Questions about LDAP/sync members (Dolbarr to LDAP to Keycloak) & premium support

Jordy

Hello,
I'm a new subscriber to Cloudron Business Premium annual, i don't know if it is the right way to contact you about issues, but i did not found any mentions about business support on the business tooltip on the Cloudron interface.

I would like to sync members from Dolibarr (using the membership module), to the Cloudron LDAP, then using a Keycloak instance (and LDAP federation) to allow these members to connect to some applications.
I modified Dolibarr config for members to Dolibarr -> LDAP.

But i have troubles with the OU member, because it doesn't exist.

So i need to add this OU, but the LDAP account created for the bind seems not to allow it.

How can i find the admin LDAP CN/password, and modify the scheme to add an OU ? Or do you suggest another way to sync Dolbarr members to a database, then using it to Keycloak ?

Thank you,
Jordy

BrutalBirdie

From the docs ldap-directory-server

Cloudron can act as a (readonly) LDAP server for apps hosted externally to Cloudron. External apps can then be configured to list Cloudron users and allow users to authenticate with their Cloudron password.

So this might be the first problem. ldapadd will not work because of that.

@Jordy said in Questions about LDAP/sync members (Dolbarr to LDAP to Keycloak) & premium support:

I would like to sync members from Dolibarr (using the membership module), to the Cloudron LDAP

From the Dolibarr app doc: https://docs.cloudron.io/apps/dolibarr/#sync-users

Users are synced from Cloudron to Dolibarr every hour . You can also sync manually by running /app/pkg/sync-users.sh manually using the Web Terminal.

So, Dolibarr as a Cloudron app should already sync users is your Dolibarr completely external?

nebulon

With a Business plan you can always write to us at support@cloudron.io and you will get priority there.

For your question, if I understand correctly, you are trying to setup dolibarr to write to the user directory via LDAP. Unfortunately the Cloudron LDAP directory is read-only so far, so that will not work. Cloudron has a REST API to create users, but that will require some custom Dolibarr extension, which might be out of scope. I personally do not know what the difference between users and members are in Dolibarr, but maybe it is an option to create the members/users in Cloudron and then sync them into Dolibarr?

Jordy

Hello,
thank you for your answer, i will write you at the mail adress if needed

Well, in Dolibarr, users are the users that can log in; members are just a database of people (Dolibarr is a CRM).
The main idea is that users from Dolibarr are users from LDAP/Cloudron (and this part works well, the script works great to copy users from LDAP to Dolibarr); but members are created in Dolibarr, then used to give access to other applications (and for that, i use a Keycloak managed by Cloudron).

As Dolibarr allows to copy members from Dolibarr to LDAP (with the integated module, cf. first picture), i thought i can copy member in a LDAP OU (for example, ou=members), then use Keycloak to use them. But if the Cloudron LDAP is read-only, nope.

Maybe it's possible to install a LDAP app (and not use the Cloudron ?), but i don't think there's an app in the store...

Jordy

Hello, the topic can be closed, i solved by creating another LDAP server, it works well. Thank you for your answers.

Jordy

nebulon

Thanks for the insight and glad it worked out for you in the end!