readme: Add badges, client configuration guide

This commit is contained in:
Valentin Tolmer 2021-10-19 16:38:39 +09:00 committed by nitnelave
parent 7d9c1b1eec
commit fa937cc337

View File

@ -1,5 +1,9 @@
# lldap - Light LDAP implementation for authentication # lldap - Light LDAP implementation for authentication
![Build](https://github.com/nitnelave/lldap/actions/workflows/rust.yml/badge.svg)
![Discord](https://img.shields.io/discord/898492935446876200)
![Twitter Follow](https://img.shields.io/twitter/follow/nitnelave1?style=social)
WARNING: This project is still in alpha, with the basic core functionality WARNING: This project is still in alpha, with the basic core functionality
implemented but still very rough. For updates, follow implemented but still very rough. For updates, follow
[@nitnelave1](https://twitter.com/nitnelave1) or join our [Discord [@nitnelave1](https://twitter.com/nitnelave1) or join our [Discord
@ -13,7 +17,7 @@ only speak LDAP protocol can talk to it and use it as an authentication server.
![Screenshot of the user list page](screenshot.png) ![Screenshot of the user list page](screenshot.png)
The goal is _not_ to provide a full LDAP server; if you're interested in that, The goal is _not_ to provide a full LDAP server; if you're interested in that,
check out OpenLDAP. This server is made to be: check out OpenLDAP. This server is a user management system that is:
* simple to setup (no messing around with `slapd`) * simple to setup (no messing around with `slapd`)
* simple to manage (friendly web UI) * simple to manage (friendly web UI)
* opinionated with basic defaults so you don't have to understand the * opinionated with basic defaults so you don't have to understand the
@ -23,6 +27,10 @@ It mostly targets self-hosting servers, with open-source components like
Nextcloud, Airsonic and so on that only support LDAP as a source of external Nextcloud, Airsonic and so on that only support LDAP as a source of external
authentication. authentication.
For more features (OAuth/OpenID support, reverse proxy, ...) you can install
other components (KeyCloak, Authelia, ...) using this server as the source of
truth for users, via LDAP.
## Setup ## Setup
### With Docker ### With Docker
@ -61,22 +69,6 @@ services:
Then the service will listen on two ports, one for LDAP and one for the web Then the service will listen on two ports, one for LDAP and one for the web
front-end. front-end.
To configure the services that will talk to LLDAP, here are the values:
- The LDAP user DN is from the configuration. By default,
`cn=admin,dc=example,dc=com`.
- The LDAP password is from the configuration (same as to log in to the web
UI).
- The users are all located in `ou=people,` + the base DN, so by default user
`bob` is at `cn=bob,ou=people,dc=example,dc=com`.
- Similarly, the groups are located in `ou=groups`, so the group `family`
will be at `cn=family,ou=groups,dc=example,dc=com`.
Testing group membership through `membeOf` is supported, so you can have a
filter like: `(memberOf=cn=admins,ou=groups,dc=example,dc=com)`.
The administrator group for LLDAP is `lldap_admin`: anyone in this group has
admin rights in the Web UI.
### From source ### From source
To bring up the server, you'll need to compile the frontend. In addition to To bring up the server, you'll need to compile the frontend. In addition to
@ -93,6 +85,24 @@ To bring up the server, just run `cargo run`. The default config is in
`lldap_config.toml`, setting environment variables or passing arguments to `lldap_config.toml`, setting environment variables or passing arguments to
`cargo run`. `cargo run`.
## Client configuration
To configure the services that will talk to LLDAP, here are the values:
- The LDAP user DN is from the configuration. By default,
`cn=admin,dc=example,dc=com`.
- The LDAP password is from the configuration (same as to log in to the web
UI).
- The users are all located in `ou=people,` + the base DN, so by default user
`bob` is at `cn=bob,ou=people,dc=example,dc=com`.
- Similarly, the groups are located in `ou=groups`, so the group `family`
will be at `cn=family,ou=groups,dc=example,dc=com`.
Testing group membership through `membeOf` is supported, so you can have a
filter like: `(memberOf=cn=admins,ou=groups,dc=example,dc=com)`.
The administrator group for LLDAP is `lldap_admin`: anyone in this group has
admin rights in the Web UI.
## Architecture ## Architecture
The server is entirely written in Rust, using [actix](https://actix.rs) for the The server is entirely written in Rust, using [actix](https://actix.rs) for the