Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Feature Requests
  3. Cloudron to Cloudron user directory partial sync possible?

Cloudron to Cloudron user directory partial sync possible?

Scheduled Pinned Locked Moved Feature Requests
feature-requestuser directory
6 Posts 4 Posters 67 Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N Offline
    N Offline
    Neiluj
    wrote last edited by Neiluj
    #1

    Hi,

    Let's consider this:

    • Cloudron Server A is the IdP, home to the user directory, the Directory Server
    • Cloudron Server B is syncing the user directory with Cloudron Server A via the External Directory Connector.

    Question: Is there a way to sync only part of the user directory such as only users of a certain group? Maybe by adding some arguments to the Server URL?

    While not massively critical, this would:

    • reduce maintenance (unnecessary overhead of deleting old users etc..)
    • reduce vector of potential attack on cloudron server B

    Thanks a lot!

    1 Reply Last reply
    2
    • robiR Offline
      robiR Offline
      robi
      wrote last edited by
      #2

      This is a great idea, as it would help with customers who need to expand to another cloudron or have an large app necessitating a separate instance.

      Syncing only a subtree like a group or user would totally be a great use case.

      Conscious tech

      1 Reply Last reply
      2
      • jamesJ Offline
        jamesJ Offline
        james
        Staff
        wrote last edited by
        #3

        Hello @Neiluj
        This is indeed a good idea.
        I am moving this topic to @feature-requests

        1 Reply Last reply
        2
        • jamesJ james moved this topic from Discuss
        • girishG Do not disturb
          girishG Do not disturb
          girish
          Staff
          wrote last edited by girish
          #4

          Think the use case is valid, but moving forward we will be focusing on OIDC integration. I think your feature request can be reworded to say: Cloudron A is the OIDC provider and Cloudron B is configured to login with Cloudron A as the identity provider. Further, Cloudron B can have rules specifying who can login (by some policy specification).

          OIDC is more secure and auditable but this is also driven by the fact that the only ldap module for nodejs got deprecated - https://github.com/ldapjs/node-ldapjs .

          N 1 Reply Last reply
          0
          • girishG girish

            Think the use case is valid, but moving forward we will be focusing on OIDC integration. I think your feature request can be reworded to say: Cloudron A is the OIDC provider and Cloudron B is configured to login with Cloudron A as the identity provider. Further, Cloudron B can have rules specifying who can login (by some policy specification).

            OIDC is more secure and auditable but this is also driven by the fact that the only ldap module for nodejs got deprecated - https://github.com/ldapjs/node-ldapjs .

            N Offline
            N Offline
            Neiluj
            wrote last edited by
            #5

            @girish This sounds very good, but rather like a major change/update (or maybe not?) - Only question remains, and I know that this might be challenging, especially having v9 just out: when is the Cloudron team likely to look into this ? Is this something planned for a specific Cloudron version?

            No worries if you cannot give an indications - I can also easily understand.

            1 Reply Last reply
            0
            • girishG Do not disturb
              girishG Do not disturb
              girish
              Staff
              wrote last edited by
              #6

              @Neiluj sometime soon 😄 but yeah, I don't have a timeline yet .

              Also, a note about your initial post, if you mark users as inactive in Cloudron A, they won't sync to Cloudron B. Of course, they can't login to Cloudron A either.

              1 Reply Last reply
              1
              Reply
              • Reply as topic
              Log in to reply
              • Oldest to Newest
              • Newest to Oldest
              • Most Votes

              • Login
              • Don't have an account? Register
              • Login or register to search.
              • First post
                Last post
              0
              • Categories
              • Recent
              • Tags
              • Popular
              • Bookmarks
              • Search