EntraID / AzureAD LDAP wrapper
-
The topic has come up several times in the forum in the past: Is there an easy way to connect the Cloudron user directory to Microsoft Entra ID (formerly Azure AD) for a same signin scenario? Microsoft offers the Entra ID Domain Services with LDAP, but it involves a very complex and cost intensive setup.
I have been using the "Azure AD LDAP Wrapper" in the past which uses the Microsoft Graph API and provides an LDAP endpoint for Entra ID:
https://ahaenggli.github.io/AzureAD-LDAP-wrapper/installation/run-ldap-wrapper/The project is quite simple and easy to install using docker or nodejs directly. I am currently running it on a seperate server with firewall rules to allow only specific ip addresses to access the LDAP port. Now, wouldn't be great if this could run as a Cloudron app itself? If it was published on the app store, one would only need to provide the Azure App registration data in an env-file and could bind the Cloudron directory to a local (private) LDAP port on the same server.
Well, I am new to packaging apps for Cloudron and have no idea how to package an app without a web interface. Heath checks would need to check the LDAP port and not HTTP, etc. Is this even a scenario wanted by the @staff?
If so, I could give packaging a try and do some testing, but would need some pointers if this can/should be realized as an app within Cloudron as it would need to expose a custom LDAP port to the internal docker stack.
-
AD support seems to be something we should add directly to Cloudron's existing LDAP server, if this is deemed useful. Incidentally, Cloudron's ldap server is also based on ldapjs.
@joseph said in EntraID / AzureAD LDAP wrapper:
AD support seems to be something we should add directly to Cloudron's existing LDAP server, if this is deemed useful. Incidentally, Cloudron's ldap server is also based on ldapjs.
Entra ID / Azure AD is not LDAP… that’s why either a wrapper like above is needed or Cloudron could natively implement Entra ID support (as many other apps do) and connect it to the Cloudron internal directory.
-
@joseph said in EntraID / AzureAD LDAP wrapper:
AD support seems to be something we should add directly to Cloudron's existing LDAP server, if this is deemed useful. Incidentally, Cloudron's ldap server is also based on ldapjs.
Entra ID / Azure AD is not LDAP… that’s why either a wrapper like above is needed or Cloudron could natively implement Entra ID support (as many other apps do) and connect it to the Cloudron internal directory.
@NCKNE said in EntraID / AzureAD LDAP wrapper:
Entra ID / Azure AD is not LDAP
TIL
Had no clue, ignore my previous comment then. Just read about it a little more and it seems you need something called Azure AD DS per https://www.reddit.com/r/sysadmin/comments/120e71z/ldaps_with_azure_ad_tenant_bundled_with_office_365/ -
@NCKNE said in EntraID / AzureAD LDAP wrapper:
Entra ID / Azure AD is not LDAP
TIL
Had no clue, ignore my previous comment then. Just read about it a little more and it seems you need something called Azure AD DS per https://www.reddit.com/r/sysadmin/comments/120e71z/ldaps_with_azure_ad_tenant_bundled_with_office_365/@joseph said in EntraID / AzureAD LDAP wrapper:
@NCKNE said in EntraID / AzureAD LDAP wrapper:
Entra ID / Azure AD is not LDAP
TIL
Had no clue, ignore my previous comment then. Just read about it a little more and it seems you need something called Azure AD DS per https://www.reddit.com/r/sysadmin/comments/120e71z/ldaps_with_azure_ad_tenant_bundled_with_office_365/Yeah, but the Azure AD DS you mentioned is very complex and expensive (licensing costs). I just thought since the topic had come up a few time, native support of Entra ID / Azure AD might be something to consider for the future.
