Cloudron Forum

@fbartels thank you very much for this important point. In my answer I completely forgot to point out the potential pitfalls of already existing external apps. So @pbischoff in your requirements concept you should take a closer look at the needs of the external apps. The moment they need something specific like office printers, pictures, phone numbers .... you are lost with the built in LDAP directory server.

@girish Yeah, unfortunately won't work yet.
https://forum.cloudron.io/topic/8940/apps-with-openid-connect-provider-beta/13

@girish silly me sir I had my.domain proxy enabled when I turned off it works 🤣

@TomsFreitas an idea is to then check cloudron server logs.

LDAP logs are suppressed by default. For this:

Edit /etc/systemd/system/box.service Find the Environment= line. Change "DEBUG=box:*,connect-lastmile,-box:ldap" to "DEBUG=box:*,connect-lastmile" systemctl daemon-reload systemctl restart box

Now, maybe something appears in /home/yellowtent/platformdata/logs/box.log .

@sufian-mughal Currently, this is not possible. This is because LDAP has no standard way of passing through LDAP information.

That said, usually apps are able to enable 2FA independently of LDAP. This means that users manage 2FA inside the app instead of Cloudron - it works this way for GitLab/Gitea etc for example.

For matrix, upstream is still working on it - https://github.com/matrix-org/matrix-spec-proposals/pull/1998

@girish That works great! Many many thanks for you prompt support!

@girish 👍🏻

Without being able to debug this further, for a start, the filter seems wrong. The Cloudron provided user records would have the following objectClass attribute:

objectclass: [ 'user', 'inetorgperson', 'person' ]

so use one of those three entries there. Also Cloudron has no attribute uidNumber maybe using entryuuid works there though.

That's great! Thank you very much.

@nebulon
I'm totally sure that I have enabled the directory server in Cloudron, not sure where it's stuck...

Maybe I will try and give it a go to package Authelia as an app in Cloudron. Only thing is i have zero experience with that, so it's going to be a learning curve....

Maybe @Jan-Macenka can help/assist me with that?

@nebulon Issues solved it was my issues by doing wrong LDAP Filter.

@nebulon can you maybe have a look into the other thread, I am a bit stuck but it would be important to get this right for a porject of mine.

@girish wait ... true 🙂
6a136902-e13f-47d9-b8be-68193a8688b4-image.png

@girish
ok, thanks I will open a ticket with them for a MySQL issue with pixeldroid.

@girish happy to report that this is working like a charm, thanks a lot!

@nebulon Would be great to see this in Cloudron 8 🙂 In combination with Nextcloud Group Folders this would give any admin a huge flexibilty in terms of rights and role models.

@nebulon

the only thing I changed, after it was not working, was the servername in the general-settings, from an UUID to the fqdn, in the hope it would be better. that's all.

sorry, I double thought of that also, but no, I haven't. I remember that after creating the instance I did set up my usual admin account & then had to add my personal user-account manually, I assumed there was no LDAP-connection (like wallabag), but did'nt check on it due to timely-restrictions. (means also NO time to fiddle with the setup)
only after I added more users to it I checked for an LDAP-plugin and saw it is existent, but was not working. also - due to timely-restirctions - not investigating why it didn't work out of the box.
since I had some time now, I started investigating, especially, since I had to create more and more user-accounts all way long, as the provided media gained on interests.

after 35 years of systemadministration, I know, sometimes unexplainable things happen – it's just not always straight forward as it everyone would suspect.

hab's gut derweil
cheers
günter

What I would like to do is that if I try to login to a new WP installation with the cloudron super-administrator user, an administrator user will be automatically generated in WP with my Cloudron access data. And if I enter as a common Cloudron user in WP, a user will be generated with their Cloudron access data with the role that I configure in the ldap plugin.

In this way, if I also changed my login details in Cloudron, it would also change on all WP sites.

This would also be good with the rest of the applications. It would simplify things a lot.

This is possible?

@briankb-0 NodeBB FTforumW. 👍