Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. External Provider (OIDC / OAuth) - Google Worspace

External Provider (OIDC / OAuth) - Google Worspace

Scheduled Pinned Locked Moved Unsolved Support
oidc
3 Posts 2 Posters 23 Views 2 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L Online
    L Online
    Lomeu
    wrote last edited by joseph
    #1

    Hello everyone.

    I'm trying to set up OpenID Connect (OIDC) so that my company's Google Workspace users can log into Cloudrun (and consequently services like Open WebUI) using OAuth, SSO, or any other method.

    I searched extensively, and ChatGPT led me to the paid plan, but even then, the information it says would appear: an area to configure External Provider (OIDC/OAuth2).

    Does anyone know what I can do? Is it possible to do this type of authentication with Google Workspace?

    My version is v8.3.2 (Ubuntu 22.04.5 LTS).
    Thank you!

    1 Reply Last reply
    1
    • jamesJ Offline
      jamesJ Offline
      james
      Staff
      wrote last edited by
      #2

      Hello @Lomeu and welcome to the Cloudron forum.

      Could it be you are looking for this: https://docs.cloudron.io/user-directory/#external-directory-connector

      1 Reply Last reply
      2
      • L Online
        L Online
        Lomeu
        wrote last edited by
        #3

        Hi James. I've been through this documentation and reread it at least a dozen times to figure out where I might be going wrong.

        In User Directory (/#/user-directory), there's a Provider referenced as "Other."

        I'm using:

        • Server URL: ldaps://ldap.google.com:636 or ldaps://ldap.google.com
        • Base DN: dc=mydomain,dc=com,dc=br
        • Filter: (objectClass=person)
        • Username field: uid
        • Bind DN/Username (optional): credential-generated-by-google
        • Bind Password (optional): psw-generated-by-google

        When I save without the "Accept Self-signed certificate" option checked, I get the error "self-signed certificate."

        When I save with the "Accept Self-signed certificate" option checked, I get "Incorrect bind password."

        From everything I've read, it seems that for Google Workspace, I would need to make Cloudron use the certificate generated by Google Workspace LDAP. From the server where Cloudron is installed, I can perform tests and listings using the command

        LDAPTLS_CERT=/root/cert.crt \
LDAPTLS_KEY=/root/cert.key \
ldapsearch -x \
-H ldaps://ldap.google.com:636 \
-D "credential-generated-by-google" \
-w 'psw-generated-by-google' \
-b dc=mydomain,dc=com,dc=br \
'(objectClass=person)' uid

        The problem is that without the certificate, the integration doesn't work. That's what I understand is happening with Cloudron. Does that make sense? Can I force Cloudron to use the Google-generated certificate? Is there another way to do this integration that I haven't figured out yet?

        Best regards

        1 Reply Last reply
        0
        Reply
        • Reply as topic
        Log in to reply
        • Oldest to Newest
        • Newest to Oldest
        • Most Votes

        • Login
        • Don't have an account? Register
        • Login or register to search.
        • First post
          Last post
        0
        • Categories
        • Recent
        • Tags
        • Popular
        • Bookmarks
        • Search