From 88ff3e77836b953471ec144eaa469beb0b8510d1 Mon Sep 17 00:00:00 2001 From: Alexander Date: Sun, 24 Oct 2021 12:14:35 +0200 Subject: [PATCH] Added Authelia configuration --- README.md | 7 +++++ example_configs/authelia_config.yml | 46 +++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 example_configs/authelia_config.yml diff --git a/README.md b/README.md index 3e2a482..f35946c 100644 --- a/README.md +++ b/README.md @@ -105,6 +105,13 @@ filter like: `(memberOf=cn=admins,ou=groups,dc=example,dc=com)`. The administrator group for LLDAP is `lldap_admin`: anyone in this group has admin rights in the Web UI. +### Authelia configuration + +If you are using `LLDAP` as a backend for `Authelia` you need to adjust the +`Authelia` configuration. + +You can find an example `authelia_config.yml` inside the `example_configs` folder. + ## I can't log in! If you just set up the server, can get to the login page but the password you diff --git a/example_configs/authelia_config.yml b/example_configs/authelia_config.yml new file mode 100644 index 0000000..34e4f02 --- /dev/null +++ b/example_configs/authelia_config.yml @@ -0,0 +1,46 @@ +############################################################### +# Authelia configuration # +############################################################### + +# This is just the LDAP part of the Authelia configuration! + + +authentication_backend: + # Passwort reset through authelia does not work at the moment + disable_reset_password: false + # How often authelia should check if there is an user update in LDAP + refresh_interval: 1m + ldap: + implementation: custom + # Pattern is ldap://HOSTNAME-OR-IP:PORT + # Normal ldap port is 389, standard in LLDAP is 3890 + url: ldap://lldap:3890 + # The dial timeout for LDAP. + timeout: 5s + # Use StartTLS with the LDAP connection, TLS not supported right now + start_tls: false + #tls: + # skip_verify: false + # minimum_version: TLS1.2 + # Set base dn, like dc=google,dc.com + base_dn: dc=example,dc=com + username_attribute: uid + # You need to set this to ou=people, because all users are stored in this ou! + additional_users_dn: ou=people + # To allow sign in both with username and email, one can use a filter like + # (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)) + users_filter: (&({username_attribute}={input})(objectClass=person)) + # Set this to ou=groups, because all groups are stored in this ou + additional_groups_dn: ou=groups + # Only this filter is supported right now + groups_filter: (member={dn}) + # The attribute holding the name of the group. + group_name_attribute: cn + # Email attribute + mail_attribute: mail + # The attribute holding the display name of the user. This will be used to greet an authenticated user. + display_name_attribute: displayName + # The username and password of the admin user. + user: cn=admin,ou=people,dc=example,dc=com + # Password can also be set using a secret: https://www.authelia.com/docs/configuration/secrets.html + password: 'testtest'