Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    LDAP/AD Server

    Feature Requests
    auth
    8
    14
    232
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Trankery last edited by girish

      Hello.

      I would really love to see an LDAP Server be integrated into Cloudron, where Users can either be selected from Cloudron, or created independently.

      1 Reply Last reply Reply Quote 8
      • nebulon
        nebulon Staff last edited by

        Cloudron already comes with an LDAP server built-in, however it is only exposed to the apps installed. More information on how to use it with apps can be found at https://cloudron.io/documentation/custom-apps/addons/#ldap

        Is this what you were looking for?

        T 1 Reply Last reply Reply Quote 1
        • T
          Trankery @nebulon last edited by

          @nebulon I'm looking for an LDAP Server that works outside of cloudron too, or at least an option to manage the users on it.

          1 Reply Last reply Reply Quote 0
          • nebulon
            nebulon Staff last edited by

            I see, that is indeed then basically a separate app. Lets see if others are interested as well and we can discuss that here then.

            1 Reply Last reply Reply Quote 3
            • yusf
              yusf last edited by yusf

              I’d be interested in connecting external services to the Cloudron LDAP! šŸ–šŸ˜ƒ

              1 Reply Last reply Reply Quote 2
              • N
                NCKNE last edited by NCKNE

                An LDAP server would be great. I would vote for an identity provider (with LDAP, Oauth, etc.)!
                I think @jimcavoli is already working one something along these lines: https://forum.cloudron.io/topic/2320/scaling-high-availability-cloudron-setup/5

                1 Reply Last reply Reply Quote 4
                • imc67
                  imc67 last edited by imc67

                  It would be extremely convenient to have Cloudron as a LDAP server (app) and contains "the one and only truth" about usermanagement (all users/groups etc) so external systems (like local NAS) can make use of it.

                  Is that feasible, easy to do, safe ...?

                  1 Reply Last reply Reply Quote 3
                  • yusf
                    yusf last edited by

                    I know @murgero prototyped an LDAP-app a while back.

                    1 Reply Last reply Reply Quote 1
                    • girish
                      girish Staff last edited by

                      @imc67 Yes, agreed. we will investigate this as part of our roadmap for next release.

                      1 Reply Last reply Reply Quote 5
                      • nebulon
                        nebulon Staff last edited by

                        Some more info about this at https://forum.cloudron.io/topic/2559/cloudron-ldap-access-for-external-apps/7 lets discuss further in this thread.

                        Both concepts are possible, either expose the built-in ldap server or provide an app, which exposes the ldap functionality. Not sure which ones is better or worse for which use-cases.

                        yusf 1 Reply Last reply Reply Quote 4
                        • yusf
                          yusf @nebulon last edited by

                          @nebulon I guess one feature of an app based approach can take advantage of the app level access controls, so that the external use of the LDAP easily can be limited to certain groups and users.

                          1 Reply Last reply Reply Quote 2
                          • nebulon
                            nebulon Staff last edited by

                            That is a good point. In that case the app could also contain a small UI to configure ldap admin bind credentials for searches I guess.

                            1 Reply Last reply Reply Quote 2
                            • alexanderkings
                              alexanderkings last edited by

                              Hello, I have been redirected from a support email...

                              I think my concern is similar to that of other users who need this feature.

                              Looking on github i found this:
                              https://github.com/mitchellurgero/cloudron-ldap-proxy

                              Security Warnings
                              THIS CAN POTENTIALLY EXPOSE YOUR CLOUDRON'S INTERNAL LDAP SERVER TO THE WORLD. DO NOT USE THIS APP IN PRODUCTION IN ANY WAY!!!!

                              I have not tried it yet, but think that with some precautions it can be implemented...

                              iamthefij 1 Reply Last reply Reply Quote 0
                              • iamthefij
                                iamthefij App Dev @alexanderkings last edited by iamthefij

                                @alexanderkings I haven't finished the step of migrating this to a Cloudron app, but I've been using mole to securely forward ports between networks using SSH Private/Public keys. My Docker implementation is Dockamole.

                                I'm using it already outside of Cloudron to allow my VPS to scrape metrics generated on my home NAS.

                                The workflow would require a Server container running on Cloudron and then a Client container running on whatever machine you'd like to access the forwarded port. All services on that machine access the service through the local container and it's forwarded to the server container.

                                Like I said... I haven't gotten it running on Cloudron yet though.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post