how to connect to a cloudron ldap via federation?
-
@andreasdueren some of those LDAP settings look wrong. See https://docs.cloudron.io/user-directory/#configuring-clients . The Bind dialog looks OK (it uses the admin DN) but the user search is not correct . I tried to put some more info in the doc link, let me know if those work.
-
@andreasdueren some of those LDAP settings look wrong. See https://docs.cloudron.io/user-directory/#configuring-clients . The Bind dialog looks OK (it uses the admin DN) but the user search is not correct . I tried to put some more info in the doc link, let me know if those work.
@girish said in how to connect to a cloudron ldap via federation?:
That works, but now I need to figure out what the Bind DN is to list all users, not just admins.
user,users,personetc. don't seem to be correct. -
The directory server implementation for listing/searching users is at https://git.cloudron.io/platform/box/-/blob/master/src/directoryserver.js?ref_type=heads#L217 so basically all users are at
ou=users,dc=cloudron -
Does the "Test authentication" button say OK btw? In your screenshot, what is the user filter (if the ui provides this)?
-
But even with read only it fails
-
Did you get this working ?
Is the app setup out of box to federate to the Cloudron LDAP?
I want to use this as the IDP (proxy) for NetBird since that’s officially supported / documented in the NetBird docs (va attempting to use cloudron OIDC directly which I haven’t been able to fully wrap my head around).
I’m open to either. Though, of course , Keycloak is a common IDP and supported by many things out of the box. And since cloudron doesn’t really have fine grained admin permissions , Keycloak could be a way for me to delegate (for non cloudron apps) admin permissions.
-
Did you get this working ?
Is the app setup out of box to federate to the Cloudron LDAP?
I want to use this as the IDP (proxy) for NetBird since that’s officially supported / documented in the NetBird docs (va attempting to use cloudron OIDC directly which I haven’t been able to fully wrap my head around).
I’m open to either. Though, of course , Keycloak is a common IDP and supported by many things out of the box. And since cloudron doesn’t really have fine grained admin permissions , Keycloak could be a way for me to delegate (for non cloudron apps) admin permissions.
@charlesnw nope, had to postpone working on it.
-
To circle back on this...
I deployed Keycloak from the app store. I created a new (local) admin user and deleted the temp one (as per the instructions out of the box).
I then used the "Login with Cloudron" button and was able to login to Keycloak (as the non admin user from Cloudron directory) and my Cloudron user shows up in Keycloak .
I would be very interested in developing/documenting a tight integration/best practices between Cloudron/Keycloak as a way to greatly extend/enhance Cloudron user management. Setting up various tenants, self service enabling signups in those tenants etc. For example, building user on-boarding / approval workflows (where you bring on a new team member and they need to be provisioned into groups). Right now, only Cloudron Superadmins have the ability to manage groups, and that isn't a privilege I want to hand out
I originally planned to have Claude build me a web app and utilize the Cloudron API to build that functionality (and was going to AGPLv3 it). However, perhaps, with Keycloak we don't have to fully re-invent the wheel?
IAM is a VERY important requirement/feature to compete with AWS/Azure. It's the next thing my board wants to see as we move through go-live with Cloudron across our various projects/entities.
Who would be the key people I would need to work with to get this built out/tested/integrated/streamlined?
I realize that Cloudron (as I understand it) isn't currently positioned/targeting "enterprise" or those who may use AWS/Azure. I am happy todo the light/medium/(some) heavy lift work to help get it to where I need it to be. I am a founder/CTO of a company that is in the ramp up/growth phase. I steadfastly refuse to use the "big cloud" and Cloudron has been amazing at eliminating about 90% of system admin duties in a reliable way.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login