Cloudron LDAP access for external apps?
-
Is it possible to make the LDAP service in Cloudron accessible to external applications? I know external access is disabled by default, but it would be great if it were open for any external apps I have. Thanks
-
No, not yet but hopefully soon
-
Damn, I forgot to verify this before I installed to experiment.
-
Damn, I forgot to verify this before I installed to experiment.
@YurkshireLad personally I don't need it yet, but it'd be nice to have.
I've only been playing around with/ using Cloudron since January but I totally love it so far, and I've been really impressed with how responsive the developers are; they respond promptly, fix bugs quickly and add new features at an amazing rate.
-
Technically this seems to be possible quite easily by providing a TLS certificate to the ldap server instance and expose it on a public port. It however raises a few issues like rate-limiting and how to configure which users and groups are exposed there. Also ldap binds for user searches have to be maintained somehow (I think similar to app passwords)
So far there was no focus on that feature, as we don't know how useful it really is for which use-cases and which organizations really require this. Afterall just adding also adds an ongoing burden on testing and maintaining such a feature. -
Technically this seems to be possible quite easily by providing a TLS certificate to the ldap server instance and expose it on a public port. It however raises a few issues like rate-limiting and how to configure which users and groups are exposed there. Also ldap binds for user searches have to be maintained somehow (I think similar to app passwords)
So far there was no focus on that feature, as we don't know how useful it really is for which use-cases and which organizations really require this. Afterall just adding also adds an ongoing burden on testing and maintaining such a feature.@nebulon the LDAP/SSO discussions are alas a βlittle bitβ scattered around the forum, this is from another thread:
@imc67 said in LDAP/AD Server:
It would be extremely convenient to have Cloudron as a LDAP server (app) and contains "the one and only truth" about usermanagement (all users/groups etc) so external systems (like local NAS) can make use of it.
Is that feasible, easy to do, safe ...?
-
Just here to vote for a implementation for this feature.
In our organization, we have different internal apps that are scattered here and there because of historical reasons. We use cloudron now for some apps and would like to manage users from a single source, but at the moment the only way we could do that is configuring an ldap server which is something that's out of our knowledge base.
Would be great to have something like a simple app we could install on or cloudron and we can cosult via rest API where we can get the active users and groups/roles, something super simple but that's synced with the cloudron user directory. Is this feasible?
-
Just here to vote for a implementation for this feature.
In our organization, we have different internal apps that are scattered here and there because of historical reasons. We use cloudron now for some apps and would like to manage users from a single source, but at the moment the only way we could do that is configuring an ldap server which is something that's out of our knowledge base.
Would be great to have something like a simple app we could install on or cloudron and we can cosult via rest API where we can get the active users and groups/roles, something super simple but that's synced with the cloudron user directory. Is this feasible?
-
@augusto I've got good news for you: https://forum.cloudron.io/post/41167
@nebulon said in Cloudron LDAP access for external apps?:
Agree, let me lock this thread in favor of the other one.
Doesn't look like you did ever lock it
But perhaps now turn this into a question and mark it as solved
-
N nebulon marked this topic as a question on
-
N nebulon has marked this topic as solved on
-
@nebulon said in Cloudron LDAP access for external apps?:
Agree, let me lock this thread in favor of the other one.
Doesn't look like you did ever lock it
But perhaps now turn this into a question and mark it as solved
