Migrate local Cloudron User to AD
we implemented a test installation of Cloudron and were so excited that we are already using it with a bunch of useres as a live enviroment. Unfortunatly we missed to activate the AD sync in the beginning. Now are looking for a way to migrate the local Cloudron users and connect them with there AD pendants. Is there any chance for doing so?
PS: Do you have plans for the nearer future to automate the AD/LDAP snyc?
@manngobaum currently there is no script or feature available to map those users in hindsight. Depending on how many you have there, it might be possible to fix those up in the database manually. But that is a bit involved and I guess should be done by us, I don't really know from the top of my head what all is required even.
Maybe if there is more interest around that feature, we can just add it properly?
@nebulon Thank you for your fast response We are talking about 21 users. It would be more than awesome if you could fix it in database.
I have played with this scenario a while ago and came to the conclusion that as long as the usernames are the same only a single value in the Cloudron database needs to be updated. I documented this at https://forum.cloudron.io/topic/2189/ldap-ad-server/49?_=1630386173323
@fbartels thanks for sharing this, I must have overlooked your post there. I am just checking any side-effects, but it very much looks like what your investigation revealed about setting the
sourceonly and ignoring previously set password and such in the database. From that point on any display name and email changes should be synced as well.
Since you invested some time on this already, do you think it is worth it to build some tool for such initial migration sync, which may allow selective changes, just so users don't have to tinker with the db itself?
@nebulon no problem at all. The topic itself is quite large so individual bits are easy to miss.