availabilty of LDAP groups in apps
-
-
Hi,
we try the integration of a whole organisation to cloudron apps.
As we already have a rights structure in our active directory, we wish to use cloudron-ldap-groups in nextcloud.
Hope the cloudron developers can make us happykind regards
dirkHi and welcome to the forum @dima
There is some older entry here about this https://forum.cloudron.io/topic/1565/make-cloudron-groups-accessible-on-ldap?_=1632754454070
The takeaway for the moment is, that groups are not exposed via LDAP, however some bits on Cloudron side have changed, regarding groups and roles, so maybe we can revisit this if we understand the use-case better.
-
Hi and welcome to the forum @dima
There is some older entry here about this https://forum.cloudron.io/topic/1565/make-cloudron-groups-accessible-on-ldap?_=1632754454070
The takeaway for the moment is, that groups are not exposed via LDAP, however some bits on Cloudron side have changed, regarding groups and roles, so maybe we can revisit this if we understand the use-case better.
@nebulon As I understand exposing groups is possible since 7.0. How can we achieve this in Nextcloud?
-
@nebulon As I understand exposing groups is possible since 7.0. How can we achieve this in Nextcloud?
@manngobaum Ok, found it. It is necessary to reactivate everything in the Nextcloud LDAP Admin Backend. Unfortunatly it looks like only new users will be synced with group information.
-
@manngobaum Ok, found it. It is necessary to reactivate everything in the Nextcloud LDAP Admin Backend. Unfortunatly it looks like only new users will be synced with group information.
@manngobaum indeed it seems there is also no cli command available to fully sync those https://docs.nextcloud.com/server/23/admin_manual/configuration_server/occ_command.html#ldap-commands-label
-
@manngobaum indeed it seems there is also no cli command available to fully sync those https://docs.nextcloud.com/server/23/admin_manual/configuration_server/occ_command.html#ldap-commands-label
@nebulon Yes, I was able to update my user manually with
ldap:check-user --update
but it only gives me the following outputmemberof: cn=users,ou=groups,dc=cloudron cn=admins,ou=groups,dc=cloudron
From my understanding the Cloudron groups my member belongs to should be listet here. Did I miss something?
-
@nebulon Yes, I was able to update my user manually with
ldap:check-user --update
but it only gives me the following outputmemberof: cn=users,ou=groups,dc=cloudron cn=admins,ou=groups,dc=cloudron
From my understanding the Cloudron groups my member belongs to should be listet here. Did I miss something?
@manngobaum currently this is not the case for the LDAP server. The two users or admins groups is actually a legacy feature from the time, where we would allow apps to pickup the admin status internally.
But you bring up a good point about exposing the normal group memberships instead of "normal user" and "admin". I guess we can discuss this for Cloudron 8 then.
-
@manngobaum currently this is not the case for the LDAP server. The two users or admins groups is actually a legacy feature from the time, where we would allow apps to pickup the admin status internally.
But you bring up a good point about exposing the normal group memberships instead of "normal user" and "admin". I guess we can discuss this for Cloudron 8 then.
@nebulon Would be great to see this in Cloudron 8
In combination with Nextcloud Group Folders this would give any admin a huge flexibilty in terms of rights and role models.
-
G girish forked this topic on