mirror of
https://github.com/nitnelave/lldap.git
synced 2023-04-12 14:25:13 +00:00
parent
c3d18dbbe8
commit
58b9c28a0b
124
README.md
124
README.md
@ -28,20 +28,20 @@
|
|||||||
</a>
|
</a>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
- [About](#About)
|
- [About](#about)
|
||||||
- [Installation](#Installation)
|
- [Installation](#installation)
|
||||||
- [With Docker](#With-Docker)
|
- [With Docker](#with-docker)
|
||||||
- [From source](#From-source)
|
- [From source](#from-source)
|
||||||
- [Cross-compilation](#Cross-compilation)
|
- [Cross-compilation](#cross-compilation)
|
||||||
- [Client configuration](#Client-configuration)
|
- [Client configuration](#client-configuration)
|
||||||
- [Compatible services](#compatible-services)
|
- [Compatible services](#compatible-services)
|
||||||
- [General configuration guide](#general-configuration-guide)
|
- [General configuration guide](#general-configuration-guide)
|
||||||
- [Sample client configurations](#Sample-client-configurations)
|
- [Sample client configurations](#sample-client-configurations)
|
||||||
- [Comparisons with other services](#Comparisons-with-other-services)
|
- [Comparisons with other services](#comparisons-with-other-services)
|
||||||
- [vs OpenLDAP](#vs-openldap)
|
- [vs OpenLDAP](#vs-openldap)
|
||||||
- [vs FreeIPA](#vs-freeipa)
|
- [vs FreeIPA](#vs-freeipa)
|
||||||
- [I can't log in!](#i-cant-log-in)
|
- [I can't log in!](#i-cant-log-in)
|
||||||
- [Contributions](#Contributions)
|
- [Contributions](#contributions)
|
||||||
|
|
||||||
## About
|
## About
|
||||||
|
|
||||||
@ -62,10 +62,11 @@ edit their own details or reset their password by email.
|
|||||||
|
|
||||||
The goal is _not_ to provide a full LDAP server; if you're interested in that,
|
The goal is _not_ to provide a full LDAP server; if you're interested in that,
|
||||||
check out OpenLDAP. This server is a user management system that is:
|
check out OpenLDAP. This server is a user management system that is:
|
||||||
* simple to setup (no messing around with `slapd`),
|
|
||||||
* simple to manage (friendly web UI),
|
- simple to setup (no messing around with `slapd`),
|
||||||
* low resources,
|
- simple to manage (friendly web UI),
|
||||||
* opinionated with basic defaults so you don't have to understand the
|
- low resources,
|
||||||
|
- opinionated with basic defaults so you don't have to understand the
|
||||||
subtleties of LDAP.
|
subtleties of LDAP.
|
||||||
|
|
||||||
It mostly targets self-hosting servers, with open-source components like
|
It mostly targets self-hosting servers, with open-source components like
|
||||||
@ -98,14 +99,14 @@ contents are loaded into the respective configuration parameters. Note that
|
|||||||
`_FILE` variables take precedence.
|
`_FILE` variables take precedence.
|
||||||
|
|
||||||
Example for docker compose:
|
Example for docker compose:
|
||||||
* You can use either the `:latest` tag image or `:stable` as used in this example.
|
|
||||||
* `:latest` tag image contains recently pushed code or feature tests, in which some instability can be expected.
|
|
||||||
* If `UID` and `GID` no defined LLDAP will use default `UID` and `GID` number `1000`.
|
|
||||||
* If no `TZ` is set, default `UTC` timezone will be used.
|
|
||||||
|
|
||||||
|
- You can use either the `:latest` tag image or `:stable` as used in this example.
|
||||||
|
- `:latest` tag image contains recently pushed code or feature tests, in which some instability can be expected.
|
||||||
|
- If `UID` and `GID` no defined LLDAP will use default `UID` and `GID` number `1000`.
|
||||||
|
- If no `TZ` is set, default `UTC` timezone will be used.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
version: '3'
|
version: "3"
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
lldap_data:
|
lldap_data:
|
||||||
@ -139,9 +140,9 @@ front-end.
|
|||||||
|
|
||||||
To compile the project, you'll need:
|
To compile the project, you'll need:
|
||||||
|
|
||||||
* nodejs 16: [nodesource nodejs installation guide](https://github.com/nodesource/distributions)
|
- nodejs 16: [nodesource nodejs installation guide](https://github.com/nodesource/distributions)
|
||||||
* curl: `sudo apt install curl`
|
- curl: `sudo apt install curl`
|
||||||
* Rust/Cargo: [rustup.rs](https://rustup.rs/)
|
- Rust/Cargo: [rustup.rs](https://rustup.rs/)
|
||||||
|
|
||||||
Then you can compile the server (and the migration tool if you want):
|
Then you can compile the server (and the migration tool if you want):
|
||||||
|
|
||||||
@ -155,8 +156,8 @@ just run `cargo run -- run` to run the server.
|
|||||||
To bring up the server, you'll need to compile the frontend. In addition to
|
To bring up the server, you'll need to compile the frontend. In addition to
|
||||||
cargo, you'll need:
|
cargo, you'll need:
|
||||||
|
|
||||||
* WASM-pack: `cargo install wasm-pack`
|
- WASM-pack: `cargo install wasm-pack`
|
||||||
* rollup.js: `npm install rollup`
|
- rollup.js: `npm install rollup`
|
||||||
|
|
||||||
Then you can build the frontend files with `./app/build.sh` (you'll need to run
|
Then you can build the frontend files with `./app/build.sh` (you'll need to run
|
||||||
this after every front-end change to update the WASM package served).
|
this after every front-end change to update the WASM package served).
|
||||||
@ -204,13 +205,14 @@ the config).
|
|||||||
### General configuration guide
|
### General configuration guide
|
||||||
|
|
||||||
To configure the services that will talk to LLDAP, here are the values:
|
To configure the services that will talk to LLDAP, here are the values:
|
||||||
- The LDAP user DN is from the configuration. By default,
|
|
||||||
|
- The LDAP user DN is from the configuration. By default,
|
||||||
`cn=admin,ou=people,dc=example,dc=com`.
|
`cn=admin,ou=people,dc=example,dc=com`.
|
||||||
- The LDAP password is from the configuration (same as to log in to the web
|
- The LDAP password is from the configuration (same as to log in to the web
|
||||||
UI).
|
UI).
|
||||||
- The users are all located in `ou=people,` + the base DN, so by default user
|
- The users are all located in `ou=people,` + the base DN, so by default user
|
||||||
`bob` is at `cn=bob,ou=people,dc=example,dc=com`.
|
`bob` is at `cn=bob,ou=people,dc=example,dc=com`.
|
||||||
- Similarly, the groups are located in `ou=groups`, so the group `family`
|
- Similarly, the groups are located in `ou=groups`, so the group `family`
|
||||||
will be at `cn=family,ou=groups,dc=example,dc=com`.
|
will be at `cn=family,ou=groups,dc=example,dc=com`.
|
||||||
|
|
||||||
Testing group membership through `memberOf` is supported, so you can have a
|
Testing group membership through `memberOf` is supported, so you can have a
|
||||||
@ -226,33 +228,35 @@ administration access to many services.
|
|||||||
Some specific clients have been tested to work and come with sample
|
Some specific clients have been tested to work and come with sample
|
||||||
configuration files, or guides. See the [`example_configs`](example_configs)
|
configuration files, or guides. See the [`example_configs`](example_configs)
|
||||||
folder for help with:
|
folder for help with:
|
||||||
- [Airsonic Advanced](example_configs/airsonic-advanced.md)
|
|
||||||
- [Apache Guacamole](example_configs/apacheguacamole.md)
|
- [Airsonic Advanced](example_configs/airsonic-advanced.md)
|
||||||
- [Authelia](example_configs/authelia_config.yml)
|
- [Apache Guacamole](example_configs/apacheguacamole.md)
|
||||||
- [Bookstack](example_configs/bookstack.env.example)
|
- [Authelia](example_configs/authelia_config.yml)
|
||||||
- [Calibre-Web](example_configs/calibre_web.md)
|
- [Bookstack](example_configs/bookstack.env.example)
|
||||||
- [Dell iDRAC](example_configs/dell_idrac.md)
|
- [Calibre-Web](example_configs/calibre_web.md)
|
||||||
- [Dokuwiki](example_configs/dokuwiki.md)
|
- [Dell iDRAC](example_configs/dell_idrac.md)
|
||||||
- [Dolibarr](example_configs/dolibarr.md)
|
- [Dex](example_configs/dex_config.yml)
|
||||||
- [Emby](example_configs/emby.md)
|
- [Dokuwiki](example_configs/dokuwiki.md)
|
||||||
- [Gitea](example_configs/gitea.md)
|
- [Dolibarr](example_configs/dolibarr.md)
|
||||||
- [Grafana](example_configs/grafana_ldap_config.toml)
|
- [Emby](example_configs/emby.md)
|
||||||
- [Hedgedoc](example_configs/hedgedoc.md)
|
- [Gitea](example_configs/gitea.md)
|
||||||
- [Jellyfin](example_configs/jellyfin.md)
|
- [Grafana](example_configs/grafana_ldap_config.toml)
|
||||||
- [Jitsi Meet](example_configs/jitsi_meet.conf)
|
- [Hedgedoc](example_configs/hedgedoc.md)
|
||||||
- [KeyCloak](example_configs/keycloak.md)
|
- [Jellyfin](example_configs/jellyfin.md)
|
||||||
- [Matrix](example_configs/matrix_synapse.yml)
|
- [Jitsi Meet](example_configs/jitsi_meet.conf)
|
||||||
- [Nextcloud](example_configs/nextcloud.md)
|
- [KeyCloak](example_configs/keycloak.md)
|
||||||
- [Organizr](example_configs/Organizr.md)
|
- [Matrix](example_configs/matrix_synapse.yml)
|
||||||
- [Portainer](example_configs/portainer.md)
|
- [Nextcloud](example_configs/nextcloud.md)
|
||||||
- [Seafile](example_configs/seafile.md)
|
- [Organizr](example_configs/Organizr.md)
|
||||||
- [Syncthing](example_configs/syncthing.md)
|
- [Portainer](example_configs/portainer.md)
|
||||||
- [Vaultwarden](example_configs/vaultwarden.md)
|
- [Seafile](example_configs/seafile.md)
|
||||||
- [WeKan](example_configs/wekan.md)
|
- [Syncthing](example_configs/syncthing.md)
|
||||||
- [WG Portal](example_configs/wg_portal.env.example)
|
- [Vaultwarden](example_configs/vaultwarden.md)
|
||||||
- [WikiJS](example_configs/wikijs.md)
|
- [WeKan](example_configs/wekan.md)
|
||||||
- [XBackBone](example_configs/xbackbone_config.php)
|
- [WG Portal](example_configs/wg_portal.env.example)
|
||||||
- [Zendto](example_configs/zendto.md)
|
- [WikiJS](example_configs/wikijs.md)
|
||||||
|
- [XBackBone](example_configs/xbackbone_config.php)
|
||||||
|
- [Zendto](example_configs/zendto.md)
|
||||||
|
|
||||||
## Comparisons with other services
|
## Comparisons with other services
|
||||||
|
|
||||||
@ -291,19 +295,19 @@ use. It also comes conveniently packed in a docker container.
|
|||||||
If you just set up the server, can get to the login page but the password you
|
If you just set up the server, can get to the login page but the password you
|
||||||
set isn't working, try the following:
|
set isn't working, try the following:
|
||||||
|
|
||||||
- (For docker): Make sure that the `/data` folder is persistent, either to a
|
- (For docker): Make sure that the `/data` folder is persistent, either to a
|
||||||
docker volume or mounted from the host filesystem.
|
docker volume or mounted from the host filesystem.
|
||||||
- Check if there is a `lldap_config.toml` file (either in `/data` for docker
|
- Check if there is a `lldap_config.toml` file (either in `/data` for docker
|
||||||
or in the current directory). If there isn't, copy
|
or in the current directory). If there isn't, copy
|
||||||
`lldap_config.docker_template.toml` there, and fill in the various values
|
`lldap_config.docker_template.toml` there, and fill in the various values
|
||||||
(passwords, secrets, ...).
|
(passwords, secrets, ...).
|
||||||
- Check if there is a `users.db` file (either in `/data` for docker or where
|
- Check if there is a `users.db` file (either in `/data` for docker or where
|
||||||
you specified the DB URL, which defaults to the current directory). If
|
you specified the DB URL, which defaults to the current directory). If
|
||||||
there isn't, check that the user running the command (user with ID 10001
|
there isn't, check that the user running the command (user with ID 10001
|
||||||
for docker) has the rights to write to the `/data` folder. If in doubt, you
|
for docker) has the rights to write to the `/data` folder. If in doubt, you
|
||||||
can `chmod 777 /data` (or whatever the folder) to make it world-writeable.
|
can `chmod 777 /data` (or whatever the folder) to make it world-writeable.
|
||||||
- Make sure you restart the server.
|
- Make sure you restart the server.
|
||||||
- If it's still not working, join the
|
- If it's still not working, join the
|
||||||
[Discord server](https://discord.gg/h5PEdRMNyP) to ask for help.
|
[Discord server](https://discord.gg/h5PEdRMNyP) to ask for help.
|
||||||
|
|
||||||
## Contributions
|
## Contributions
|
||||||
|
32
example_configs/dex_config.yml
Normal file
32
example_configs/dex_config.yml
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
# lldap configuration:
|
||||||
|
# LLDAP_LDAP_BASE_DN: dc=example,dc=com
|
||||||
|
|
||||||
|
# ##############################
|
||||||
|
# rest of the Dex options
|
||||||
|
# ##############################
|
||||||
|
|
||||||
|
connectors:
|
||||||
|
- type: ldap
|
||||||
|
id: ldap
|
||||||
|
name: LDAP
|
||||||
|
config:
|
||||||
|
host: lldap-host # make sure it does not start with `ldap://`
|
||||||
|
port: 3890 # or 6360 if you have ldaps enabled
|
||||||
|
insecureNoSSL: true # or false if you have ldaps enabled
|
||||||
|
insecureSkipVerify: true # or false if you have ldaps enabled
|
||||||
|
bindDN: uid=admin,ou=people,dc=example,dc=com # replace admin with your admin user
|
||||||
|
bindPW: very-secure-password # replace with your admin password
|
||||||
|
userSearch:
|
||||||
|
baseDN: ou=people,dc=example,dc=com
|
||||||
|
username: uid
|
||||||
|
idAttr: uid
|
||||||
|
emailAttr: mail
|
||||||
|
nameAttr: displayName
|
||||||
|
preferredUsernameAttr: uid
|
||||||
|
groupSearch:
|
||||||
|
baseDN: ou=groups,dc=example,dc=com
|
||||||
|
filter: "(objectClass=groupOfUniqueNames)"
|
||||||
|
userMatchers:
|
||||||
|
- userAttr: uid
|
||||||
|
groupAttr: member
|
||||||
|
nameAttr: displayName
|
Loading…
Reference in New Issue
Block a user