how to connect to a cloudron ldap via federation?

girish

@andreasdueren some of those LDAP settings look wrong. See https://docs.cloudron.io/user-directory/#configuring-clients . The Bind dialog looks OK (it uses the admin DN) but the user search is not correct . I tried to put some more info in the doc link, let me know if those work.

andreasdueren

@girish said in how to connect to a cloudron ldap via federation?:

That works, but now I need to figure out what the Bind DN is to list all users, not just admins. user, users, person etc. don't seem to be correct.

nebulon

The directory server implementation for listing/searching users is at https://git.cloudron.io/platform/box/-/blob/master/src/directoryserver.js?ref_type=heads#L217 so basically all users are at ou=users,dc=cloudron

andreasdueren

@nebulon

Just to clarify, you're saying, this should work? Because it's only returning the system admins (me)

joseph

Cloudron LDAP is not writable afaik , it's read only

joseph

Does the "Test authentication" button say OK btw? In your screenshot, what is the user filter (if the ui provides this)?

andreasdueren

@joseph

But even with read only it fails

joseph

@andreasdueren that seems like a socket error, so networking issue. What is the LDAP server / port you are using ? It's not in the screenshot

charlesnw

Did you get this working ?

Is the app setup out of box to federate to the Cloudron LDAP?

I want to use this as the IDP (proxy) for NetBird since that’s officially supported / documented in the NetBird docs (va attempting to use cloudron OIDC directly which I haven’t been able to fully wrap my head around).

I’m open to either. Though, of course , Keycloak is a common IDP and supported by many things out of the box. And since cloudron doesn’t really have fine grained admin permissions , Keycloak could be a way for me to delegate (for non cloudron apps) admin permissions.

andreasdueren

@charlesnw nope, had to postpone working on it.