Nextcloud version : Nextcloud Hub II (23.0.0)
We want to use Nextcloud in the company as a SaaS and connect it to our LDAP in Azure. But I am not able to connect from a SaaS to the internal IP of our LDAP Azure AD server.
Steps to replicate it:
Install app LDAP user and group backend reference
Try to connect to Azure ldap IP
Does not work as it's not the same environment and the Azure AD has only an internal IP
Is this even possible. If so how to connect to the LDAP server from Nextcloud?
Related
Scenario: We have an Azure cloud environment that contains three (Prod,Test,Dev) PaaS database servers (PostgreSQL Flexible Servers). Each server exists in its own VNet. The SQL data tables found in each server contain sensitive information. Let's say we require an external user (eg. a contractor, consultant) to access the data tables in a secure way, with MFA enabled. What would be a secure & simple way of enabling this?
Some options I can think of:
Share database server credentials with external user (high risk of credentials being misplaced. No MFA option?):
Whitelist user IP address against Azure firewalls
Send PaaS server credentials to external user via email or SMS.
They connect using an SQL client on their machine.
External user to use VM via Bastion:
Add external user to Azure AD
Turn on MFA for user in AD
Create VM in Azure, with SQL client software installed (ie. pgAdmin for PostgreSQL)
Configure access to the 3 PaaS servers (Prod, test, dev) from the VM
Set up Bastion server with access to VM
Enable user to access VM via Bastion server
Second option incurrs extaa costs for the VM and Bastion of course. Are there any other methods I should consider?
Anyone was successful configuring a VPN client on Server 2019 build 1809 for Azure VPN Gateway using OpenVPN and Azure Active Directory authentication?
Windows Admin Center allows to add an Azure Network Adaptor, but there is only an option for certificate authentication when I select my existing VNet.
Also, Azure VPN Client is not available since there is no MS Store in Server 2019.
Any suggestion?
Unfortunately, currently, the Windows server 2019 is not available for Azure AD authentication and Azure AD authentication is supported only for OpenVPN protocol connections. Read Configure a VPN client for P2S OpenVPN protocol connections: Azure AD authentication and this step-by-step guide.
The table below shows the client operating systems and the authentication options that are available to them. Refer to https://learn.microsoft.com/en-us/azure/vpn-gateway/work-remotely-support
I have setup an Azure VNet and a Point to Site VPN using the OpenVPN tunnel to maintain use of the Azure AD username and password for login.
I have sample .ovpn config files but they all require certificates, beyond what is provided by Azure.
Azure provides me with the following three files:
AzureVPN\azurevpnconfig.xml
Generic\VpnServerRoot.cer
Generic\VpnSettings.xml
How should I go about using these files to configure a .ovpn document allowing me to connect to this VPN using my MacBook?
My understanding is that the certs aren't needed since we're using a username and password to login? The downloaded VpnServerRoot.cer doesn't import to the OS Keychain...
Thank for any pointers!
Unfortunately, currently, MAC OS client is not available for connecting Azure point to site VPN with Azure AD authentication. The table below shows the client operating systems and the authentication options that are available to them. Refer to https://learn.microsoft.com/en-us/azure/vpn-gateway/work-remotely-support
With using the OpenVPN tunnel, you can select RADIUS and Azure Certificate authentication for your MAC OS X clients. For Mac clients, Read Configure OpenVPN clients for Azure VPN Gateway.
Only iOS 11.0 and above and MacOS 10.13 and above are supported with
OpenVPN protocol.
and Create and install VPN client configuration files for native Azure certificate authentication P2S configurations.
We are using on-prem and Azure cloud separately and planning to make connection between on-prem AD and Azure AD by using Azure AD connect or Pass-though authentication (preview).
My question is, If we use Azure AD connect or pass-though ,will there be any need to use Azure application proxy in any case?
Under what scenario/application integration, both application proxy and Azure AD connect/pass-through will be required?
If we use Azure AD connect or pass-though ,will there be any need to
use Azure application proxy in any case?
By default, there is no need to deploy a proxy for Azure AD connect. It depends on your local network, if your On-prem server(AAD connect installed) can connect to the internet direct, we should not deploy the proxy.
Under what scenario/application integration, both application proxy
and Azure AD connect/pass-through will be required?
This table describes the ports and protocols that are required for communication between the Azure AD Connect server and on-premises AD:
More information about hybrid identity required ports and protocols, please refer to this official article.
If your on-prem network can't open those ports, we need to deploy a proxy for it.
I have an app that lets users authenticate with LDAP. In order to test it I wanted to deploy it on a cloud virtual machine and connect it to an Azure Active Directory instance.
I was trying to follow this and this guide. The steps I have taken:
Create a virtual network in Azure.
Create an Active Directory in Azure.
Activate ENABLE DOMAIN SERVICES FOR THIS DIRECTORY option.
Upload a self-signed certificate setup for *.mydomainname.onmicrosoft.com.
Activate ENABLE SECURE LDAP ACCESS OVER THE INTERNET.
At this moment I suppose that I should be able to connect to the Ldap server with the IP provided in Azure as EXTERNAL IP ADDRESS FOR LDAPS ACCESS. Unfortunately, I have failed trying to connect to it with Apache Directory Studio.
What additional steps should I take?
The secure LDAP is on port 636, try that one instead.