using Cloudron LDAP for authentication of external WordPress site
-
Hi,
first of all: I know, this might be outside the scope of cloudron support. I've want to use my cloudron als LDAP directory for an external Wordpress site. On this Wordpress, this Plugin is installed: https://plugins.miniorange.com/step-by-step-guide-for-wordpress-ldap-login-plugin
I've whitelisted the IP address of the external website in the user directory settings. Connection to the cloudron directory server works, but I keep getting this error:
Connection to LDAP server is Successful but unable to make authenticated bind to LDAP server. Make sure you have provided correct username or password.
The (free version of the) plugin does not allow my to put the bind secret anywhere. I assume, this might be the issue, but I have no idea how to solve that:
-
Hi @james,
I did not use
admin, instead, I used the credentials of a admin (and another non-admin) user of my Cloudron, since it should be present on the LDAP server, as the instructions state. I also tried the credentials of the Wordpress admin user. Didn't help.Miniorange's support suggested entering the Bind secret into the
Service Account Passwordfield, which also did not work.Here are screenshots of
- the
role mappingtab: https://snap.notizlab.de/1TMMdRHF - the
attribute mappingtab: https://snap.notizlab.de/jthpJyjx - the
login settings: https://snap.notizlab.de/XLtVcDNp
I guess they might not be very helpful in particular.
@David-0 the Service Account Username should be set to
cn=admin,ou=system,dc=cloudronand Service Account Password should be the Bind password.There are two separate LDAP servers - internal one and an external one. The external facing one can be authenticated against by the one and only "virtual admin user" i.e the admin CN above. Cloudron admin and Cloudron users don't have the permissions to search for other users in the external facing server.
- the
-
Hello @David-0
Related documentation: https://docs.cloudron.io/user-directory/#ldap-directory-server
SinceService Account Usernameis redacted I assume you did not useadminthere?Can you also share the other tabs configurations of
Role Mapping,Attribute MappingandLogin Settings? -
Hi @james,
I did not use
admin, instead, I used the credentials of a admin (and another non-admin) user of my Cloudron, since it should be present on the LDAP server, as the instructions state. I also tried the credentials of the Wordpress admin user. Didn't help.Miniorange's support suggested entering the Bind secret into the
Service Account Passwordfield, which also did not work.Here are screenshots of
- the
role mappingtab: https://snap.notizlab.de/1TMMdRHF - the
attribute mappingtab: https://snap.notizlab.de/jthpJyjx - the
login settings: https://snap.notizlab.de/XLtVcDNp
I guess they might not be very helpful in particular.
- the
-
Hi @james,
I did not use
admin, instead, I used the credentials of a admin (and another non-admin) user of my Cloudron, since it should be present on the LDAP server, as the instructions state. I also tried the credentials of the Wordpress admin user. Didn't help.Miniorange's support suggested entering the Bind secret into the
Service Account Passwordfield, which also did not work.Here are screenshots of
- the
role mappingtab: https://snap.notizlab.de/1TMMdRHF - the
attribute mappingtab: https://snap.notizlab.de/jthpJyjx - the
login settings: https://snap.notizlab.de/XLtVcDNp
I guess they might not be very helpful in particular.
@David-0 the Service Account Username should be set to
cn=admin,ou=system,dc=cloudronand Service Account Password should be the Bind password.There are two separate LDAP servers - internal one and an external one. The external facing one can be authenticated against by the one and only "virtual admin user" i.e the admin CN above. Cloudron admin and Cloudron users don't have the permissions to search for other users in the external facing server.
- the
-
D David 0 has marked this topic as solved
