MessyAdvent

joined 3 years ago
[–] MessyAdvent@lemmy.dbzer0.com 28 points 3 months ago (4 children)

Welp, once again, it seems it's a bit biased.

Dati is very much right leaning, and very much under investogation too.
Her lawyer made a website shutdown that was listing all her cases.

Chikirou is trully such a strange choice. Even tho LFI IS left leaning (far from being tankies tho), Chikirou is... An anomaly ? She has been caught doing homophobe comments, and lately, has made a very strange comment about people not wanting to work 50 hours a week...

I'm not Parisian myself, and if I were to vote acording to my values, the party that would represent it better would be LFI (but not Chijirou, so tough choice), but the "best scenario" would be for Gregoire to be elected.

[–] MessyAdvent@lemmy.dbzer0.com 16 points 4 months ago* (last edited 4 months ago) (1 children)

Does hit hard. Where I'm from, a couple years ago maybe ten years ago or so, a kid was killed by cops. I used to say "Surely he did something to be killed". How dumb I was...

I had the exact same issue.
Basically, what I wanted to do, was to have my Authentik user created as an admin, and the others to be created as users (as anyway, I would be able to change the roles of the other users from my user).

Here's how I fixed it :
1 - In left navigation menu, went to "Directory/Groups", then created a new "group" called "ocisAdmin".
2 - In left navigation menu, went to "Directory/Users", then assigned my user to this new group.
3 - In left navigation menu, went to "Customization/Property Mappings", then, created a new "Scope Mapping" (penultimate option on my UI). Gave it a name that speaks to me ("oCIS email scope extended", if you want to know), "email" as "Scope Name", and this expression:

return {
  "roles": "ocisAdmin" if ak_is_group_member(request.user, group_uuid="55bb2a58-2973-4753-a16a-6ebc80bec705") else "ocisUser"
} # Replace the UUID with your group's one, I found it in the URL when modifying the group in Authentik

4 - In left navigation menu, went to "Applications/Providers", opened each oCIS provider, clicked "Edit", opened the sub-menu "Advanced protocol settings", selected my custom "Property mapping" in the left "Scopes" menu, and clicked on the right pointing arrow to have it selected for those providers.

Also, make SURE that you have this property set:

PROXY_ROLE_ASSIGNMENT_DRIVER=oidc

Now, my users are properly populated into oCIS.
I still need to figure out how to make the applications work, but I have faith I'll figure it out :)

Hope that helped !