Status LDAP integration?
-
Hi @nebulon I was curious for the status of the LDAP integration as mentioned in the Cloudron App Store since first publish date:
Currently Cloudron user-management is not possible due to LDAP requirements. We are working with FreeScout to get those solved, then the optional LDAP module can be purchased and used.
When LDAP is solved, will SSO also work?
BTW thanks for having this app on Cloudron, we used it already for months on another host and last week migrating everything to the Cloudron app went fine.
Kind regards,
Marcel
-
I am debugging this right now, but it seems that their LDAP plugin needs quite a bit of rewrite to support the Cloudron use-case.
In particular on Cloudron an app gets an ldap admin bind account allocated, which allows the app to list users. In FreeScout this bind/admin account needs to have the same DN (essentially LDAP term for namespace) as users. This is not the case on Cloudron to not mix users and app specific accounts.
I will provide them with feedback, but I am not too hopeful to get this resolved quickly.
-
So there is still no possibility to get LDAP working within the Freescout App for Cloudron? I have Freescout installed within LAMP but want to switch to the Cloudron app because of automatic updates and user management within Cloudron.
Edit: Changelog for the LDAP module --> https://freescout.net/module/ldap/?changelog=1
-
@imc67 I bought the LDAP extension but had no luck because I used the LAMP 7.4 package that includes the Cloudron LDAP addon. Sadly the Freescout documentation says PHP 7.3 and below is required because of
ldap_control_paged_result()
I will keep testing with the Freescout app and report back. -
I took another look at the ldap plugin more in-depth and after much debugging, I managed to get it to work in a hackish way. I don't fully understand all the code paths yet, but I reached out to the upstream devs again to hopefully get this sorted out in a proper way.
I will keep this thread updated on the progress.
-
We managed to come up with a fix and they have released a new LDAP plugin already which is now compatible.
I am currently fixing up the autoconfiguration and then we can enable optional LDAP support in the package. Of course though this is then a bit special, since installing the app with user management integration also means one has to purchase the FreeScout LDAP plugin afterwards.
I don't think we have any app in our library following that approach for the moment. -
@nebulon Do freescout plugins work with a license key? If so, is the idea to install with Cloudron authentication and then make the user put in license key for things to start working? Or is it that we cannot put the code at all in the docker image?
Also, the closest we have like this is Confluence.
-
@girish basically yes. You can only install an module if you have the license key for it. The env's used by an module can be stored in configuration files beforehand. Usage is therefore opt-in and does not affect normal cloudron users without a license.
I like their concept and price model very much and it was easy for me to buy a few (lifetime) module licenses.
-
Since I kind of got stuck eventually somewhere in the auth framework, of which I am no expert, we have provided the freescout team a Cloudron to be able to reproduce the login issue.
They have managed to fix this upstream, so I am trying to work out how we can test this with maybe a test license for package updates...once that is resolved we can finally push a package which supports LDAP
-
We have published a new app package now, which contains the LDAP fixes.
The app can be installed with cloudron usermanagement now, however that feature only works if the Freescout LDAP module is also purchased. Once it is activated, just restart the app and it should work.In order to use this, a fresh FreeScout instance has to be installed!