Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    LDAP/AD Server

    Feature Requests
    auth
    8
    14
    237
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • nebulon
      nebulon Staff last edited by

      I see, that is indeed then basically a separate app. Lets see if others are interested as well and we can discuss that here then.

      1 Reply Last reply Reply Quote 3
      • yusf
        yusf last edited by yusf

        I’d be interested in connecting external services to the Cloudron LDAP! šŸ–šŸ˜ƒ

        1 Reply Last reply Reply Quote 2
        • N
          NCKNE last edited by NCKNE

          An LDAP server would be great. I would vote for an identity provider (with LDAP, Oauth, etc.)!
          I think @jimcavoli is already working one something along these lines: https://forum.cloudron.io/topic/2320/scaling-high-availability-cloudron-setup/5

          1 Reply Last reply Reply Quote 4
          • imc67
            imc67 last edited by imc67

            It would be extremely convenient to have Cloudron as a LDAP server (app) and contains "the one and only truth" about usermanagement (all users/groups etc) so external systems (like local NAS) can make use of it.

            Is that feasible, easy to do, safe ...?

            1 Reply Last reply Reply Quote 3
            • yusf
              yusf last edited by

              I know @murgero prototyped an LDAP-app a while back.

              1 Reply Last reply Reply Quote 1
              • girish
                girish Staff last edited by

                @imc67 Yes, agreed. we will investigate this as part of our roadmap for next release.

                1 Reply Last reply Reply Quote 5
                • nebulon
                  nebulon Staff last edited by

                  Some more info about this at https://forum.cloudron.io/topic/2559/cloudron-ldap-access-for-external-apps/7 lets discuss further in this thread.

                  Both concepts are possible, either expose the built-in ldap server or provide an app, which exposes the ldap functionality. Not sure which ones is better or worse for which use-cases.

                  yusf 1 Reply Last reply Reply Quote 4
                  • yusf
                    yusf @nebulon last edited by

                    @nebulon I guess one feature of an app based approach can take advantage of the app level access controls, so that the external use of the LDAP easily can be limited to certain groups and users.

                    1 Reply Last reply Reply Quote 3
                    • nebulon
                      nebulon Staff last edited by

                      That is a good point. In that case the app could also contain a small UI to configure ldap admin bind credentials for searches I guess.

                      1 Reply Last reply Reply Quote 3
                      • alexanderkings
                        alexanderkings last edited by

                        Hello, I have been redirected from a support email...

                        I think my concern is similar to that of other users who need this feature.

                        Looking on github i found this:
                        https://github.com/mitchellurgero/cloudron-ldap-proxy

                        Security Warnings
                        THIS CAN POTENTIALLY EXPOSE YOUR CLOUDRON'S INTERNAL LDAP SERVER TO THE WORLD. DO NOT USE THIS APP IN PRODUCTION IN ANY WAY!!!!

                        I have not tried it yet, but think that with some precautions it can be implemented...

                        iamthefij 1 Reply Last reply Reply Quote 0
                        • iamthefij
                          iamthefij App Dev @alexanderkings last edited by iamthefij

                          @alexanderkings I haven't finished the step of migrating this to a Cloudron app, but I've been using mole to securely forward ports between networks using SSH Private/Public keys. My Docker implementation is Dockamole.

                          I'm using it already outside of Cloudron to allow my VPS to scrape metrics generated on my home NAS.

                          The workflow would require a Server container running on Cloudron and then a Client container running on whatever machine you'd like to access the forwarded port. All services on that machine access the service through the local container and it's forwarded to the server container.

                          Like I said... I haven't gotten it running on Cloudron yet though.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post