Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


SOLVED Is there a way to make LDAP mandatory on the Cloudron App Store?


  • You see, I finally finished both the front (login) and back end (Change Connected Server) of my VPN Client. Turns out, baking in LDAP login support wasn't just easier than building my own. It was necessary. Because the container has to do a soft-restart to switch VPN connections, it takes no more than a few seconds. But it needs a real access token. I get that via the LDAP integration (using /api/v1/login with the already POSTed data to grab one). So, in my VPN Client's case it's a requirement to get the access token for the app to even function. So, is there a way to require it on your store?

    Ignore the rant:
    And those tokens last a year; should they last a year? Not that a year's a bad amount of time, but I imagine there are use cases that don't need one lasting so long (for my use case it's perfect tho).

    By the way, do these special type of api tokens (collected from the /api/v1/login endpoint ever get revoked before their year expiration date? Since these are "logged in" tokens? Do they not work when the user is logged out - or do they act just like regular tokens for my purposes? I am just wondering about how a Cloudron admin revokes them since that would affect my app?

    Edit: Nevermind, I just found in my profile that I have 19 login tokens I can choose to revoke all at once. 😂 So I understand the login tokens now, that works for me. I would just need to test if a token is revoked on attempted soft-restart and have the user forcefully logged out to log back in if so.

  • App Dev

    @Lonk I'm not sure I understand the question.

    As long as your app has the LDAP addon, you're good. You just have to not include the optionalSSO entry in manifest https://docs.cloudron.io/custom-apps/manifest/#optionalsso

  • Staff

    @mehdi pointed to the correct option and is spot on. So just use ldap addon and not set optionalSso in the manifest.


  • @nebulon said in Is there a way to make LDAP mandatory on the Cloudron App Store?:

    @mehdi pointed to the correct option and is spot on. So just use ldap addon and not set optionalSso in the manifest.

    So that will force LDAP; perfect! I was hoping there was already a way to make it mandatory, and the best part is, it already is since I didn't even know about the optionalSso variable.

    Thanks guys!


  • @mehdi said in Is there a way to make LDAP mandatory on the Cloudron App Store?:

    @Lonk I'm not sure I understand the question.

    As long as your app has the LDAP addon, you're good. You just have to not include the optionalSSO entry in manifest https://docs.cloudron.io/custom-apps/manifest/#optionalsso

    You answered correctly! Thanks.