Keycloak & Cloudron
-
@girish I always thought marking the users as inactive would mean they can't log in to the services that use Cloudron LDAP. On the other hand, for instance, Keycloak has an option to do a full sync of users from the LDAP server. In such cases, Keycloak does not have any way to know whether the users are still active. That's why I asked if there's any filter that I can apply to only fetch/sync active users.
@nj said in Keycloak & Cloudron:
@girish I always thought marking the users as inactive would mean they can't log in to the services that use Cloudron LDAP
Yes, that's the case. When you say "Cloudron LDAP" you mean the apps installed on Cloudron, right? Or have you made some custom patch to expose Cloudron LDAP to external apps ?
On the other hand, for instance, Keycloak has an option to do a full sync of users from the LDAP server.
I don't get this part... How can Keycloak sync from Cloudron ? (unless, of course, you have made some custom patch to expose Cloudron LDAP...).
(So, if the above is true, we can expose the active flag via LDAP. That should be straightforward, if that's what you are asking).
-
@nj said in Keycloak & Cloudron:
@girish I always thought marking the users as inactive would mean they can't log in to the services that use Cloudron LDAP
Yes, that's the case. When you say "Cloudron LDAP" you mean the apps installed on Cloudron, right? Or have you made some custom patch to expose Cloudron LDAP to external apps ?
On the other hand, for instance, Keycloak has an option to do a full sync of users from the LDAP server.
I don't get this part... How can Keycloak sync from Cloudron ? (unless, of course, you have made some custom patch to expose Cloudron LDAP...).
(So, if the above is true, we can expose the active flag via LDAP. That should be straightforward, if that's what you are asking).
wrote on Jan 22, 2022, 4:59 AM last edited byWhen you say "Cloudron LDAP" you mean the apps installed on Cloudron, right?
Yes. I recently built and run Keycloak as an app on my Cloudron instance.
we can expose the active flag via LDAP.
That's exactly what I want. If you could expose the
active
flag via LDAP, I could use a filter like(&(objectClass=user)(isActive=true))
to only fetch active users.I'm not a native English speaker, so excuse the confusion that I caused.
-
When you say "Cloudron LDAP" you mean the apps installed on Cloudron, right?
Yes. I recently built and run Keycloak as an app on my Cloudron instance.
we can expose the active flag via LDAP.
That's exactly what I want. If you could expose the
active
flag via LDAP, I could use a filter like(&(objectClass=user)(isActive=true))
to only fetch active users.I'm not a native English speaker, so excuse the confusion that I caused.
@nj I just made a fix in fact to not list inactive users in ldap at all. I think that was an oversight. After all, we don't want those users to appear in LDAP searches. Maybe you can try this patch - https://git.cloudron.io/cloudron/box/-/commit/8958b154e96832688896dafccf7350bad575b0a9
-
@nj I just made a fix in fact to not list inactive users in ldap at all. I think that was an oversight. After all, we don't want those users to appear in LDAP searches. Maybe you can try this patch - https://git.cloudron.io/cloudron/box/-/commit/8958b154e96832688896dafccf7350bad575b0a9
wrote on Jan 22, 2022, 7:10 PM last edited by@girish That worked. By the way, is there a plan to package Keycloak? I managed to run Keycloak and Outline on Cloudron. Keycloak needed some patching to make it work on the read-only system without mounting everything to /app/data. Outline wiki app can be easily set up to authenticate using Keycloak. Both apps seem to be working as they should. Do you think we can publish those apps to the Cloudron App Store? That would be my first experience publishing an app.
Currently, I am packaging the Outline app to directly authenticate with the Cloudron user directory without the need to install Keycloak. If anyone is interested, I published a little more details in my blog. I'm doing another write-up describing the issues I solved while packaging Keylcloak.
-
@girish That worked. By the way, is there a plan to package Keycloak? I managed to run Keycloak and Outline on Cloudron. Keycloak needed some patching to make it work on the read-only system without mounting everything to /app/data. Outline wiki app can be easily set up to authenticate using Keycloak. Both apps seem to be working as they should. Do you think we can publish those apps to the Cloudron App Store? That would be my first experience publishing an app.
Currently, I am packaging the Outline app to directly authenticate with the Cloudron user directory without the need to install Keycloak. If anyone is interested, I published a little more details in my blog. I'm doing another write-up describing the issues I solved while packaging Keylcloak.
-
@nj Yes, we can get them published as time permits! If you post the links to the repos when they are sort of ready, we can take it from there.
-
wrote on Feb 11, 2022, 11:51 AM last edited by
-
wrote on Feb 11, 2022, 12:21 PM last edited by
Just spotted this: https://git.cloudron.io/cloudron/keycloak-app/ does anyone know the status of that project?
-
Just spotted this: https://git.cloudron.io/cloudron/keycloak-app/ does anyone know the status of that project?
wrote on Feb 17, 2022, 10:01 AM last edited by@girish would you add this to the appstore? https://git.cloudron.io/cloudron/keycloak-app/ It seems complete?
-
@girish would you add this to the appstore? https://git.cloudron.io/cloudron/keycloak-app/ It seems complete?
-
Strange there is no app request for keycloak. @Sam_uk do you think you can open an app request topic ?
wrote on Feb 18, 2022, 12:41 AM last edited by@girish Or move this one? It seems to have all the useful links in so far.
-
Strange there is no app request for keycloak. @Sam_uk do you think you can open an app request topic ?
wrote on Feb 18, 2022, 9:49 AM last edited by@girish I'm tempted not to.
I think my position is that Authentik is the better app, which would provide everything that Keycloak does.
-
@girish I'm tempted not to.
I think my position is that Authentik is the better app, which would provide everything that Keycloak does.
-
@nj Yes, we can get them published as time permits! If you post the links to the repos when they are sort of ready, we can take it from there.
wrote on Feb 28, 2022, 6:53 AM last edited by@girish Please check this out. I previously packaged Keycloak but suddenly the Keycloak team decided to deprecate the Wildfly version and started supporting Quarkus runtime. So I had to re-package it again. Took a while during the weekdays.
-
@girish Please check this out. I previously packaged Keycloak but suddenly the Keycloak team decided to deprecate the Wildfly version and started supporting Quarkus runtime. So I had to re-package it again. Took a while during the weekdays.
-
@girish Please check this out. I previously packaged Keycloak but suddenly the Keycloak team decided to deprecate the Wildfly version and started supporting Quarkus runtime. So I had to re-package it again. Took a while during the weekdays.
-
wrote on Mar 16, 2022, 10:17 AM last edited by
Just to update https://github.com/njsubedi/cloudron-keycloak seems to be working well so far.
Configured Nextcloud, Humhub & Rocketchat to use it.
-
wrote on Mar 16, 2022, 12:06 PM last edited by
-
wrote on Mar 29, 2022, 7:15 AM last edited by
Update available: Keycloak 7.0.1
-