mirror of
https://github.com/nitnelave/lldap.git
synced 2023-04-12 14:25:13 +00:00
readme: Add badges, client configuration guide
This commit is contained in:
parent
7d9c1b1eec
commit
fa937cc337
44
README.md
44
README.md
@ -1,5 +1,9 @@
|
||||
# lldap - Light LDAP implementation for authentication
|
||||
|
||||
![Build](https://github.com/nitnelave/lldap/actions/workflows/rust.yml/badge.svg)
|
||||
![Discord](https://img.shields.io/discord/898492935446876200)
|
||||
![Twitter Follow](https://img.shields.io/twitter/follow/nitnelave1?style=social)
|
||||
|
||||
WARNING: This project is still in alpha, with the basic core functionality
|
||||
implemented but still very rough. For updates, follow
|
||||
[@nitnelave1](https://twitter.com/nitnelave1) or join our [Discord
|
||||
@ -13,7 +17,7 @@ only speak LDAP protocol can talk to it and use it as an authentication server.
|
||||
![Screenshot of the user list page](screenshot.png)
|
||||
|
||||
The goal is _not_ to provide a full LDAP server; if you're interested in that,
|
||||
check out OpenLDAP. This server is made to be:
|
||||
check out OpenLDAP. This server is a user management system that is:
|
||||
* simple to setup (no messing around with `slapd`)
|
||||
* simple to manage (friendly web UI)
|
||||
* opinionated with basic defaults so you don't have to understand the
|
||||
@ -23,6 +27,10 @@ It mostly targets self-hosting servers, with open-source components like
|
||||
Nextcloud, Airsonic and so on that only support LDAP as a source of external
|
||||
authentication.
|
||||
|
||||
For more features (OAuth/OpenID support, reverse proxy, ...) you can install
|
||||
other components (KeyCloak, Authelia, ...) using this server as the source of
|
||||
truth for users, via LDAP.
|
||||
|
||||
## Setup
|
||||
|
||||
### With Docker
|
||||
@ -61,22 +69,6 @@ services:
|
||||
Then the service will listen on two ports, one for LDAP and one for the web
|
||||
front-end.
|
||||
|
||||
To configure the services that will talk to LLDAP, here are the values:
|
||||
- The LDAP user DN is from the configuration. By default,
|
||||
`cn=admin,dc=example,dc=com`.
|
||||
- The LDAP password is from the configuration (same as to log in to the web
|
||||
UI).
|
||||
- The users are all located in `ou=people,` + the base DN, so by default user
|
||||
`bob` is at `cn=bob,ou=people,dc=example,dc=com`.
|
||||
- Similarly, the groups are located in `ou=groups`, so the group `family`
|
||||
will be at `cn=family,ou=groups,dc=example,dc=com`.
|
||||
|
||||
Testing group membership through `membeOf` is supported, so you can have a
|
||||
filter like: `(memberOf=cn=admins,ou=groups,dc=example,dc=com)`.
|
||||
|
||||
The administrator group for LLDAP is `lldap_admin`: anyone in this group has
|
||||
admin rights in the Web UI.
|
||||
|
||||
### From source
|
||||
|
||||
To bring up the server, you'll need to compile the frontend. In addition to
|
||||
@ -93,6 +85,24 @@ To bring up the server, just run `cargo run`. The default config is in
|
||||
`lldap_config.toml`, setting environment variables or passing arguments to
|
||||
`cargo run`.
|
||||
|
||||
## Client configuration
|
||||
|
||||
To configure the services that will talk to LLDAP, here are the values:
|
||||
- The LDAP user DN is from the configuration. By default,
|
||||
`cn=admin,dc=example,dc=com`.
|
||||
- The LDAP password is from the configuration (same as to log in to the web
|
||||
UI).
|
||||
- The users are all located in `ou=people,` + the base DN, so by default user
|
||||
`bob` is at `cn=bob,ou=people,dc=example,dc=com`.
|
||||
- Similarly, the groups are located in `ou=groups`, so the group `family`
|
||||
will be at `cn=family,ou=groups,dc=example,dc=com`.
|
||||
|
||||
Testing group membership through `membeOf` is supported, so you can have a
|
||||
filter like: `(memberOf=cn=admins,ou=groups,dc=example,dc=com)`.
|
||||
|
||||
The administrator group for LLDAP is `lldap_admin`: anyone in this group has
|
||||
admin rights in the Web UI.
|
||||
|
||||
## Architecture
|
||||
|
||||
The server is entirely written in Rust, using [actix](https://actix.rs) for the
|
||||
|
Loading…
Reference in New Issue
Block a user