example_configs: Add Dex example

Fixes #428.
This commit is contained in:
Diptesh Choudhuri 2023-02-01 17:32:52 +05:30 committed by GitHub
parent c3d18dbbe8
commit 58b9c28a0b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 113 additions and 77 deletions

View File

@ -28,20 +28,20 @@
</a> </a>
</p> </p>
- [About](#About) - [About](#about)
- [Installation](#Installation) - [Installation](#installation)
- [With Docker](#With-Docker) - [With Docker](#with-docker)
- [From source](#From-source) - [From source](#from-source)
- [Cross-compilation](#Cross-compilation) - [Cross-compilation](#cross-compilation)
- [Client configuration](#Client-configuration) - [Client configuration](#client-configuration)
- [Compatible services](#compatible-services) - [Compatible services](#compatible-services)
- [General configuration guide](#general-configuration-guide) - [General configuration guide](#general-configuration-guide)
- [Sample client configurations](#Sample-client-configurations) - [Sample client configurations](#sample-client-configurations)
- [Comparisons with other services](#Comparisons-with-other-services) - [Comparisons with other services](#comparisons-with-other-services)
- [vs OpenLDAP](#vs-openldap) - [vs OpenLDAP](#vs-openldap)
- [vs FreeIPA](#vs-freeipa) - [vs FreeIPA](#vs-freeipa)
- [I can't log in!](#i-cant-log-in) - [I can't log in!](#i-cant-log-in)
- [Contributions](#Contributions) - [Contributions](#contributions)
## About ## About
@ -62,10 +62,11 @@ edit their own details or reset their password by email.
The goal is _not_ to provide a full LDAP server; if you're interested in that, The goal is _not_ to provide a full LDAP server; if you're interested in that,
check out OpenLDAP. This server is a user management system that is: check out OpenLDAP. This server is a user management system that is:
* simple to setup (no messing around with `slapd`),
* simple to manage (friendly web UI), - simple to setup (no messing around with `slapd`),
* low resources, - simple to manage (friendly web UI),
* opinionated with basic defaults so you don't have to understand the - low resources,
- opinionated with basic defaults so you don't have to understand the
subtleties of LDAP. subtleties of LDAP.
It mostly targets self-hosting servers, with open-source components like It mostly targets self-hosting servers, with open-source components like
@ -98,14 +99,14 @@ contents are loaded into the respective configuration parameters. Note that
`_FILE` variables take precedence. `_FILE` variables take precedence.
Example for docker compose: Example for docker compose:
* You can use either the `:latest` tag image or `:stable` as used in this example.
* `:latest` tag image contains recently pushed code or feature tests, in which some instability can be expected.
* If `UID` and `GID` no defined LLDAP will use default `UID` and `GID` number `1000`.
* If no `TZ` is set, default `UTC` timezone will be used.
- You can use either the `:latest` tag image or `:stable` as used in this example.
- `:latest` tag image contains recently pushed code or feature tests, in which some instability can be expected.
- If `UID` and `GID` no defined LLDAP will use default `UID` and `GID` number `1000`.
- If no `TZ` is set, default `UTC` timezone will be used.
```yaml ```yaml
version: '3' version: "3"
volumes: volumes:
lldap_data: lldap_data:
@ -139,9 +140,9 @@ front-end.
To compile the project, you'll need: To compile the project, you'll need:
* nodejs 16: [nodesource nodejs installation guide](https://github.com/nodesource/distributions) - nodejs 16: [nodesource nodejs installation guide](https://github.com/nodesource/distributions)
* curl: `sudo apt install curl` - curl: `sudo apt install curl`
* Rust/Cargo: [rustup.rs](https://rustup.rs/) - Rust/Cargo: [rustup.rs](https://rustup.rs/)
Then you can compile the server (and the migration tool if you want): Then you can compile the server (and the migration tool if you want):
@ -155,8 +156,8 @@ just run `cargo run -- run` to run the server.
To bring up the server, you'll need to compile the frontend. In addition to To bring up the server, you'll need to compile the frontend. In addition to
cargo, you'll need: cargo, you'll need:
* WASM-pack: `cargo install wasm-pack` - WASM-pack: `cargo install wasm-pack`
* rollup.js: `npm install rollup` - rollup.js: `npm install rollup`
Then you can build the frontend files with `./app/build.sh` (you'll need to run Then you can build the frontend files with `./app/build.sh` (you'll need to run
this after every front-end change to update the WASM package served). this after every front-end change to update the WASM package served).
@ -204,6 +205,7 @@ the config).
### General configuration guide ### General configuration guide
To configure the services that will talk to LLDAP, here are the values: To configure the services that will talk to LLDAP, here are the values:
- The LDAP user DN is from the configuration. By default, - The LDAP user DN is from the configuration. By default,
`cn=admin,ou=people,dc=example,dc=com`. `cn=admin,ou=people,dc=example,dc=com`.
- The LDAP password is from the configuration (same as to log in to the web - The LDAP password is from the configuration (same as to log in to the web
@ -226,12 +228,14 @@ administration access to many services.
Some specific clients have been tested to work and come with sample Some specific clients have been tested to work and come with sample
configuration files, or guides. See the [`example_configs`](example_configs) configuration files, or guides. See the [`example_configs`](example_configs)
folder for help with: folder for help with:
- [Airsonic Advanced](example_configs/airsonic-advanced.md) - [Airsonic Advanced](example_configs/airsonic-advanced.md)
- [Apache Guacamole](example_configs/apacheguacamole.md) - [Apache Guacamole](example_configs/apacheguacamole.md)
- [Authelia](example_configs/authelia_config.yml) - [Authelia](example_configs/authelia_config.yml)
- [Bookstack](example_configs/bookstack.env.example) - [Bookstack](example_configs/bookstack.env.example)
- [Calibre-Web](example_configs/calibre_web.md) - [Calibre-Web](example_configs/calibre_web.md)
- [Dell iDRAC](example_configs/dell_idrac.md) - [Dell iDRAC](example_configs/dell_idrac.md)
- [Dex](example_configs/dex_config.yml)
- [Dokuwiki](example_configs/dokuwiki.md) - [Dokuwiki](example_configs/dokuwiki.md)
- [Dolibarr](example_configs/dolibarr.md) - [Dolibarr](example_configs/dolibarr.md)
- [Emby](example_configs/emby.md) - [Emby](example_configs/emby.md)

View File

@ -0,0 +1,32 @@
# lldap configuration:
# LLDAP_LDAP_BASE_DN: dc=example,dc=com
# ##############################
# rest of the Dex options
# ##############################
connectors:
- type: ldap
id: ldap
name: LDAP
config:
host: lldap-host # make sure it does not start with `ldap://`
port: 3890 # or 6360 if you have ldaps enabled
insecureNoSSL: true # or false if you have ldaps enabled
insecureSkipVerify: true # or false if you have ldaps enabled
bindDN: uid=admin,ou=people,dc=example,dc=com # replace admin with your admin user
bindPW: very-secure-password # replace with your admin password
userSearch:
baseDN: ou=people,dc=example,dc=com
username: uid
idAttr: uid
emailAttr: mail
nameAttr: displayName
preferredUsernameAttr: uid
groupSearch:
baseDN: ou=groups,dc=example,dc=com
filter: "(objectClass=groupOfUniqueNames)"
userMatchers:
- userAttr: uid
groupAttr: member
nameAttr: displayName