Solved Status LDAP integration?
-
Hi @nebulon I was curious for the status of the LDAP integration as mentioned in the Cloudron App Store since first publish date:
Currently Cloudron user-management is not possible due to LDAP requirements. We are working with FreeScout to get those solved, then the optional LDAP module can be purchased and used.When LDAP is solved, will SSO also work?
BTW thanks for having this app on Cloudron, we used it already for months on another host and last week migrating everything to the Cloudron app went fine.
Kind regards,
Marcel
-
Hi @imc67
this is on our todo list and will come hopefully this week. The paid plugin is already fixed by the Freescout devs and now needs re-evaluation.
Best,
Johannes -
@nebulon Any news on your latest LDAP/freescout tests?
-
I am debugging this right now, but it seems that their LDAP plugin needs quite a bit of rewrite to support the Cloudron use-case.
In particular on Cloudron an app gets an ldap admin bind account allocated, which allows the app to list users. In FreeScout this bind/admin account needs to have the same DN (essentially LDAP term for namespace) as users. This is not the case on Cloudron to not mix users and app specific accounts.
I will provide them with feedback, but I am not too hopeful to get this resolved quickly.
-
@nebulon Ok, thanks for the feedback. Too sad, I had my hopes up this is just around the corner. Have a nice weekend!
-
@nebulon really curious what the status is?
-
Sorry there is still no success here. I am not a real php expert so this will require more time
-
@nebulon What's the exact error - I'd be more than happy to help
-
So there is still no possibility to get LDAP working within the Freescout App for Cloudron? I have Freescout installed within LAMP but want to switch to the Cloudron app because of automatic updates and user management within Cloudron.
Edit: Changelog for the LDAP module --> https://freescout.net/module/ldap/?changelog=1
-
@subven @nebulon @girish is there any news about the LDAP integration? It would be more than welcome as it is confusing for users to have a “non-synchronized” account for this much much used app.
-
@imc67 I bought the LDAP extension but had no luck because I used the LAMP 7.4 package that includes the Cloudron LDAP addon. Sadly the Freescout documentation says PHP 7.3 and below is required because of
ldap_control_paged_result()
I will keep testing with the Freescout app and report back. -
I took another look at the ldap plugin more in-depth and after much debugging, I managed to get it to work in a hackish way. I don't fully understand all the code paths yet, but I reached out to the upstream devs again to hopefully get this sorted out in a proper way.
I will keep this thread updated on the progress.
-
@nebulon haha okay then you were faster than me. I cloned your ldap branch and started testing two days ago. Thank you for the commitment and the effort!
-
We managed to come up with a fix and they have released a new LDAP plugin already which is now compatible.
I am currently fixing up the autoconfiguration and then we can enable optional LDAP support in the package. Of course though this is then a bit special, since installing the app with user management integration also means one has to purchase the FreeScout LDAP plugin afterwards.
I don't think we have any app in our library following that approach for the moment. -
@nebulon Do freescout plugins work with a license key? If so, is the idea to install with Cloudron authentication and then make the user put in license key for things to start working? Or is it that we cannot put the code at all in the docker image?
Also, the closest we have like this is Confluence.
-
@girish Yup, 32 varchar licence keys (as opposed to licence files).
-
@girish basically yes. You can only install an module if you have the license key for it. The env's used by an module can be stored in configuration files beforehand. Usage is therefore opt-in and does not affect normal cloudron users without a license.
I like their concept and price model very much and it was easy for me to buy a few (lifetime) module licenses.
-
Since I kind of got stuck eventually somewhere in the auth framework, of which I am no expert, we have provided the freescout team a Cloudron to be able to reproduce the login issue.
They have managed to fix this upstream, so I am trying to work out how we can test this with maybe a test license for package updates...once that is resolved we can finally push a package which supports LDAP
-
We have published a new app package now, which contains the LDAP fixes.
The app can be installed with cloudron usermanagement now, however that feature only works if the Freescout LDAP module is also purchased. Once it is activated, just restart the app and it should work.In order to use this, a fresh FreeScout instance has to be installed!
-
@nebulon this is very good news! Do you have any advice how to migrate an existing app?
-
Unfortunately not really. I guess you could try to update your existing, then install a new instance and import a backup from the other into that.
I am not sure though what really happens if user account emails would clash between old and LDAP users in Freescout. -
@nebulon would be great to migrate our freescout instance also!
-
@girish said in Status LDAP integration?:
@nebulon would be great to migrate our freescout instance also!
I think I wait with ours until you have experienced
-
Alright, we managed to migrate our own instance now. Freescout matches users by email, so it would merge the user profiles from LDAP and built-in. The process is as follows:
- update your current instance to latest version
- install LDAP module and activate on old version (if not done already, this can also be done later but since the license key does not work multiple times, this is the safer option)
- create a fresh backup after LDAP module activation
- Install a fresh FreeScout app instance on your Cloudron
- Import the latest backup of your old installation into this app
- Login to new app and verify things are working
- You can now uninstall the old app instance and probably relocate the new one to the old domain
-
@nebulon this is as usual excellent news and way of working in Cloudron!
Tomorrow morning I’ll migrate two instances!
-
Would the 2FA carry over through LDAP if i switch my freescout instance over to the new version or do I also need to get the freescout 2FA module?
