Another Cloudron as the external LDAP directory
-
Hi, could someone please advise how to connect two Cloudron installations. Use another Cloudron as an external LDAP directory?
I mean if I understood correctly, users from Cloudron 2 could use applications from Cloudron 1?
In the configuration I added the ldaps address of Cloudron1 and added the password, but the connection ends with an error
Response timeout
The instructions say to remember to add Cloudron to the whitelist. Do I have to add Cloudroun somewhere on Clodron2???
I'm so sorry for asking, but I can't seem to get it to move. Thank you very much for the information and advice. -
@archos Something like this:
- Make Cloudron 1, the Directory server - https://docs.cloudron.io/user-management/#directory-server . You have to put the IPv4 and IPv6 addresses of Cloudron 2 in the allow list.
- In Cloudron 2, enable Cloudron external directory connector - https://docs.cloudron.io/user-management/#cloudron (similar to your screenshots).
This allows you to manage users in Cloudron 1 . The users can log in to Cloudron 2 and use the apps installed in Cloudron 2 (depending on how you have given access).
-
@girish Hi thank you very much for the information and the quick reply. I tried connecting I think it worked, but the nextcloud sync client and email stopped working for me. I tried disabling the connection and restarting the server with Cloudron 1. I still can't get into Nexctloud and email. I'm trying to restore Nextcloud from backup. I guess there are some ip addresses left hanging somewhere, I don't know what's wrong.
-
@girish Now I can't even log into Nextcloud, when I try to log in it says internal server error
Isn't it somewhere in the Ldap settings?=> Healtheck error: Error: connect ECONNREFUSED 172.x.xx:80 Dec 09 18:30:06=> Healtheck error: Error: connect ECONNREFUSED 172.xxxx:80 Dec 09 18:30:06=> Healtheck error: Error: connect ECONNREFUSED 172.xxxx:80 Dec 09 18:30:09Nextcloud is already latest version Dec 09 18:30:10=> Healtheck error: Error: connect ECONNREFUSED 172.xxxx3:80 Dec 09 18:30:12All tables already up to date! Dec 09 18:30:14.htaccess has been updated Dec 09 18:30:14==> Setting up LDAP integration Dec 09 18:30:15user_ldap already enabled Dec 09 18:30:16Config value ldap_host for app user_ldap set to ldap://172.18.0.1 Dec 09 18:30:18Config value ldap_port for app user_ldap set to 3002 Dec 09 18:30:19Config value ldap_base for app user_ldap set to ou=users,dc=cloudron Dec 09 18:30:20Config value ldap_base_users for app user_ldap set to ou=users,dc=cloudron Dec 09 18:30:20=> Healtheck error: Error: connect ECONNREFUSED 172.xxxx:80 Dec 09 18:30:21Config value ldap_base_groups for app user_ldap set to ou=groups,dc=cloudron Dec 09 18:30:22Config value ldap_email_attr for app user_ldap set to mail Dec 09 18:30:24Config value ldap_loginfilter_email for app user_ldap set to 1 Dec 09 18:30:25Config value ldap_loginfilter_username for app user_ldap set to 1 Dec 09 18:30:25Config value ldap_userfilter_objectclass for app user_ldap set to user Dec 09 18:30:26Config value ldap_configuration_active for app user_ldap set to 1 Dec 09 18:30:27Config value ldap_display_name for app user_ldap set to displayname Dec 09 18:30:28Config value ldap_userlist_filter for app user_ldap set to (|(objectclass=user)) Dec 09 18:30:29Config value ldap_login_filter for app user_ldap set to (&(objectclass=user)(|(username=%uid)(mail=%uid))) Dec 09 18:30:30Config value ldap_attributes_for_user_search for app user_ldap set to displayName Dec 09 18:30:30=> Healtheck error: Error: connect ECONNREFUSED 172.xxxx:80 Dec 09 18:30:30mail Dec 09 18:30:31Config value ldap_expert_username_attr for app user_ldap set to username Dec 09 18:30:32Config value ldap_expert_uuid_group_attr for app user_ldap set to cn Dec 09 18:30:33Config value ldap_expert_uuid_user_attr for app user_ldap set to username Dec 09 18:30:33Config value ldap_group_member_assoc_attribute for app user_ldap set to memberUid Dec 09 18:30:35Check indices of the share table. Dec 09 18:30:36Check indices of the calendarobjects_props table. Dec 09 18:30:36Check indices of the cards table. Dec 09 18:30:36Check indices of the cards_properties table. Dec 09 18:30:36Check indices of the filecache table. Dec 09 18:30:36Check indices of the login_flow_v2 table. Dec 09 18:30:36Check indices of the oc_direct_edit table. Dec 09 18:30:36Check indices of the oc_jobs table. Dec 09 18:30:36Check indices of the oc_mounts table.
-
-
@archos err, my bad. I didn't see your earlier comment on the sync crashing. Can you see the logs as to why it crashed? The logs button next to it.
Also, is nextcloud on cloudron 1 or 2?
Are you just trying to roll things back at this point?
-
@girish It's Cloudron 2 I tried restoring Nextcloud from backup but same problem. The only thing in the log is
Dec 09 17:46:31box:taskworker Starting task 8319. Logs are at /home/yellowtent/platformdata/logs/tasks/8319.log
Dec 09 17:46:31box:tasks update 8319: {"percent":10,"message":"Starting ldap user sync"}
Yes I just wanted to go back by presetting Ldap. I selected Disabled in the configuration and saved.
Nextcloud and email stopped working when I started the External Directory sync.
I thought I would just disable the external directory and everything would be ok.Now I've noticed that it's probably only on my account. I can't reset 2FA and on my profile, it says This user is synced from the external LDAP directory. I created another super admin account, and there everything works without problems.
-
@archos Looks like it does half migration and still thinks the users are sourced from LDAP. In the Users page, there is a button called "Make Local" . if you click that, it becomes a local account again. If you don't have access to Cloudron dashboard at all, you can use "cloudron-support --admin-login" . This will give a one time username/password to login. Once you make all the users local, maybe you can reset their password.
-
-