availabilty of LDAP groups in apps
-
-
Hi and welcome to the forum @dima
There is some older entry here about this https://forum.cloudron.io/topic/1565/make-cloudron-groups-accessible-on-ldap?_=1632754454070
The takeaway for the moment is, that groups are not exposed via LDAP, however some bits on Cloudron side have changed, regarding groups and roles, so maybe we can revisit this if we understand the use-case better.
-
@manngobaum Ok, found it. It is necessary to reactivate everything in the Nextcloud LDAP Admin Backend. Unfortunatly it looks like only new users will be synced with group information.
-
@manngobaum indeed it seems there is also no cli command available to fully sync those https://docs.nextcloud.com/server/23/admin_manual/configuration_server/occ_command.html#ldap-commands-label
-
@nebulon Yes, I was able to update my user manually with
ldap:check-user --updatebut it only gives me the following outputmemberof: cn=users,ou=groups,dc=cloudron cn=admins,ou=groups,dc=cloudronFrom my understanding the Cloudron groups my member belongs to should be listet here. Did I miss something?
-
@manngobaum currently this is not the case for the LDAP server. The two users or admins groups is actually a legacy feature from the time, where we would allow apps to pickup the admin status internally.
But you bring up a good point about exposing the normal group memberships instead of "normal user" and "admin". I guess we can discuss this for Cloudron 8 then.
-
G girish forked this topic on
In combination with Nextcloud Group Folders this would give any admin a huge flexibilty in terms of rights and role models.