Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Migrate local Cloudron User to AD

Migrate local Cloudron User to AD

Scheduled Pinned Locked Moved Support
7 Posts 3 Posters 1.2k Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      M Offline
      manngobaum
      wrote on last edited by
      #1

      Hi,

      we implemented a test installation of Cloudron and were so excited that we are already using it with a bunch of useres as a live enviroment. Unfortunatly we missed to activate the AD sync in the beginning. Now are looking for a way to migrate the local Cloudron users and connect them with there AD pendants. Is there any chance for doing so?

      Best,
      Sven

      PS: Do you have plans for the nearer future to automate the AD/LDAP snyc?

      nebulonN fbartelsF 2 Replies Last reply
      0
      • M manngobaum

        Hi,

        we implemented a test installation of Cloudron and were so excited that we are already using it with a bunch of useres as a live enviroment. Unfortunatly we missed to activate the AD sync in the beginning. Now are looking for a way to migrate the local Cloudron users and connect them with there AD pendants. Is there any chance for doing so?

        Best,
        Sven

        PS: Do you have plans for the nearer future to automate the AD/LDAP snyc?

        nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #2

        @manngobaum currently there is no script or feature available to map those users in hindsight. Depending on how many you have there, it might be possible to fix those up in the database manually. But that is a bit involved and I guess should be done by us, I don't really know from the top of my head what all is required even.

        Maybe if there is more interest around that feature, we can just add it properly?

        M 1 Reply Last reply
        0
        • nebulonN nebulon

          @manngobaum currently there is no script or feature available to map those users in hindsight. Depending on how many you have there, it might be possible to fix those up in the database manually. But that is a bit involved and I guess should be done by us, I don't really know from the top of my head what all is required even.

          Maybe if there is more interest around that feature, we can just add it properly?

          M Offline
          M Offline
          manngobaum
          wrote on last edited by
          #3

          @nebulon Thank you for your fast response 🙂 We are talking about 21 users. It would be more than awesome if you could fix it in database.

          nebulonN 1 Reply Last reply
          0
          • M manngobaum

            @nebulon Thank you for your fast response 🙂 We are talking about 21 users. It would be more than awesome if you could fix it in database.

            nebulonN Offline
            nebulonN Offline
            nebulon
            Staff
            wrote on last edited by
            #4

            @manngobaum ok, I can look into this. Please send us a mail to support@cloudron.io with your dashboard domain and enable remote SSH for us, so i can take a direct look at the situation and can start working on a script which we may be then able to include in a later release to perform such tasks.

            1 Reply Last reply
            0
            • M manngobaum

              Hi,

              we implemented a test installation of Cloudron and were so excited that we are already using it with a bunch of useres as a live enviroment. Unfortunatly we missed to activate the AD sync in the beginning. Now are looking for a way to migrate the local Cloudron users and connect them with there AD pendants. Is there any chance for doing so?

              Best,
              Sven

              PS: Do you have plans for the nearer future to automate the AD/LDAP snyc?

              fbartelsF Offline
              fbartelsF Offline
              fbartels
              App Dev
              wrote on last edited by
              #5

              I have played with this scenario a while ago and came to the conclusion that as long as the usernames are the same only a single value in the Cloudron database needs to be updated. I documented this at https://forum.cloudron.io/topic/2189/ldap-ad-server/49?_=1630386173323

              nebulonN 1 Reply Last reply
              0
              • fbartelsF fbartels

                I have played with this scenario a while ago and came to the conclusion that as long as the usernames are the same only a single value in the Cloudron database needs to be updated. I documented this at https://forum.cloudron.io/topic/2189/ldap-ad-server/49?_=1630386173323

                nebulonN Offline
                nebulonN Offline
                nebulon
                Staff
                wrote on last edited by
                #6

                @fbartels thanks for sharing this, I must have overlooked your post there. I am just checking any side-effects, but it very much looks like what your investigation revealed about setting the source only and ignoring previously set password and such in the database. From that point on any display name and email changes should be synced as well.

                Since you invested some time on this already, do you think it is worth it to build some tool for such initial migration sync, which may allow selective changes, just so users don't have to tinker with the db itself?

                fbartelsF 1 Reply Last reply
                1
                • nebulonN nebulon

                  @fbartels thanks for sharing this, I must have overlooked your post there. I am just checking any side-effects, but it very much looks like what your investigation revealed about setting the source only and ignoring previously set password and such in the database. From that point on any display name and email changes should be synced as well.

                  Since you invested some time on this already, do you think it is worth it to build some tool for such initial migration sync, which may allow selective changes, just so users don't have to tinker with the db itself?

                  fbartelsF Offline
                  fbartelsF Offline
                  fbartels
                  App Dev
                  wrote on last edited by
                  #7

                  @nebulon no problem at all. The topic itself is quite large so individual bits are easy to miss.

                  A script could be a nice idea as most users will probably not be comfortable with doing sql updates manually. But such a script can probably turn into something complicated quite easily. The flow that immediately comes to mind would be doing in ldap server on the ldap backend and comparing it with the users that Cloudron already knows. Followed by the possibility to switch auth for any users that are primarily managed on Cloudron, but exist on the ldap side as well. Probably easier to do it in javascript than it would be in e.g. bash.

                  1 Reply Last reply
                  0
                  Reply
                  • Reply as topic
                  Log in to reply
                  • Oldest to Newest
                  • Newest to Oldest
                  • Most Votes


                    • Login

                    • Don't have an account? Register

                    • Login or register to search.
                    • First post
                      Last post
                    0
                    • Categories
                    • Recent
                    • Tags
                    • Popular
                    • Bookmarks
                    • Search