NS8 LDAP instance as an external LDAP service (URI)


Can any LDAP instance on a NS8 cluster act as an external LDAP service to other apps, both cluster apps and external apps?


1 Like

Same as with AD, as both AD / LDAP uses the same ports: only the first one on a node can be accessible with ports from “outside”. More or less “logical” for NS8…

My 2 cents

No it cannot. It is a planned feature though.

1 Like

@davidep so could this be the reason why the Authentik App in ns8 is unable to connect to ldap?

I am afraid so, for this moment.

Thanks, is there a card for it pls?

ok then, looking forward to a resolution soon,

Meanwhile, we have a zitadel App in the works, atleast it implements the ldap configs in the env variables, so possibly able to implement ldap with it similar to how other apps work,

however it is also a multi tenant system, so need to figure out how to best implement that part.

Will share more details once available.

<side note
We actually need it for a solution we are building internally with surrealDB, which also implemented authentication with provider in the scope. Nifty stuff.

Now just waiting for Penpot 2.0 release, then we can build the interface in weeks as opposed to months. loving Opensource, Also considering making the project Opensource as well. who knows…

Could be this one?

1 Like

i suspect it is, but in this case we are more interested for within the cluster or even the Node

It is… Thanks!

Un-shamefully poking @giacomo a bit :wink:

I guess the description of the card is correct, from OUTSIDE the VPN

It’s that one :smiley:

We would need it, if you want to import NS8 LDAP users inside NethSecurity to ease roadwarrior OpenVPN configuration.

You can already access LDAP within the node.

must there be modifications to the App running on the Node, or there is no need for special access modifications

You need to access the LDAP poxy instance ad the right port.
An example:

More info here: User domains | NS8 dev manual

my question was, must all apps installed in Ns8, implement that configuration code to make it viable to commuicate with the ldap?

Equally, an app like authentik, does not implement env variables for ldap config so how should the mapping be handled.

Could you kindly take a look at the authentik app and advice.

Any request from anywhere for that matter, so not just apps installed on a cluster-node but also other LDAP requesst coming from e.g. another application server on the LAN or even WAN.

i am more interested in normal podman run isntalls ldap just working, without the need of building them as an App

If you want to connect from a cluster node, without implementing the LDAP discovery procedure like Giacomo already pointed out, you can copy the LDAP connection settings from the Domains and Users page.

Does it answer your question?

Checkout the Authenkik thread discussions. It doesn’t seem to work as expected.

I was to find time and implement a simple app that I know works fetching ldap users and test to prove wrong my hypothesis, haven’t yet…

Thanks, but not really. ‘we’ tried the 10.x.x.x:port but no luck. The LDAP discovery procedure is for development I guess? I was expecting (shame on me) to be able to enter a valid LDAP URI, proper credentials and done… Actually what it says on the feature card.

I am confused.

1 Like