Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Discuss
  3. availabilty of LDAP groups in apps

availabilty of LDAP groups in apps

Scheduled Pinned Locked Moved Discuss
ldap
8 Posts 3 Posters 1.7k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D Offline
    D Offline
    dima
    wrote on last edited by girish
    #1

    Hi,

    we try the integration of a whole organisation to cloudron apps.
    As we already have a rights structure in our active directory, we wish to use cloudron-ldap-groups in nextcloud.
    Hope the cloudron developers can make us happy 😉

    kind regards
    dirk

    nebulonN 1 Reply Last reply
    2
    • D dima

      Hi,

      we try the integration of a whole organisation to cloudron apps.
      As we already have a rights structure in our active directory, we wish to use cloudron-ldap-groups in nextcloud.
      Hope the cloudron developers can make us happy 😉

      kind regards
      dirk

      nebulonN Offline
      nebulonN Offline
      nebulon
      Staff
      wrote on last edited by
      #2

      Hi and welcome to the forum @dima

      There is some older entry here about this https://forum.cloudron.io/topic/1565/make-cloudron-groups-accessible-on-ldap?_=1632754454070

      The takeaway for the moment is, that groups are not exposed via LDAP, however some bits on Cloudron side have changed, regarding groups and roles, so maybe we can revisit this if we understand the use-case better.

      M 1 Reply Last reply
      1
      • nebulonN nebulon

        Hi and welcome to the forum @dima

        There is some older entry here about this https://forum.cloudron.io/topic/1565/make-cloudron-groups-accessible-on-ldap?_=1632754454070

        The takeaway for the moment is, that groups are not exposed via LDAP, however some bits on Cloudron side have changed, regarding groups and roles, so maybe we can revisit this if we understand the use-case better.

        M Offline
        M Offline
        manngobaum
        wrote on last edited by
        #3

        @nebulon As I understand exposing groups is possible since 7.0. How can we achieve this in Nextcloud?

        M 1 Reply Last reply
        0
        • M manngobaum

          @nebulon As I understand exposing groups is possible since 7.0. How can we achieve this in Nextcloud?

          M Offline
          M Offline
          manngobaum
          wrote on last edited by
          #4

          @manngobaum Ok, found it. It is necessary to reactivate everything in the Nextcloud LDAP Admin Backend. Unfortunatly it looks like only new users will be synced with group information.

          nebulonN 1 Reply Last reply
          0
          • M manngobaum

            @manngobaum Ok, found it. It is necessary to reactivate everything in the Nextcloud LDAP Admin Backend. Unfortunatly it looks like only new users will be synced with group information.

            nebulonN Offline
            nebulonN Offline
            nebulon
            Staff
            wrote on last edited by
            #5

            @manngobaum indeed it seems there is also no cli command available to fully sync those https://docs.nextcloud.com/server/23/admin_manual/configuration_server/occ_command.html#ldap-commands-label

            M 1 Reply Last reply
            1
            • nebulonN nebulon

              @manngobaum indeed it seems there is also no cli command available to fully sync those https://docs.nextcloud.com/server/23/admin_manual/configuration_server/occ_command.html#ldap-commands-label

              M Offline
              M Offline
              manngobaum
              wrote on last edited by
              #6

              @nebulon Yes, I was able to update my user manually with ldap:check-user --update but it only gives me the following output

              memberof: 
                  cn=users,ou=groups,dc=cloudron
                  cn=admins,ou=groups,dc=cloudron
              

              From my understanding the Cloudron groups my member belongs to should be listet here. Did I miss something?

              nebulonN 1 Reply Last reply
              0
              • M manngobaum

                @nebulon Yes, I was able to update my user manually with ldap:check-user --update but it only gives me the following output

                memberof: 
                    cn=users,ou=groups,dc=cloudron
                    cn=admins,ou=groups,dc=cloudron
                

                From my understanding the Cloudron groups my member belongs to should be listet here. Did I miss something?

                nebulonN Offline
                nebulonN Offline
                nebulon
                Staff
                wrote on last edited by
                #7

                @manngobaum currently this is not the case for the LDAP server. The two users or admins groups is actually a legacy feature from the time, where we would allow apps to pickup the admin status internally.

                But you bring up a good point about exposing the normal group memberships instead of "normal user" and "admin". I guess we can discuss this for Cloudron 8 then.

                M 1 Reply Last reply
                1
                • nebulonN nebulon

                  @manngobaum currently this is not the case for the LDAP server. The two users or admins groups is actually a legacy feature from the time, where we would allow apps to pickup the admin status internally.

                  But you bring up a good point about exposing the normal group memberships instead of "normal user" and "admin". I guess we can discuss this for Cloudron 8 then.

                  M Offline
                  M Offline
                  manngobaum
                  wrote on last edited by
                  #8

                  @nebulon Would be great to see this in Cloudron 8 🙂 In combination with Nextcloud Group Folders this would give any admin a huge flexibilty in terms of rights and role models.

                  1 Reply Last reply
                  2
                  • girishG girish forked this topic on
                  Reply
                  • Reply as topic
                  Log in to reply
                  • Oldest to Newest
                  • Newest to Oldest
                  • Most Votes


                  • Login

                  • Don't have an account? Register

                  • Login or register to search.
                  • First post
                    Last post
                  0
                  • Categories
                  • Recent
                  • Tags
                  • Popular
                  • Bookmarks
                  • Search