EntraID / AzureAD LDAP wrapper
-
The topic has come up several times in the forum in the past: Is there an easy way to connect the Cloudron user directory to Microsoft Entra ID (formerly Azure AD) for a same signin scenario? Microsoft offers the Entra ID Domain Services with LDAP, but it involves a very complex and cost intensive setup.
I have been using the "Azure AD LDAP Wrapper" in the past which uses the Microsoft Graph API and provides an LDAP endpoint for Entra ID:
https://ahaenggli.github.io/AzureAD-LDAP-wrapper/installation/run-ldap-wrapper/The project is quite simple and easy to install using docker or nodejs directly. I am currently running it on a seperate server with firewall rules to allow only specific ip addresses to access the LDAP port. Now, wouldn't be great if this could run as a Cloudron app itself? If it was published on the app store, one would only need to provide the Azure App registration data in an env-file and could bind the Cloudron directory to a local (private) LDAP port on the same server.
Well, I am new to packaging apps for Cloudron and have no idea how to package an app without a web interface. Heath checks would need to check the LDAP port and not HTTP, etc. Is this even a scenario wanted by the @staff?
If so, I could give packaging a try and do some testing, but would need some pointers if this can/should be realized as an app within Cloudron as it would need to expose a custom LDAP port to the internal docker stack.
-
AD support seems to be something we should add directly to Cloudron's existing LDAP server, if this is deemed useful. Incidentally, Cloudron's ldap server is also based on ldapjs.
@joseph said in EntraID / AzureAD LDAP wrapper:
AD support seems to be something we should add directly to Cloudron's existing LDAP server, if this is deemed useful. Incidentally, Cloudron's ldap server is also based on ldapjs.
Entra ID / Azure AD is not LDAP… that’s why either a wrapper like above is needed or Cloudron could natively implement Entra ID support (as many other apps do) and connect it to the Cloudron internal directory.
-
@joseph said in EntraID / AzureAD LDAP wrapper:
AD support seems to be something we should add directly to Cloudron's existing LDAP server, if this is deemed useful. Incidentally, Cloudron's ldap server is also based on ldapjs.
Entra ID / Azure AD is not LDAP… that’s why either a wrapper like above is needed or Cloudron could natively implement Entra ID support (as many other apps do) and connect it to the Cloudron internal directory.
@NCKNE said in EntraID / AzureAD LDAP wrapper:
Entra ID / Azure AD is not LDAP
TIL
Had no clue, ignore my previous comment then. Just read about it a little more and it seems you need something called Azure AD DS per https://www.reddit.com/r/sysadmin/comments/120e71z/ldaps_with_azure_ad_tenant_bundled_with_office_365/ -
@NCKNE said in EntraID / AzureAD LDAP wrapper:
Entra ID / Azure AD is not LDAP
TIL
Had no clue, ignore my previous comment then. Just read about it a little more and it seems you need something called Azure AD DS per https://www.reddit.com/r/sysadmin/comments/120e71z/ldaps_with_azure_ad_tenant_bundled_with_office_365/@joseph said in EntraID / AzureAD LDAP wrapper:
@NCKNE said in EntraID / AzureAD LDAP wrapper:
Entra ID / Azure AD is not LDAP
TIL
Had no clue, ignore my previous comment then. Just read about it a little more and it seems you need something called Azure AD DS per https://www.reddit.com/r/sysadmin/comments/120e71z/ldaps_with_azure_ad_tenant_bundled_with_office_365/Yeah, but the Azure AD DS you mentioned is very complex and expensive (licensing costs). I just thought since the topic had come up a few time, native support of Entra ID / Azure AD might be something to consider for the future.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login