LDAP/AD Server
-
Hello.
I would really love to see an LDAP Server be integrated into Cloudron, where Users can either be selected from Cloudron, or created independently.
-
Cloudron already comes with an LDAP server built-in, however it is only exposed to the apps installed. More information on how to use it with apps can be found at https://cloudron.io/documentation/custom-apps/addons/#ldap
Is this what you were looking for?
-
@nebulon I'm looking for an LDAP Server that works outside of cloudron too, or at least an option to manage the users on it.
-
I see, that is indeed then basically a separate app. Lets see if others are interested as well and we can discuss that here then.
-
Iād be interested in connecting external services to the Cloudron LDAP!
-
An LDAP server would be great. I would vote for an identity provider (with LDAP, Oauth, etc.)!
I think @jimcavoli is already working one something along these lines: https://forum.cloudron.io/topic/2320/scaling-high-availability-cloudron-setup/5 -
It would be extremely convenient to have Cloudron as a LDAP server (app) and contains "the one and only truth" about usermanagement (all users/groups etc) so external systems (like local NAS) can make use of it.
Is that feasible, easy to do, safe ...?
-
I know @murgero prototyped an LDAP-app a while back.
-
@imc67 Yes, agreed. we will investigate this as part of our roadmap for next release.
-
Some more info about this at https://forum.cloudron.io/topic/2559/cloudron-ldap-access-for-external-apps/7 lets discuss further in this thread.
Both concepts are possible, either expose the built-in ldap server or provide an app, which exposes the ldap functionality. Not sure which ones is better or worse for which use-cases.
-
@nebulon I guess one feature of an app based approach can take advantage of the app level access controls, so that the external use of the LDAP easily can be limited to certain groups and users.
-
That is a good point. In that case the app could also contain a small UI to configure ldap admin bind credentials for searches I guess.
-
Hello, I have been redirected from a support email...
I think my concern is similar to that of other users who need this feature.
Looking on github i found this:
https://github.com/mitchellurgero/cloudron-ldap-proxySecurity Warnings
THIS CAN POTENTIALLY EXPOSE YOUR CLOUDRON'S INTERNAL LDAP SERVER TO THE WORLD. DO NOT USE THIS APP IN PRODUCTION IN ANY WAY!!!!I have not tried it yet, but think that with some precautions it can be implemented...
-
@alexanderkings I haven't finished the step of migrating this to a Cloudron app, but I've been using mole to securely forward ports between networks using SSH Private/Public keys. My Docker implementation is Dockamole.
I'm using it already outside of Cloudron to allow my VPS to scrape metrics generated on my home NAS.
The workflow would require a Server container running on Cloudron and then a Client container running on whatever machine you'd like to access the forwarded port. All services on that machine access the service through the local container and it's forwarded to the server container.
Like I said... I haven't gotten it running on Cloudron yet though.
