,arrs ip=185.65.228.215 and object https://awdawda.si/radarr/api/v3/command (method GET)."
And the groups are here, so authelia should recognize the groupsAlright, another interesting thing I just found in the code, if you actually indeed not have any groups, you would have an error logged into homarr's logs
Which you do
So the problem is not that the env variable is wrong, it's that when the user connects, it doesn't return any groups
So basically, Authelia is not giving the groups. No idea if that's because you need to enable something somewhere maybe
Ah! Maybe because of how you configure OIDC in authelia?
Do you have all the scopes correctly added in authelia's OIDC configuration? Namely, "groups"?
Too bad...
It's quite confusing, we're at the point where we know Authelia has the groups, but it doesn't give it to us through OIDC...
I will do some more checks with authelia, i have noticed the group domain locks dont work either
It does seem to find the groups according to the log
I have no idea where i messed it up
That wasn't supposed to happen, wth
Sorry you got message policed
Happens hahaha
I probably messed around in the config and didnt notice it before
And just now noticed with this homarr fiasco
Solution
So, the issue with my sites was my new shiny catchall.
Homarr also no longer gives group errors.
It does not sill work however.
I will try to reset the volume and see if that helps
You've set back the env variables in homarr right
Lol
Reseting the volume fixed it
Guess it caches something somewhere
Thanks for all your input and help!
Glad we got it working
I'm actually glad it was a setup problem and not from the modifications I had to do recently possibly wrecking it up.
Do feel that.
While I have you here, is it normal to redirect me to torrent galaxy in torrent search? I would think it would use prowlarr for it
Torrent search was implemented a long time ago and prowlarr just recently so nothing to do with one another. It was recently asked to be able to use any torrent indexer you could want though. But this is such a better idea, could you please make a github issue with the idea? I actually didn't like much that we had an indexer hardcoded in so something like that would be great.
What's homarr written in again?
Typescript
Will try to play around and send a pull. If not I'll make an issue
Alright, I'll mark this ticket as resolved. If you have further questions please do so in #🦞・general or make a new ticket, it's better for referencement if someone searches for the issue.
Alright, thanks again for your help and time