User authentication and LDAP
-
Hi, this is kind of a general question, so I thought would belong in Discuss.
I'm trying to use two Cloudron apps, each with LDAP support, but my goal is that when users sign up for an account on App1, their credentials are automatically valid for logging into App2.
I've tried using App1 as OAuth/OpenID server and App2 as client. I've tried automating it through the APIs and n8n. I've tried creating a sign up form on Baserow, to then create users on App1 and App2 through APIs and n8n. I've seen this to create Cloudron sign up page, but I don't know how to build it.
Clearly, I'm a bit out of my depth, and I haven't been able to set up any of the above options properly. Also, this is taking me way too much time and I suspect that there is a better, simpler solution... So I'm asking for advice!
Many thanks.
-
Just to confirm, so both apps are not using the Cloudron usermanagement but one has its own and the second should authenticate users via the first app?
-
@nebulon That is correct.
-
@abargel this then is more a question for the upstream apps I guess then. It very much depends on how the individual app manages auth and sessions and is often handled quite differently.
-
@nebulon Sure, makes sense. I've tried a lot of things (more than mentioned above)... I think I've exhausted the options that don't require being able to use the APIs myself to set it up (tried that too, but it's a lot to learn on the spot!)
As a workaround, I was thinking if there was a way to use the Cloudron LDAP as a go-between... Or run a stand alone LDAP server as a Cloudron app?
Anyway, this is sort of a desperate, last resort call for suggestions... (Does not fall within expected Cloudron support!
) -
@nebulon But thanks for taking a moment to consider
-
@abargel generally, when possible in the upstream app, we do try to integrate the user management already. If LDAP integration with Cloudron is missing in the package, but the app does support LDAP, then we should ideally add it. Feel free to suggest the LDAP integration of a specific app in the app's forum category.
-
@nebulon Well, both apps do support LDAP in the Cloudron package, but I do need users to sign up within one of the apps. If those credentials could somehow make their way up to my Cloudron, then the LDAP integration would take care of the second app. Does that make any sense?
To be more explicit, one is a Wordpress site with an ecommerce plugin where users create an account as they make a purchase, and the other a Nextcloud instance where they need to sign in to collect their purchase.
So they should be able to sign in with the same credentials, and I can't quite ask them to also sign up for a Cloudron account to LDAP them into both apps, as it should not be confusing or complex for them.
In theory, it should be easy to use either Wordpress or Nextcloud as OAuth source for the other, but in practice I am struggling (and can't afford expensive Wordpress plugins that promise to do it better, as this is a tiny operation), hence looking for some type of workaround...
-
@abargel this would assume that apps can write to the LDAP which is not supported for good reasons. You can set up your own LDAP and configure it so it meets your criteria.
For your specific problem take a look at Freescout Easy Digital Downloads Module. Because it seems that you are selling digital goods, maybe you can use another plugin and/or benefit from Freescouts capabilities.
-
@abargel I can help you implement the Registration app I published if you'd like
-
@abargel so your flow seems to be the following:
1- user signs up and buys something for your store (WordPress site with plugin)
2- you send them or display some email/conf with instructions to sign into NextCloud
3- they sign in and get their digital purchase?and you need to connect the dots...?
Creating a Cloudron/LDAP user will only solve half of this use case as the user still has to sign up for the store account which is not the same (afaik) as creating an LDAP user for WordPress . Although the WP/plugin could have an API to integrate with...
Regardless it seems like you'd need to capture that user data and then use it to make the Cloudron user. Then they can sign into NC for the digital purchase
Look into the WP/Plugin API part and let me know your findings... if its straightforward im willing to help you add that to the Reg App and implement it =]
-
@plusone-nick Thank you for your response and kind offer to help. I think I figured it out, by reshuffling my user flow. It seems silly, but after racking my brains on all the technical solutions last night, I woke up this morning with a simple idea to avoid the problem altogether... I still would love to understand the technical aspects beneath all this, yet that may take more time.
On a side note, I would love to see your app integrated into Cloudron, as has been discussed separately. With some customization, it would allow an easy set up for multi-apps projects like this one.
Thanks again!
-
@subven Thanks! Setting up my own LDAP was part of my research yesterday, but wasn't as easy as it sounds (for me, anyway!)
-
@abargel said in User authentication and LDAP:
I woke up this morning with a simple idea to avoid the problem altogether.
what's the idea?
-
- customer signs up for an account (on Nextcloud) to collect a free product.
- to buy more, customer is asked to log into their account, but that page is actually a Wordpress registration form looking like a log in form. Customer enters the same credentials, so both accounts will correspond (and both sites are under one brand/visual identity).
- when coming back to their account page (on Wordpress) for future purchases and such, customer will use a similar looking log in form, that is actually a log in form.
Of course:
- the camouflaged registration form needs to be used only the first time. I can arrange that through the onboarding flow.
- I still need purchases on Wordpress to be reflected for the corresponding user on Nextcloud. I'll start manually (again, tiny operation), then I think I can automate that through the APIs on n8n, like Stripe to Nextcloud. Just need to learn more about how that works...
