Keycloak & Cloudron
-
@girish I always thought marking the users as inactive would mean they can't log in to the services that use Cloudron LDAP. On the other hand, for instance, Keycloak has an option to do a full sync of users from the LDAP server. In such cases, Keycloak does not have any way to know whether the users are still active. That's why I asked if there's any filter that I can apply to only fetch/sync active users.
@nj said in Keycloak & Cloudron:
@girish I always thought marking the users as inactive would mean they can't log in to the services that use Cloudron LDAP
Yes, that's the case. When you say "Cloudron LDAP" you mean the apps installed on Cloudron, right? Or have you made some custom patch to expose Cloudron LDAP to external apps ?
On the other hand, for instance, Keycloak has an option to do a full sync of users from the LDAP server.
I don't get this part... How can Keycloak sync from Cloudron ? (unless, of course, you have made some custom patch to expose Cloudron LDAP...).
(So, if the above is true, we can expose the active flag via LDAP. That should be straightforward, if that's what you are asking).
-
@nj said in Keycloak & Cloudron:
@girish I always thought marking the users as inactive would mean they can't log in to the services that use Cloudron LDAP
Yes, that's the case. When you say "Cloudron LDAP" you mean the apps installed on Cloudron, right? Or have you made some custom patch to expose Cloudron LDAP to external apps ?
On the other hand, for instance, Keycloak has an option to do a full sync of users from the LDAP server.
I don't get this part... How can Keycloak sync from Cloudron ? (unless, of course, you have made some custom patch to expose Cloudron LDAP...).
(So, if the above is true, we can expose the active flag via LDAP. That should be straightforward, if that's what you are asking).
When you say "Cloudron LDAP" you mean the apps installed on Cloudron, right?
Yes. I recently built and run Keycloak as an app on my Cloudron instance.
we can expose the active flag via LDAP.
That's exactly what I want. If you could expose the
activeflag via LDAP, I could use a filter like(&(objectClass=user)(isActive=true))to only fetch active users.I'm not a native English speaker, so excuse the confusion that I caused.
-
When you say "Cloudron LDAP" you mean the apps installed on Cloudron, right?
Yes. I recently built and run Keycloak as an app on my Cloudron instance.
we can expose the active flag via LDAP.
That's exactly what I want. If you could expose the
activeflag via LDAP, I could use a filter like(&(objectClass=user)(isActive=true))to only fetch active users.I'm not a native English speaker, so excuse the confusion that I caused.
@nj I just made a fix in fact to not list inactive users in ldap at all. I think that was an oversight. After all, we don't want those users to appear in LDAP searches. Maybe you can try this patch - https://git.cloudron.io/cloudron/box/-/commit/8958b154e96832688896dafccf7350bad575b0a9
-
@nj I just made a fix in fact to not list inactive users in ldap at all. I think that was an oversight. After all, we don't want those users to appear in LDAP searches. Maybe you can try this patch - https://git.cloudron.io/cloudron/box/-/commit/8958b154e96832688896dafccf7350bad575b0a9
@girish That worked. By the way, is there a plan to package Keycloak? I managed to run Keycloak and Outline on Cloudron. Keycloak needed some patching to make it work on the read-only system without mounting everything to /app/data. Outline wiki app can be easily set up to authenticate using Keycloak. Both apps seem to be working as they should. Do you think we can publish those apps to the Cloudron App Store? That would be my first experience publishing an app.
Currently, I am packaging the Outline app to directly authenticate with the Cloudron user directory without the need to install Keycloak. If anyone is interested, I published a little more details in my blog. I'm doing another write-up describing the issues I solved while packaging Keylcloak.
-
@girish That worked. By the way, is there a plan to package Keycloak? I managed to run Keycloak and Outline on Cloudron. Keycloak needed some patching to make it work on the read-only system without mounting everything to /app/data. Outline wiki app can be easily set up to authenticate using Keycloak. Both apps seem to be working as they should. Do you think we can publish those apps to the Cloudron App Store? That would be my first experience publishing an app.
Currently, I am packaging the Outline app to directly authenticate with the Cloudron user directory without the need to install Keycloak. If anyone is interested, I published a little more details in my blog. I'm doing another write-up describing the issues I solved while packaging Keylcloak.
@nj Yes, we can get them published as time permits! If you post the links to the repos when they are sort of ready, we can take it from there.
-
@nj Yes, we can get them published as time permits! If you post the links to the repos when they are sort of ready, we can take it from there.
-
-
Just spotted this: https://git.cloudron.io/cloudron/keycloak-app/ does anyone know the status of that project?
-
@girish would you add this to the appstore? https://git.cloudron.io/cloudron/keycloak-app/ It seems complete?
@Sam_uk mm, not really, it seems to have some compose files etc. I can't find pawel on this forum to tag but I am not even sure who created that repo and why it's in the cloudron namespace. But worth looking into.
-
Strange there is no app request for keycloak. @Sam_uk do you think you can open an app request topic ?
-
Strange there is no app request for keycloak. @Sam_uk do you think you can open an app request topic ?
@girish Or move this one? It seems to have all the useful links in so far.
-
Strange there is no app request for keycloak. @Sam_uk do you think you can open an app request topic ?
-
@girish I'm tempted not to.
I think my position is that Authentik is the better app, which would provide everything that Keycloak does.
@Sam_uk ah ok, I upvoted that one
-
@nj Yes, we can get them published as time permits! If you post the links to the repos when they are sort of ready, we can take it from there.
-
@girish Please check this out. I previously packaged Keycloak but suddenly the Keycloak team decided to deprecate the Wildfly version and started supporting Quarkus runtime. So I had to re-package it again. Took a while during the weekdays.
-
@girish Please check this out. I previously packaged Keycloak but suddenly the Keycloak team decided to deprecate the Wildfly version and started supporting Quarkus runtime. So I had to re-package it again. Took a while during the weekdays.
@nj thanks! this is awesome, added to our list of packages to push out.
-
J jk referenced this topic on
