The Great Open Source Debate with Elastic, Gluu and GitHub 🎤 Oct 26

Upcoming changes to identity management integrations

I use the LDAP integration for a small number of family/friends. The proposed restrictions make LDAP functionally worthless, so you may as well remove it altogether. I’m definitely ditching RocketChat and will stop recommending it any longer.

Without custom OAuth integration, I can’t use it for company internal projects.

I think it’s a bit disingenuous to constantly ignore the biggest competitor to rocket chat. You guys act like you’re the only game in town. Zulip clearly has LDAP support.

1 Like

No. Google Auth integration continues to work in CE, as with all social media auth. Please see details in this document

@szampardi and @jason Custom oauth is not all moving to Enterprise. Much of its functionality remains. Please see the bottom of this chart for specific details.

@sahan Custom Oauth is not all moving to Enterprise, our CE version still supports some LDAP, SAML and Oauth capabilities. Please see the bottom of this chart for specific details.

Oauth and custom oauth are not all removed from CE. If you oauth via keycloak you should be unaffected. See bottom of this chart for details on which part of custom oauth is moving.

@underresting Thank you for your comment.

No, not only in Gold plan. See this chart for details of what is on the other plans. If you are a non-profit actually affected by this change, please contact me via DM or email to

@dennis4720 Thank you for your comment. If you are a non-profit actually affected by this change (please verify your LDAP needs with this chart), please contact on or via email

I saw that roles and avatars are not synced, which is fine for our particular application. But can we still add our own custom OAuth provider?
For your reference, I’m referring to adding Azure B2C as a custom OAuth provider. do you have anything to say about the hostage situation with ripping out existing LDAP functionality?


I think the issue as underlined by other people here, is that you are cutting back functionality in the free version and moving it to a paid tier. That sort of behaviour is always risky. Gitlab for example has promised that they will never do this, and I would assume that a similar backlash if not larger would happen there if that were to happen.

The reason this feels so nasty is that you are essentially taking something from the community. There is no real reason given except that it seems like you expect to get more revenue out of this.

I urge you to rethink this decision especially because all the code that you are now thinking of taking behind closed doors is already open to begin with.


Our CE version supports basic LDAP, SAML and Oauth capabilities. If you need an extension of it, please contact us for information on cost of the Enterprise Edition, volume discounts and accommodations for contributing community members. Also, it is good to remember that we support with zero or special rate to non profit and open source and developer communities.

Rocket.Chat is constantly working to have the best product versions both CE and EE, and works to address reported issues and bug fixes in our monthly releases.

As our identity management offering has expanded, we’ve recognized the need to improve support for this growing pool of functionality. The team has recently completed a re-factoring of advanced identity management features and by moving that code to EE we will be able to fund the ongoing support for the functionality and continue to extend the platform’s identity management capabilities.

Our goal is to enable Rocket.Chat users to have a choice between extending basic LDAP, SAML and Oauth capabilities to fit their needs using our free CE or choose EE in order to access the re-factored suite of extended capabilities.

Thanks for reaching out on this. As mentioned in our announcement, we are happy to discuss in particular cases to make accommodation for contributing community members. We will contact you for this matter. We currently invest considerably in the ongoing expansion of the CE and EE versions of Rocket.Chat. We are working to ensure that we have a healthy ecosystem that enables CE users to continue to use and extend our free open-source features which is why the basic LDAP sync, basic SAML and Oauth are staying in CE.
Thanks for your feedback and we're glad that you're part of our growing community of users who love Rocket.Chat. We understand that organizations use Rocket.Chat in a wide variety of ways, so please contact us for information on cost of the Enterprise Edition, volume discounts and accommodations for contributing community members. We want to emphasize that, for supporting our community, we do provide accommodation for long-standing, contributing community members.

Sorry this won’t work for us, currently 890 users out of an university LDAP - paying 32.040$ annually is out of any considerable option, not even close to our storage budget. - anyway university is moving to MS teams :no_mouth:

i loved the integrations in and out, to zabbix, gitlab and redmine ~ and its all lost.

I have to shut down the instance after some time …
all best for your future.


1 Like

I don’t think you understand the reality of the situation. You are setting a precedent that at any time any crucial functionality can be taken away from CE.

For example the workaround right now, as far as I understand the feature comparison table, is to install CAS, use LDAP as its backend and configure CAS integration with RC (God knows how to migrate existing users to maintain their chat history, I would have to invest time to figure it out).

What if in two months you realize this and decide to remove CAS integration? Nobody wants to play your game anymore.

You either don’t remove the current CE features ever or you do, so which is it?

1 Like

Agreed here. This is a very poor approach. But the consequence will likely be felt in the plummeting market share in the coming months. There are more than several FOSS products that went enterprise at some point that never, ever did that to the community, and thus, they are still going strong. But, in the end…it is their product, and their right to choose to self-destruct with their decisions.

Welcom on the “SSO Wall of Shame”: