Integration betwwen apps IndieHosters - Single user


#1

Current status

One thing we discussed with @pbouda was to provide tighter integration between apps.
We are already at an interesting situation where https://cloud.indie.host is getting user’s information from https://mail.indie.host database.

Let’s define an important person here, the domain admin. The domain admin contacted us to host some software on its domain name. And it is the ruler on its own land of Internet. And it wants to manage its users their.

The really interesting for me is that:

as a domain admin
I can manage all emails/alias of my users
I can create/update/delete accounts
When I create an email account
An email gets send to the end user
This email contains all the connection details (user/pass/ smtp endpoint/webmail/cardav...)
and so this user gets access to its cloud also.

It is not perfect yet:

  • the webmail doesn’t get provisioned - fix here
  • if the person changes it’s password, the person has to fix his webmail - fix here

This is nice and good, but it feels a bit hacky as it relies on a MySQL database well configured with hash and salt, but still.)

Problem space

But now we want more, we want to have one single place to define user/password, and with this, the user could authenticate to this actual forum, to the chat, to the wekan and to our future gitlab.

And also, the user would have one interface to change its credentials.

As a domain admin:

  • I would have one interface to manage all my users. And I could have one chat instance on my own domain that could get users from this system as well.
  • I want to be able to export my user list to go to another hoster

Luckally, a potential domain admin contacted me with clear requirements:

  • single user between Nextcloud and chat
  • Nextcloud users do not necessarly have emails

Solution Space

It is really good we have a reall user with real needs, it helps usidentify that we need ldap.
LDAP will be enough for the beginning (rocket.chat allows ldap).
I just have one question though: how do I let my domain admin manage its users? (phpLDAPadmin is not a valid answer, this interface is awful).


#2

https://oss.gonicus.de/labs/gosa is a web interface to LDAP. Not sure if it’s better than phpLDAPadmin.

Anyway i think that these generic interfaces are not suitable for end users (domain owners). Probably you will need to use some kind of “control panel”…


#3

Anyway i think that these generic interfaces are not suitable for end
users (domain owners). Probably you will need to use some kind of
“control panel”…

Yes probably, the more I think about it, the more I think there is no
way around it.


#4

There are also these 2 projects to look at:


#5

Should we work a bit on

?


#6

Form my perspective I see it this way:

  • setup openldap
  • have an interface for users to manage their organisation (the plan is to reuse yunohost and make an ownCloud plugin with it)
  • test https://github.com/indiehosters/email with ldap backend (is it possible to have mysql and ldap user backend?)
  • test ldap backend with xCloud
  • migrate mail.indie.host and cloud.indie.host to use ldap backend and migrate the users (would be smoother if we have 2 users backend).
  • then we can start to play with SSO :slight_smile:

#7

Just to say I’m really interrested in this subject :slight_smile:

Is owncloud able to act as a Ldap client and thus creating ldap user when added by admin in OC ?


#8

Just found the answer is no for nextcloud ldap write :

“Only read access to your LDAP (edit or delete of users on your LDAP is not supported)”


#9

After working on various possibilities, we found the best way in our opinion.

We currently use imap as a user backend for Nextcloud.
Nextcloud will be an oauth2 provider soon.
The we can connect our various apps to Nextcloud:

  • RocketChat
  • Discourse
  • GitLab
  • Wekan
  • HackMD