Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

LDAP/AD Server

Scheduled Pinned Locked Moved Solved Feature Requests
auth
60 Posts 16 Posters 3.1k Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T Offline
    T Offline
    Trankery
    wrote on last edited by girish
    #1

    Hello.

    I would really love to see an LDAP Server be integrated into Cloudron, where Users can either be selected from Cloudron, or created independently.

    1 Reply Last reply
    11
  • nebulonN Offline
    nebulonN Offline
    nebulon Staff
    wrote on last edited by
    #2

    Cloudron already comes with an LDAP server built-in, however it is only exposed to the apps installed. More information on how to use it with apps can be found at https://cloudron.io/documentation/custom-apps/addons/#ldap

    Is this what you were looking for?

    T 1 Reply Last reply
    1
  • T Offline
    T Offline
    Trankery
    replied to nebulon on last edited by
    #3

    @nebulon I'm looking for an LDAP Server that works outside of cloudron too, or at least an option to manage the users on it.

    1 Reply Last reply
    0
  • nebulonN Offline
    nebulonN Offline
    nebulon Staff
    wrote on last edited by
    #4

    I see, that is indeed then basically a separate app. Lets see if others are interested as well and we can discuss that here then.

    1 Reply Last reply
    4
  • yusfY Offline
    yusfY Offline
    yusf
    wrote on last edited by yusf
    #5

    I’d be interested in connecting external services to the Cloudron LDAP! šŸ–šŸ˜ƒ

    1 Reply Last reply
    2
  • N Offline
    N Offline
    NCKNE
    wrote on last edited by NCKNE
    #6

    An LDAP server would be great. I would vote for an identity provider (with LDAP, Oauth, etc.)!
    I think @jimcavoli is already working one something along these lines: https://forum.cloudron.io/topic/2320/scaling-high-availability-cloudron-setup/5

    1 Reply Last reply
    5
  • imc67I Offline
    imc67I Offline
    imc67 translator
    wrote on last edited by imc67
    #7

    It would be extremely convenient to have Cloudron as a LDAP server (app) and contains "the one and only truth" about usermanagement (all users/groups etc) so external systems (like local NAS) can make use of it.

    Is that feasible, easy to do, safe ...?

    1 Reply Last reply
    3
  • yusfY Offline
    yusfY Offline
    yusf
    wrote on last edited by
    #8

    I know @murgero prototyped an LDAP-app a while back.

    1 Reply Last reply
    1
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #9

    @imc67 Yes, agreed. we will investigate this as part of our roadmap for next release.

    1 Reply Last reply
    5
  • nebulonN Offline
    nebulonN Offline
    nebulon Staff
    wrote on last edited by
    #10

    Some more info about this at https://forum.cloudron.io/topic/2559/cloudron-ldap-access-for-external-apps/7 lets discuss further in this thread.

    Both concepts are possible, either expose the built-in ldap server or provide an app, which exposes the ldap functionality. Not sure which ones is better or worse for which use-cases.

    yusfY 1 Reply Last reply
    4
  • yusfY Offline
    yusfY Offline
    yusf
    replied to nebulon on last edited by
    #11

    @nebulon I guess one feature of an app based approach can take advantage of the app level access controls, so that the external use of the LDAP easily can be limited to certain groups and users.

    1 Reply Last reply
    4
  • nebulonN Offline
    nebulonN Offline
    nebulon Staff
    wrote on last edited by
    #12

    That is a good point. In that case the app could also contain a small UI to configure ldap admin bind credentials for searches I guess.

    1 Reply Last reply
    4
  • alexanderkingsA Offline
    alexanderkingsA Offline
    alexanderkings
    wrote on last edited by
    #13

    Hello, I have been redirected from a support email...

    I think my concern is similar to that of other users who need this feature.

    Looking on github i found this:
    https://github.com/mitchellurgero/cloudron-ldap-proxy

    Security Warnings
    THIS CAN POTENTIALLY EXPOSE YOUR CLOUDRON'S INTERNAL LDAP SERVER TO THE WORLD. DO NOT USE THIS APP IN PRODUCTION IN ANY WAY!!!!

    I have not tried it yet, but think that with some precautions it can be implemented...

    iamthefijI 1 Reply Last reply
    0
  • iamthefijI Offline
    iamthefijI Offline
    iamthefij App Dev
    replied to alexanderkings on last edited by iamthefij
    #14

    @alexanderkings I haven't finished the step of migrating this to a Cloudron app, but I've been using mole to securely forward ports between networks using SSH Private/Public keys. My Docker implementation is Dockamole.

    I'm using it already outside of Cloudron to allow my VPS to scrape metrics generated on my home NAS.

    The workflow would require a Server container running on Cloudron and then a Client container running on whatever machine you'd like to access the forwarded port. All services on that machine access the service through the local container and it's forwarded to the server container.

    Like I said... I haven't gotten it running on Cloudron yet though.

    1 Reply Last reply
    0
  • F Offline
    F Offline
    friep2
    wrote on last edited by
    #15

    just came here to add my +1 for this. i'm currently looking into cloudron for our tech-focused NPO with over 1000 volunteers and it'd be great to have some (at least basic) LDAP server to integrate with "from the outside". we self-host some more specialized tools (partially other open source tools, partially self-developed) which are not on Cloudron - rightfully so - and it'd be super convenient if we could integrate with Cloudron's LDAP.
    The "one login for a lot of services" and permission management (certain apps can only be accessed by certain people) is definitely one of the main attractions of cloudron I see for us and it'd be great if this would be extensible to external apps. This would radically reduce the workload for us full-time employees: right now we have to add volunteers to 5+ different services if we want to properly onboard them.

    infogulchI 1 Reply Last reply
    2
  • infogulchI Offline
    infogulchI Offline
    infogulch
    replied to friep2 on last edited by infogulch
    #16

    @friep2 As a fellow regular user, could I ask you to elaborate a bit on why it would be inappropriate to package up the "open-source / self-developed" apps to run inside Cloudron directly? This is an honest question, I'm quite curious about how different people perceive the limits of Cloudron. I'm sure you have considered many different options for deployment.

    F 1 Reply Last reply
    1
  • ? Offline
    ? Offline
    A Former User
    wrote on last edited by
    #17

    LDAP to the world would be interesting. I could also see a usecase for something like a SAML provider to redirect apps to a cloudron instance for SSO.

    1 Reply Last reply
    1
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    wrote on last edited by marcusquinn
    #18

    Big šŸ‘ for this from me. What can we do to get this happening?

    First use would be with Unify apps and devices, so Cloudron could be a single source of logins, and single place to decommissions logins too for those moving on.

    We're not here for a long time - but we are here for a good time :)
    Jersey/UK
    Work & Ecommerce Advice: https://brandlight.org
    Personal & Software Tips: https://marcusquinn.com

    1 Reply Last reply
    1
  • ? Offline
    ? Offline
    A Former User
    wrote on last edited by
    #19

    I think the only way this could be better is adding support for custom external apps added to the dashboard (they just link out).

    1 Reply Last reply
    3
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    wrote on last edited by
    #20

    Just noting a link to a comment from @luckow on a similar post I made before seeing this one, with some alternative solution links: https://forum.cloudron.io/topic/4933/have-a-cloudron-instance-as-an-ldap-provider/6?_=1618906250553

    I think this thread has the right ultimate goal - but that might be something I have to investigate an intermediary solution for if this doesn't get on the roadmap.

    We're not here for a long time - but we are here for a good time :)
    Jersey/UK
    Work & Ecommerce Advice: https://brandlight.org
    Personal & Software Tips: https://marcusquinn.com

    1 Reply Last reply
    1

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.