Hi James. I've been through this documentation and reread it at least a dozen times to figure out where I might be going wrong.
In User Directory (/#/user-directory), there's a Provider referenced as "Other."
I'm using:
Server URL: ldaps://ldap.google.com:636 or ldaps://ldap.google.com
Base DN: dc=mydomain,dc=com,dc=br
Filter: (objectClass=person)
Username field: uid
Bind DN/Username (optional): credential-generated-by-google
Bind Password (optional): psw-generated-by-google
When I save without the "Accept Self-signed certificate" option checked, I get the error "self-signed certificate."
When I save with the "Accept Self-signed certificate" option checked, I get "Incorrect bind password."
From everything I've read, it seems that for Google Workspace, I would need to make Cloudron use the certificate generated by Google Workspace LDAP. From the server where Cloudron is installed, I can perform tests and listings using the command
LDAPTLS_CERT=/root/cert.crt \
LDAPTLS_KEY=/root/cert.key \
ldapsearch -x \
-H ldaps://ldap.google.com:636 \
-D "credential-generated-by-google" \
-w 'psw-generated-by-google' \
-b dc=mydomain,dc=com,dc=br \
'(objectClass=person)' uid
The problem is that without the certificate, the integration doesn't work. That's what I understand is happening with Cloudron. Does that make sense? Can I force Cloudron to use the Google-generated certificate? Is there another way to do this integration that I haven't figured out yet?
Best regards