Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Discuss
  3. User authentication and LDAP

User authentication and LDAP

Scheduled Pinned Locked Moved Discuss
15 Posts 5 Posters 1.6k Views 6 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      A Offline
      abargel
      wrote on last edited by
      #1

      Hi, this is kind of a general question, so I thought would belong in Discuss.

      I'm trying to use two Cloudron apps, each with LDAP support, but my goal is that when users sign up for an account on App1, their credentials are automatically valid for logging into App2.

      I've tried using App1 as OAuth/OpenID server and App2 as client. I've tried automating it through the APIs and n8n. I've tried creating a sign up form on Baserow, to then create users on App1 and App2 through APIs and n8n. I've seen this to create Cloudron sign up page, but I don't know how to build it.

      Clearly, I'm a bit out of my depth, and I haven't been able to set up any of the above options properly. Also, this is taking me way too much time and I suspect that there is a better, simpler solution... So I'm asking for advice!

      Many thanks.

      P 1 Reply Last reply
      1
      • nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #2

        Just to confirm, so both apps are not using the Cloudron usermanagement but one has its own and the second should authenticate users via the first app?

        A 1 Reply Last reply
        0
        • nebulonN nebulon

          Just to confirm, so both apps are not using the Cloudron usermanagement but one has its own and the second should authenticate users via the first app?

          A Offline
          A Offline
          abargel
          wrote on last edited by
          #3

          @nebulon That is correct. 🙂

          nebulonN 1 Reply Last reply
          0
          • A abargel

            @nebulon That is correct. 🙂

            nebulonN Offline
            nebulonN Offline
            nebulon
            Staff
            wrote on last edited by
            #4

            @abargel this then is more a question for the upstream apps I guess then. It very much depends on how the individual app manages auth and sessions and is often handled quite differently.

            A 2 Replies Last reply
            0
            • nebulonN nebulon

              @abargel this then is more a question for the upstream apps I guess then. It very much depends on how the individual app manages auth and sessions and is often handled quite differently.

              A Offline
              A Offline
              abargel
              wrote on last edited by
              #5

              @nebulon Sure, makes sense. I've tried a lot of things (more than mentioned above)... I think I've exhausted the options that don't require being able to use the APIs myself to set it up (tried that too, but it's a lot to learn on the spot!)

              As a workaround, I was thinking if there was a way to use the Cloudron LDAP as a go-between... Or run a stand alone LDAP server as a Cloudron app?

              Anyway, this is sort of a desperate, last resort call for suggestions... (Does not fall within expected Cloudron support! 😉 )

              1 Reply Last reply
              0
              • nebulonN nebulon

                @abargel this then is more a question for the upstream apps I guess then. It very much depends on how the individual app manages auth and sessions and is often handled quite differently.

                A Offline
                A Offline
                abargel
                wrote on last edited by
                #6

                @nebulon But thanks for taking a moment to consider 🙂

                nebulonN 1 Reply Last reply
                0
                • A abargel

                  @nebulon But thanks for taking a moment to consider 🙂

                  nebulonN Offline
                  nebulonN Offline
                  nebulon
                  Staff
                  wrote on last edited by
                  #7

                  @abargel generally, when possible in the upstream app, we do try to integrate the user management already. If LDAP integration with Cloudron is missing in the package, but the app does support LDAP, then we should ideally add it. Feel free to suggest the LDAP integration of a specific app in the app's forum category.

                  A 1 Reply Last reply
                  0
                  • nebulonN nebulon

                    @abargel generally, when possible in the upstream app, we do try to integrate the user management already. If LDAP integration with Cloudron is missing in the package, but the app does support LDAP, then we should ideally add it. Feel free to suggest the LDAP integration of a specific app in the app's forum category.

                    A Offline
                    A Offline
                    abargel
                    wrote on last edited by
                    #8

                    @nebulon Well, both apps do support LDAP in the Cloudron package, but I do need users to sign up within one of the apps. If those credentials could somehow make their way up to my Cloudron, then the LDAP integration would take care of the second app. Does that make any sense?

                    To be more explicit, one is a Wordpress site with an ecommerce plugin where users create an account as they make a purchase, and the other a Nextcloud instance where they need to sign in to collect their purchase.

                    So they should be able to sign in with the same credentials, and I can't quite ask them to also sign up for a Cloudron account to LDAP them into both apps, as it should not be confusing or complex for them.

                    In theory, it should be easy to use either Wordpress or Nextcloud as OAuth source for the other, but in practice I am struggling (and can't afford expensive Wordpress plugins that promise to do it better, as this is a tiny operation), hence looking for some type of workaround...

                    subvenS P 2 Replies Last reply
                    0
                    • A abargel

                      @nebulon Well, both apps do support LDAP in the Cloudron package, but I do need users to sign up within one of the apps. If those credentials could somehow make their way up to my Cloudron, then the LDAP integration would take care of the second app. Does that make any sense?

                      To be more explicit, one is a Wordpress site with an ecommerce plugin where users create an account as they make a purchase, and the other a Nextcloud instance where they need to sign in to collect their purchase.

                      So they should be able to sign in with the same credentials, and I can't quite ask them to also sign up for a Cloudron account to LDAP them into both apps, as it should not be confusing or complex for them.

                      In theory, it should be easy to use either Wordpress or Nextcloud as OAuth source for the other, but in practice I am struggling (and can't afford expensive Wordpress plugins that promise to do it better, as this is a tiny operation), hence looking for some type of workaround...

                      subvenS Offline
                      subvenS Offline
                      subven
                      wrote on last edited by subven
                      #9

                      @abargel this would assume that apps can write to the LDAP which is not supported for good reasons. You can set up your own LDAP and configure it so it meets your criteria.

                      For your specific problem take a look at Freescout Easy Digital Downloads Module. Because it seems that you are selling digital goods, maybe you can use another plugin and/or benefit from Freescouts capabilities.

                      A 1 Reply Last reply
                      0
                      • A abargel

                        Hi, this is kind of a general question, so I thought would belong in Discuss.

                        I'm trying to use two Cloudron apps, each with LDAP support, but my goal is that when users sign up for an account on App1, their credentials are automatically valid for logging into App2.

                        I've tried using App1 as OAuth/OpenID server and App2 as client. I've tried automating it through the APIs and n8n. I've tried creating a sign up form on Baserow, to then create users on App1 and App2 through APIs and n8n. I've seen this to create Cloudron sign up page, but I don't know how to build it.

                        Clearly, I'm a bit out of my depth, and I haven't been able to set up any of the above options properly. Also, this is taking me way too much time and I suspect that there is a better, simpler solution... So I'm asking for advice!

                        Many thanks.

                        P Offline
                        P Offline
                        plusone-nick
                        wrote on last edited by
                        #10

                        @abargel I can help you implement the Registration app I published if you'd like

                        ✌💙+1

                        A 1 Reply Last reply
                        1
                        • A abargel

                          @nebulon Well, both apps do support LDAP in the Cloudron package, but I do need users to sign up within one of the apps. If those credentials could somehow make their way up to my Cloudron, then the LDAP integration would take care of the second app. Does that make any sense?

                          To be more explicit, one is a Wordpress site with an ecommerce plugin where users create an account as they make a purchase, and the other a Nextcloud instance where they need to sign in to collect their purchase.

                          So they should be able to sign in with the same credentials, and I can't quite ask them to also sign up for a Cloudron account to LDAP them into both apps, as it should not be confusing or complex for them.

                          In theory, it should be easy to use either Wordpress or Nextcloud as OAuth source for the other, but in practice I am struggling (and can't afford expensive Wordpress plugins that promise to do it better, as this is a tiny operation), hence looking for some type of workaround...

                          P Offline
                          P Offline
                          plusone-nick
                          wrote on last edited by
                          #11

                          @abargel so your flow seems to be the following:

                          1- user signs up and buys something for your store (WordPress site with plugin)
                          2- you send them or display some email/conf with instructions to sign into NextCloud
                          3- they sign in and get their digital purchase?

                          and you need to connect the dots...?

                          Creating a Cloudron/LDAP user will only solve half of this use case as the user still has to sign up for the store account which is not the same (afaik) as creating an LDAP user for WordPress . Although the WP/plugin could have an API to integrate with...

                          Regardless it seems like you'd need to capture that user data and then use it to make the Cloudron user. Then they can sign into NC for the digital purchase

                          Look into the WP/Plugin API part and let me know your findings... if its straightforward im willing to help you add that to the Reg App and implement it =]

                          ✌💙+1

                          1 Reply Last reply
                          1
                          • P plusone-nick

                            @abargel I can help you implement the Registration app I published if you'd like

                            A Offline
                            A Offline
                            abargel
                            wrote on last edited by
                            #12

                            @plusone-nick Thank you for your response and kind offer to help. I think I figured it out, by reshuffling my user flow. It seems silly, but after racking my brains on all the technical solutions last night, I woke up this morning with a simple idea to avoid the problem altogether... I still would love to understand the technical aspects beneath all this, yet that may take more time.

                            On a side note, I would love to see your app integrated into Cloudron, as has been discussed separately. With some customization, it would allow an easy set up for multi-apps projects like this one.

                            Thanks again!

                            jdaviescoatesJ 1 Reply Last reply
                            2
                            • subvenS subven

                              @abargel this would assume that apps can write to the LDAP which is not supported for good reasons. You can set up your own LDAP and configure it so it meets your criteria.

                              For your specific problem take a look at Freescout Easy Digital Downloads Module. Because it seems that you are selling digital goods, maybe you can use another plugin and/or benefit from Freescouts capabilities.

                              A Offline
                              A Offline
                              abargel
                              wrote on last edited by
                              #13

                              @subven Thanks! Setting up my own LDAP was part of my research yesterday, but wasn't as easy as it sounds (for me, anyway!)

                              1 Reply Last reply
                              1
                              • A abargel

                                @plusone-nick Thank you for your response and kind offer to help. I think I figured it out, by reshuffling my user flow. It seems silly, but after racking my brains on all the technical solutions last night, I woke up this morning with a simple idea to avoid the problem altogether... I still would love to understand the technical aspects beneath all this, yet that may take more time.

                                On a side note, I would love to see your app integrated into Cloudron, as has been discussed separately. With some customization, it would allow an easy set up for multi-apps projects like this one.

                                Thanks again!

                                jdaviescoatesJ Offline
                                jdaviescoatesJ Offline
                                jdaviescoates
                                wrote on last edited by
                                #14

                                @abargel said in User authentication and LDAP:

                                I woke up this morning with a simple idea to avoid the problem altogether.

                                what's the idea?

                                I use Cloudron with Gandi & Hetzner

                                A 1 Reply Last reply
                                0
                                • jdaviescoatesJ jdaviescoates

                                  @abargel said in User authentication and LDAP:

                                  I woke up this morning with a simple idea to avoid the problem altogether.

                                  what's the idea?

                                  A Offline
                                  A Offline
                                  abargel
                                  wrote on last edited by
                                  #15

                                  @jdaviescoates

                                  1. customer signs up for an account (on Nextcloud) to collect a free product.
                                  2. to buy more, customer is asked to log into their account, but that page is actually a Wordpress registration form looking like a log in form. Customer enters the same credentials, so both accounts will correspond (and both sites are under one brand/visual identity).
                                  3. when coming back to their account page (on Wordpress) for future purchases and such, customer will use a similar looking log in form, that is actually a log in form.

                                  Of course:

                                  • the camouflaged registration form needs to be used only the first time. I can arrange that through the onboarding flow.
                                  • I still need purchases on Wordpress to be reflected for the corresponding user on Nextcloud. I'll start manually (again, tiny operation), then I think I can automate that through the APIs on n8n, like Stripe to Nextcloud. Just need to learn more about how that works...
                                  1 Reply Last reply
                                  1
                                  Reply
                                  • Reply as topic
                                  Log in to reply
                                  • Oldest to Newest
                                  • Newest to Oldest
                                  • Most Votes


                                    • Login

                                    • Don't have an account? Register

                                    • Login or register to search.
                                    • First post
                                      Last post
                                    0
                                    • Categories
                                    • Recent
                                    • Tags
                                    • Popular
                                    • Bookmarks
                                    • Search