example_configs: Add Dex example

Fixes #428.

README.md

@@ -28,20 +28,20 @@
   </a>
 </p>
 
- - [About](#About)
+- [About](#about)
- - [Installation](#Installation)
+- [Installation](#installation)
-   - [With Docker](#With-Docker)
+  - [With Docker](#with-docker)
-   - [From source](#From-source)
+  - [From source](#from-source)
-   - [Cross-compilation](#Cross-compilation)
+  - [Cross-compilation](#cross-compilation)
- - [Client configuration](#Client-configuration)
+- [Client configuration](#client-configuration)
   - [Compatible services](#compatible-services)
   - [General configuration guide](#general-configuration-guide)
-   - [Sample client configurations](#Sample-client-configurations)
+  - [Sample client configurations](#sample-client-configurations)
- - [Comparisons with other services](#Comparisons-with-other-services)
+- [Comparisons with other services](#comparisons-with-other-services)
   - [vs OpenLDAP](#vs-openldap)
   - [vs FreeIPA](#vs-freeipa)
- - [I can't log in!](#i-cant-log-in)
+- [I can't log in!](#i-cant-log-in)
- - [Contributions](#Contributions)
+- [Contributions](#contributions)
 
 ## About
 
@@ -62,10 +62,11 @@ edit their own details or reset their password by email.
 
 The goal is _not_ to provide a full LDAP server; if you're interested in that,
 check out OpenLDAP. This server is a user management system that is:
-* simple to setup (no messing around with `slapd`),
+
-* simple to manage (friendly web UI),
+- simple to setup (no messing around with `slapd`),
-* low resources,
+- simple to manage (friendly web UI),
-* opinionated with basic defaults so you don't have to understand the
+- low resources,
+- opinionated with basic defaults so you don't have to understand the
   subtleties of LDAP.
 
 It mostly targets self-hosting servers, with open-source components like
@@ -98,14 +99,14 @@ contents are loaded into the respective configuration parameters. Note that
 `_FILE` variables take precedence.
 
 Example for docker compose:
-* You can use either the `:latest` tag image or `:stable` as used in this example.
-* `:latest` tag image contains recently pushed code or feature tests, in which some instability can be expected.
-* If `UID` and `GID` no defined LLDAP will use default `UID` and `GID` number `1000`.
-* If no `TZ` is set, default `UTC` timezone will be used.
 
+- You can use either the `:latest` tag image or `:stable` as used in this example.
+- `:latest` tag image contains recently pushed code or feature tests, in which some instability can be expected.
+- If `UID` and `GID` no defined LLDAP will use default `UID` and `GID` number `1000`.
+- If no `TZ` is set, default `UTC` timezone will be used.
 
 ```yaml
-version: '3'
+version: "3"
 
 volumes:
   lldap_data:
@@ -139,9 +140,9 @@ front-end.
 
 To compile the project, you'll need:
 
-* nodejs 16: [nodesource nodejs installation guide](https://github.com/nodesource/distributions)
+- nodejs 16: [nodesource nodejs installation guide](https://github.com/nodesource/distributions)
-* curl: `sudo apt install curl`
+- curl: `sudo apt install curl`
-* Rust/Cargo: [rustup.rs](https://rustup.rs/)
+- Rust/Cargo: [rustup.rs](https://rustup.rs/)
 
 Then you can compile the server (and the migration tool if you want):
 
@@ -155,8 +156,8 @@ just run `cargo run -- run` to run the server.
 To bring up the server, you'll need to compile the frontend. In addition to
 cargo, you'll need:
 
-* WASM-pack: `cargo install wasm-pack`
+- WASM-pack: `cargo install wasm-pack`
-* rollup.js: `npm install rollup`
+- rollup.js: `npm install rollup`
 
 Then you can build the frontend files with `./app/build.sh` (you'll need to run
 this after every front-end change to update the WASM package served).
@@ -204,13 +205,14 @@ the config).
 ### General configuration guide
 
 To configure the services that will talk to LLDAP, here are the values:
-  - The LDAP user DN is from the configuration. By default,
+
+- The LDAP user DN is from the configuration. By default,
   `cn=admin,ou=people,dc=example,dc=com`.
-  - The LDAP password is from the configuration (same as to log in to the web
+- The LDAP password is from the configuration (same as to log in to the web
   UI).
-  - The users are all located in `ou=people,` + the base DN, so by default user
+- The users are all located in `ou=people,` + the base DN, so by default user
   `bob` is at `cn=bob,ou=people,dc=example,dc=com`.
-  - Similarly, the groups are located in `ou=groups`, so the group `family`
+- Similarly, the groups are located in `ou=groups`, so the group `family`
   will be at `cn=family,ou=groups,dc=example,dc=com`.
 
 Testing group membership through `memberOf` is supported, so you can have a
@@ -226,33 +228,35 @@ administration access to many services.
 Some specific clients have been tested to work and come with sample
 configuration files, or guides. See the [`example_configs`](example_configs)
 folder for help with:
-  - [Airsonic Advanced](example_configs/airsonic-advanced.md)
+
-  - [Apache Guacamole](example_configs/apacheguacamole.md)
+- [Airsonic Advanced](example_configs/airsonic-advanced.md)
-  - [Authelia](example_configs/authelia_config.yml)
+- [Apache Guacamole](example_configs/apacheguacamole.md)
-  - [Bookstack](example_configs/bookstack.env.example)
+- [Authelia](example_configs/authelia_config.yml)
-  - [Calibre-Web](example_configs/calibre_web.md)
+- [Bookstack](example_configs/bookstack.env.example)
-  - [Dell iDRAC](example_configs/dell_idrac.md)
+- [Calibre-Web](example_configs/calibre_web.md)
-  - [Dokuwiki](example_configs/dokuwiki.md)
+- [Dell iDRAC](example_configs/dell_idrac.md)
-  - [Dolibarr](example_configs/dolibarr.md)
+- [Dex](example_configs/dex_config.yml)
-  - [Emby](example_configs/emby.md)
+- [Dokuwiki](example_configs/dokuwiki.md)
-  - [Gitea](example_configs/gitea.md)
+- [Dolibarr](example_configs/dolibarr.md)
-  - [Grafana](example_configs/grafana_ldap_config.toml)
+- [Emby](example_configs/emby.md)
-  - [Hedgedoc](example_configs/hedgedoc.md)
+- [Gitea](example_configs/gitea.md)
-  - [Jellyfin](example_configs/jellyfin.md)
+- [Grafana](example_configs/grafana_ldap_config.toml)
-  - [Jitsi Meet](example_configs/jitsi_meet.conf)
+- [Hedgedoc](example_configs/hedgedoc.md)
-  - [KeyCloak](example_configs/keycloak.md)
+- [Jellyfin](example_configs/jellyfin.md)
-  - [Matrix](example_configs/matrix_synapse.yml)
+- [Jitsi Meet](example_configs/jitsi_meet.conf)
-  - [Nextcloud](example_configs/nextcloud.md)
+- [KeyCloak](example_configs/keycloak.md)
-  - [Organizr](example_configs/Organizr.md)
+- [Matrix](example_configs/matrix_synapse.yml)
-  - [Portainer](example_configs/portainer.md)
+- [Nextcloud](example_configs/nextcloud.md)
-  - [Seafile](example_configs/seafile.md)
+- [Organizr](example_configs/Organizr.md)
-  - [Syncthing](example_configs/syncthing.md)
+- [Portainer](example_configs/portainer.md)
-  - [Vaultwarden](example_configs/vaultwarden.md)
+- [Seafile](example_configs/seafile.md)
-  - [WeKan](example_configs/wekan.md)
+- [Syncthing](example_configs/syncthing.md)
-  - [WG Portal](example_configs/wg_portal.env.example)
+- [Vaultwarden](example_configs/vaultwarden.md)
-  - [WikiJS](example_configs/wikijs.md)
+- [WeKan](example_configs/wekan.md)
-  - [XBackBone](example_configs/xbackbone_config.php)
+- [WG Portal](example_configs/wg_portal.env.example)
-  - [Zendto](example_configs/zendto.md)
+- [WikiJS](example_configs/wikijs.md)
+- [XBackBone](example_configs/xbackbone_config.php)
+- [Zendto](example_configs/zendto.md)
 
 ## Comparisons with other services
 
@@ -291,19 +295,19 @@ use. It also comes conveniently packed in a docker container.
 If you just set up the server, can get to the login page but the password you
 set isn't working, try the following:
 
-  - (For docker): Make sure that the `/data` folder is persistent, either to a
+- (For docker): Make sure that the `/data` folder is persistent, either to a
   docker volume or mounted from the host filesystem.
-  - Check if there is a `lldap_config.toml` file (either in `/data` for docker
+- Check if there is a `lldap_config.toml` file (either in `/data` for docker
   or in the current directory). If there isn't, copy
   `lldap_config.docker_template.toml` there, and fill in the various values
   (passwords, secrets, ...).
-  - Check if there is a `users.db` file (either in `/data` for docker or where
+- Check if there is a `users.db` file (either in `/data` for docker or where
   you specified the DB URL, which defaults to the current directory). If
   there isn't, check that the user running the command (user with ID 10001
   for docker) has the rights to write to the `/data` folder. If in doubt, you
   can `chmod 777 /data` (or whatever the folder) to make it world-writeable.
-  - Make sure you restart the server.
+- Make sure you restart the server.
-  - If it's still not working, join the
+- If it's still not working, join the
   [Discord server](https://discord.gg/h5PEdRMNyP) to ask for help.
 
 ## Contributions

example_configs/dex_config.yml

@@ -0,0 +1,32 @@
+# lldap configuration:
+# LLDAP_LDAP_BASE_DN:    dc=example,dc=com
+
+# ##############################
+# rest of the Dex options
+# ##############################
+
+connectors:
+  - type: ldap
+    id: ldap
+    name: LDAP
+    config:
+      host: lldap-host # make sure it does not start with `ldap://`
+      port: 3890 # or 6360 if you have ldaps enabled
+      insecureNoSSL: true # or false if you have ldaps enabled
+      insecureSkipVerify: true # or false if you have ldaps enabled
+      bindDN: uid=admin,ou=people,dc=example,dc=com # replace admin with your admin user
+      bindPW: very-secure-password # replace with your admin password
+      userSearch:
+        baseDN: ou=people,dc=example,dc=com
+        username: uid
+        idAttr: uid
+        emailAttr: mail
+        nameAttr: displayName
+        preferredUsernameAttr: uid
+      groupSearch:
+        baseDN: ou=groups,dc=example,dc=com
+        filter: "(objectClass=groupOfUniqueNames)"
+        userMatchers:
+          - userAttr: uid
+            groupAttr: member
+        nameAttr: displayName