Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    availabilty of LDAP groups in apps

    Discuss
    ldap
    3
    8
    297
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dima last edited by girish

      Hi,

      we try the integration of a whole organisation to cloudron apps.
      As we already have a rights structure in our active directory, we wish to use cloudron-ldap-groups in nextcloud.
      Hope the cloudron developers can make us happy 😉

      kind regards
      dirk

      nebulon 1 Reply Last reply Reply Quote 2
      • nebulon
        nebulon Staff @dima last edited by

        Hi and welcome to the forum @dima

        There is some older entry here about this https://forum.cloudron.io/topic/1565/make-cloudron-groups-accessible-on-ldap?_=1632754454070

        The takeaway for the moment is, that groups are not exposed via LDAP, however some bits on Cloudron side have changed, regarding groups and roles, so maybe we can revisit this if we understand the use-case better.

        M 1 Reply Last reply Reply Quote 1
        • M
          manngobaum @nebulon last edited by

          @nebulon As I understand exposing groups is possible since 7.0. How can we achieve this in Nextcloud?

          M 1 Reply Last reply Reply Quote 0
          • M
            manngobaum @manngobaum last edited by

            @manngobaum Ok, found it. It is necessary to reactivate everything in the Nextcloud LDAP Admin Backend. Unfortunatly it looks like only new users will be synced with group information.

            nebulon 1 Reply Last reply Reply Quote 0
            • nebulon
              nebulon Staff @manngobaum last edited by

              @manngobaum indeed it seems there is also no cli command available to fully sync those https://docs.nextcloud.com/server/23/admin_manual/configuration_server/occ_command.html#ldap-commands-label

              M 1 Reply Last reply Reply Quote 1
              • M
                manngobaum @nebulon last edited by

                @nebulon Yes, I was able to update my user manually with ldap:check-user --update but it only gives me the following output

                memberof: 
                    cn=users,ou=groups,dc=cloudron
                    cn=admins,ou=groups,dc=cloudron
                

                From my understanding the Cloudron groups my member belongs to should be listet here. Did I miss something?

                nebulon 1 Reply Last reply Reply Quote 0
                • nebulon
                  nebulon Staff @manngobaum last edited by

                  @manngobaum currently this is not the case for the LDAP server. The two users or admins groups is actually a legacy feature from the time, where we would allow apps to pickup the admin status internally.

                  But you bring up a good point about exposing the normal group memberships instead of "normal user" and "admin". I guess we can discuss this for Cloudron 8 then.

                  M 1 Reply Last reply Reply Quote 1
                  • M
                    manngobaum @nebulon last edited by

                    @nebulon Would be great to see this in Cloudron 8 🙂 In combination with Nextcloud Group Folders this would give any admin a huge flexibilty in terms of rights and role models.

                    1 Reply Last reply Reply Quote 2
                    • Forked by  girish girish 
                    • First post
                      Last post
                    Powered by NodeBB