LDAP Schema?

charlesnw

What schema/schemas does the Cloudron LDAP server support?

I am attempting to have my Linux systems authenticate against the Cloudron LDAP server and a few subtle differences exist between schema versions.

Thanks!

james

Hello @charlesnw

Did you already see the documentation for the LDAP addon https://docs.cloudron.io/packaging/addons/#ldap and the documentation for the LDAP Directory Server https://docs.cloudron.io/user-directory/#ldap-directory-server ?

charlesnw

Not to be rude.... but this feels like a "RTFM" response. Yes, I've read those pages. A ctrl+f for schema returns

On https://docs.cloudron.io/user-directory/#ldap-directory-server (nothing)
On https://docs.cloudron.io/packaging/addons/#ldap (a reference to a DB update)

Did you fully read and understand my question? I ask that as gently and respectfully as possible. The question is hyper specific to LDAP/schemas etc and not a general "how to connect/auth etc".

Could you perhaps point me at the relevant code in the cloudron repo?

charlesnw

The schema object documentation on the addon page is very useful for application authentication to LDAP. Not so much for Linux authentication. Hence, my question about which schema is used.

james

Hello @charlesnw
Yes I have read your post and understood that you want to use the Cloudron LDAP Directory Server for Linux authentication.
My response was not meant as an RTFM, but only to make sure that the provided documentation is not enough.
More a self check if we need to improve the documentation.

The question regarding authentication on Linux was also already discussed in the forum, see here:
https://forum.cloudron.io/topic/10280/can-i-use-ldap-to-authenticate-a-debian-or-whatever-linux-flavour-desktop-login

So the answer is leaning towards a no, you can't use the Cloudron LDAP for Desktop Authentication as far as I know and understand.
Just to make sure, I will also relay this question to @staff

nebulon

There is indeed no documentation for the schema as such

Mainly the ldap server is tailored for the apps which authenticate against it and the attributes are not configurable. Due to lack of documentation, the only way to figure out the responses is by looking at the code, which may or may not help. The resonse attributes for a search query is essentially at https://git.cloudron.io/platform/box/-/blob/master/src/ldapserver.js?ref_type=heads#L166 while the supported DNs (which are also hardcoded) can be found at https://git.cloudron.io/platform/box/-/blob/master/src/ldapserver.js?ref_type=heads#L646 following.