Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

LDAP/AD Server

Scheduled Pinned Locked Moved Solved Feature Requests
auth
60 Posts 16 Posters 3.1k Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • LonkleL Offline
    LonkleL Offline
    Lonkle
    replied to girish on last edited by
    #51

    @girish said in LDAP/AD Server:

    @robi said in LDAP/AD Server:

    VPN to Cloudron for LDAP is reasonable.

    I think that would then mean that the external app has to be in the VPN, no?

    I'll be releasing my VPN Client for Cloudron over summer if that helps. 😅

    1 Reply Last reply
    0
  • luckowL Offline
    luckowL Offline
    luckow translator
    replied to fbartels on last edited by
    #52

    @fbartels Top post. Thank you.
    One (maybe) last question: do you have a solution for the different allowed characters in UCS and Cloudron usernames? My idea is to have some kind of profile with only allowed characters on the UCS side. See https://docs.cloudron.io/user-management/#valid-usernames for characters allowed in Cloudron.

    Pronouns: he/him | Primary language: German

    fbartelsF 1 Reply Last reply
    1
  • fbartelsF Offline
    fbartelsF Offline
    fbartels App Dev
    replied to luckow on last edited by
    #53

    Thanks @luckow

    Yes, I have seen the question that @BrutalBirdie posted at https://help.univention.com/t/restrict-username-allowed-characters/17280 as well. But no, I am not aware of a way to limit characters with the ucs self registration.

    1 Reply Last reply
    3
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    wrote on last edited by
    #54

    Related: https://forum.cloudron.io/topic/5636/quite-urgent-accessing-cloudron-ldap-from-an-external-instance-of-espocrm

    We're not here for a long time - but we are here for a good time :)
    Jersey/UK
    Work & Ecommerce Advice: https://brandlight.org
    Personal & Software Tips: https://marcusquinn.com

    1 Reply Last reply
    0
  • fbartelsF Offline
    fbartelsF Offline
    fbartels App Dev
    wrote on last edited by fbartels
    #55

    Not sure if it was already mentioned here, but there is https://github.com/mitchellurgero/cloudron-ldap-proxy by @murgero. It's downside is however that the connection is not encrypted.

    A potential improvement over this would be to have a small app, that generates a custom ssl ca and serves its root cert over a small webserver. Then you use the same ca to provide a certificate to stunnel, which simply passes through the otherwise internal Cloudron ldap.

    Then at least the communication would be secured, but it may still be an idea to limit who can actually reach that port through your firewall.

    As a custom build this is quite easily doable, as an official app its probably too special.

    marcusquinnM 1 Reply Last reply
    0
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    replied to fbartels on last edited by
    #56

    @fbartels Thank you kindly! @vladimir-d is working on this issues, and we may try pulling in extra help too.

    All ideas are welcome as we are heads-deep in plugging the knock-on consequences if these still unsolved things.

    I wish I could find the time to show more people what they will get back from us in development investment, but I can't do any of these things while blocker issues have become day & night urgencies.

    We're not here for a long time - but we are here for a good time :)
    Jersey/UK
    Work & Ecommerce Advice: https://brandlight.org
    Personal & Software Tips: https://marcusquinn.com

    1 Reply Last reply
    0
  • robiR Offline
    robiR Offline
    robi
    wrote on last edited by
    #57

    It looks like my friends at Aporeto.com got acquired by PaloAlto Networks. They have an OSS projects called Trireme - https://github.com/aporeto-inc

    Trireme, an open-source library curated by Aporeto to provide cryptographic isolation for cloud-native applications. Trireme-lib is a Zero-Trust networking library that makes it possible to setup security policies and segment applications by enforcing end-to-end authentication and authorization without the need for complex control planes or IP/port-centric ACLs and east-west firewalls.

    Trireme-lib supports both containers and Linux processes as well user-based activation, and it allows security policy enforcement between any of these entities.

    A good tool for Cloudron as well as securing LDAP across machines.

    Life of sky tech

    robiR 1 Reply Last reply
    0
  • fbartelsF Offline
    fbartelsF Offline
    fbartels App Dev
    wrote on last edited by
    #58

    At my place of work we developed a small golang ldap server some months ago. I have spent some time this weekend packaging this project up for cloudron and also have included an openid connect provider.

    The ldap server is really simple, it basically takes an existing ldif as input and serves this out to any authenticated user. It does not even allow modifying items through e.g. ldapmodify, but requires the ldif on disk to be changed.

    LDAP and OpenID Connect Provider are part of the https://libregraph.github.io/ project.

    If someone is interested in trying out the app please send me a direct message.

    1 Reply Last reply
    1
  • robiR Offline
    robiR Offline
    robi
    replied to robi on last edited by
    #59

    @robi said in LDAP/AD Server:

    It looks like my friends at Aporeto.com got acquired by PaloAlto Networks. They have an OSS projects called Trireme - https://github.com/aporeto-inc

    I think this needs to be revisited for Cloudron 7+ to easily manage which app can talk to which by policy. /cc @staff

    Life of sky tech

    1 Reply Last reply
    0
  • marcusquinnM marcusquinn referenced this topic on
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    wrote on last edited by
    #60

    Sounds like this is now done and live with 7.1?

    • https://forum.cloudron.io/topic/6654/cloudron-7-1-released
    • https://blog.cloudron.io/cloudron-7-1-released/
    • https://docs.cloudron.io/user-management/#directory-server

    We're not here for a long time - but we are here for a good time :)
    Jersey/UK
    Work & Ecommerce Advice: https://brandlight.org
    Personal & Software Tips: https://marcusquinn.com

    1 Reply Last reply
    2

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.