Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved User takeover (from an external directory provider)

    Feature Requests
    3
    5
    223
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • luckow
      luckow translator last edited by

      In 7.1.x the new Directory Server feature has arrived in Cloudron. This is the first time that it is officially possible to share your users with applications / services that are not on the Cloudron instance. Or to share users across different Cloudron instances. #yippie

      Everything works perfectly on the greenfield site. But the "old" users had to cope with the previous limitations to meet their needs. E.g. the need to distribute users to different instances. That was the time of the "external directory" feature and services like okto, jumpcloud or ucs (univention).

      Now, if the "old" user wants to move completely to Cloudron, there is a task that consumes lifetime. Delete the users in okto, jumpcloud, ucs and in Cloudron (because they are an "external" user reference) and add them back to the Cloudron instance. Apart from the potential problems because of the UID change, it makes absolutely no sense to do monkey jobs in 2022. (I know what I am writing because I have migrated a few dozen users this way).

      To save people lifetime: please add some kind of user takeover button next to user list (in dashboard) and transfer all attributes including uid from external directory to Cloudron. If this is too complex, a simple bash command will also work.

      Pronouns: he/him | Primary language: German

      1 Reply Last reply Reply Quote 6
      • girish
        girish Staff last edited by

        I like this idea 👍 I think this is just a matter of changing the user source field internally but @nebulon knows best.

        1 Reply Last reply Reply Quote 1
        • nebulon
          nebulon Staff last edited by

          yes this should be a very trivial feature. I think we can do this in 7.2

          1 Reply Last reply Reply Quote 1
          • nebulon
            nebulon Staff last edited by

            While looking into this, I found that the current behavior is, that if a local user is found by username in the external ldap directory, that local user will be mapped to the one in the external ldap. So once we have the feature to make an ldap user local, it will be mapped to ldap again, as long as a user with the same username exists in ldap.

            I am not sure why it was implemented with that mapping in mind, but we can now either keep this behavior or drop that automatic mapping. Are there any opinions about this?

            Of course since your initial use-case already mentioned, that the user will be deleted in the external ldap directory, this will probably not be hit in your case then.

            1 Reply Last reply Reply Quote 0
            • Topic has been marked as a question  nebulon nebulon 
            • nebulon
              nebulon Staff last edited by

              This is now implemented and will be part of the next release.

              1 Reply Last reply Reply Quote 3
              • Topic has been marked as solved  nebulon nebulon 
              • First post
                Last post
              Powered by NodeBB