Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. FreeScout
  3. LDAP Integration: Limit sync to groups selected in cloudron

LDAP Integration: Limit sync to groups selected in cloudron

Scheduled Pinned Locked Moved FreeScout
4 Posts 2 Posters 417 Views 2 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • im-fabianI Offline
    im-fabianI Offline
    im-fabian
    wrote on last edited by
    #1

    Hi,

    the auto provisioning of the LDAP-Sync of Freescout works like a charm. Nevertheless I would suggest that ldap sync is limited to the elegible groups which are selected within Cloudron.

    This would require the field DNs and Filters within Freescout to be set to a value like the following instead of the default:

    ou=users,dc=cloudron(memberof=cn=GROUPNAME,ou=groups,dc=cloudron)
    ou=users,dc=cloudron(memberof=cn=GROUPNAME,ou=groups,dc=cloudron)

    At this point it comes in handy that freescout accepts multiple lines of filters, so there can be one line for each group selected within the Cloudron backend.

    This change is needed for the following reasons:

    • Cloudron overwrites this setting from time to time – so it cant' be changes manually.
    • Reduction of attack surface – if only a small part of an organization needs the ticket system not everybody should have an account. Mind authenticated exploits.
    • Order: Many unneeded Users within Freescout make it confusing.

    I would be happy if one feels like implementing this 🙂

    girishG 1 Reply Last reply
    1
    • im-fabianI im-fabian

      Hi,

      the auto provisioning of the LDAP-Sync of Freescout works like a charm. Nevertheless I would suggest that ldap sync is limited to the elegible groups which are selected within Cloudron.

      This would require the field DNs and Filters within Freescout to be set to a value like the following instead of the default:

      ou=users,dc=cloudron(memberof=cn=GROUPNAME,ou=groups,dc=cloudron)
      ou=users,dc=cloudron(memberof=cn=GROUPNAME,ou=groups,dc=cloudron)

      At this point it comes in handy that freescout accepts multiple lines of filters, so there can be one line for each group selected within the Cloudron backend.

      This change is needed for the following reasons:

      • Cloudron overwrites this setting from time to time – so it cant' be changes manually.
      • Reduction of attack surface – if only a small part of an organization needs the ticket system not everybody should have an account. Mind authenticated exploits.
      • Order: Many unneeded Users within Freescout make it confusing.

      I would be happy if one feels like implementing this 🙂

      girishG Offline
      girishG Offline
      girish
      Staff
      wrote on last edited by
      #2

      @im-fabian said in LDAP Integration: Limit sync to groups selected in cloudron:

      Nevertheless I would suggest that ldap sync is limited to the elegible groups which are selected within Cloudron.

      This should already be the case.

      instead of the default:

      ou=users,dc=cloudron(memberof=cn=GROUPNAME,ou=groups,dc=cloudron)

      Cloudron doesn't configure group sync in any package. Could this be something that you set up on your own?

      im-fabianI 1 Reply Last reply
      0
      • girishG girish

        @im-fabian said in LDAP Integration: Limit sync to groups selected in cloudron:

        Nevertheless I would suggest that ldap sync is limited to the elegible groups which are selected within Cloudron.

        This should already be the case.

        instead of the default:

        ou=users,dc=cloudron(memberof=cn=GROUPNAME,ou=groups,dc=cloudron)

        Cloudron doesn't configure group sync in any package. Could this be something that you set up on your own?

        im-fabianI Offline
        im-fabianI Offline
        im-fabian
        wrote on last edited by
        #3

        @girish said in LDAP Integration: Limit sync to groups selected in cloudron:

        @im-fabian said in LDAP Integration: Limit sync to groups selected in cloudron:

        Nevertheless I would suggest that ldap sync is limited to the elegible groups which are selected within Cloudron.

        This should already be the case.

        Thanks, I can confirm this behaviour!

        I see that this is not a cloudron issue but a freescout one: Users which have been deleted within LDAP are not locked or deleted within freescout but just remain in the status of their latest sync.

        girishG 1 Reply Last reply
        1
        • im-fabianI im-fabian

          @girish said in LDAP Integration: Limit sync to groups selected in cloudron:

          @im-fabian said in LDAP Integration: Limit sync to groups selected in cloudron:

          Nevertheless I would suggest that ldap sync is limited to the elegible groups which are selected within Cloudron.

          This should already be the case.

          Thanks, I can confirm this behaviour!

          I see that this is not a cloudron issue but a freescout one: Users which have been deleted within LDAP are not locked or deleted within freescout but just remain in the status of their latest sync.

          girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by
          #4

          @im-fabian I think that behavior is fairly common in all apps. When users get removed from a directory, they don't get removed in the app itself on a sync. This is because there may be data specific to the user and (for the app) it's not clear what needs to be done . For example, maybe freescout has some tickets assigned to a delete user. What should it do? Assign to someone else/orphan them etc.

          1 Reply Last reply
          0
          Reply
          • Reply as topic
          Log in to reply
          • Oldest to Newest
          • Newest to Oldest
          • Most Votes


          • Login

          • Don't have an account? Register

          • Login or register to search.
          • First post
            Last post
          0
          • Categories
          • Recent
          • Tags
          • Popular
          • Bookmarks
          • Search