backend

2023-03-31 12:10:02 +02:00 · 2023-03-31 12:10:02 +02:00 · c8e47739c4
parent ff9a451088
commit c8e47739c4
2 changed files with 46 additions and 0 deletions
--- a/docker-compose/authelia/config/config.yml.j2
+++ b/docker-compose/authelia/config/config.yml.j2
@ -0,0 +1,44 @@
+
+
+# This is just the LDAP part of the Authelia configuration!
+authentication_backend:
+  # Password reset through authelia works normally.
+  password_reset:
+    disable: false
+  # How often authelia should check if there is an user update in LDAP
+  refresh_interval: 1m
+  ldap:
+    implementation: custom
+    # Pattern is ldap://HOSTNAME-OR-IP:PORT
+    # Normal ldap port is 389, standard in LLDAP is 3890
+    url: ldap://lldap-app:3890
+    # The dial timeout for LDAP.
+    timeout: 5s
+    # Use StartTLS with the LDAP connection, TLS not supported right now
+    start_tls: false
+    #tls:
+    #  skip_verify: false
+    #  minimum_version: TLS1.2
+    # Set base dn, like dc=google,dc.com
+    base_dn: dc=grote,dc=lan
+    username_attribute: uid
+    # You need to set this to ou=people, because all users are stored in this ou!
+    additional_users_dn: ou=people
+    # To allow sign in both with username and email, one can use a filter like
+    # (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
+    users_filter: "(&({username_attribute}={input})(objectClass=person))"
+    # Set this to ou=groups, because all groups are stored in this ou
+    additional_groups_dn: ou=groups
+    # Only this filter is supported right now
+    groups_filter: "(member={dn})"
+    # The attribute holding the name of the group.
+    group_name_attribute: cn
+    # Email attribute
+    mail_attribute: mail
+    # The attribute holding the display name of the user. This will be used to greet an authenticated user.
+    display_name_attribute: displayName
+    # The username and password of the admin user.
+    # "admin" should be the admin username you set in the LLDAP configuration
+    user: uid=admin,ou=people,dc=grote,dc=lan
+    # Password can also be set using a secret: https://www.authelia.com/docs/configuration/secrets.html
+    password: {{ lookup('keepass', 'LLDAP_LDAP_USER_PASS', 'password') }}
--- a/docker-compose/lldap/docker-compose.yml.j2
+++ b/docker-compose/lldap/docker-compose.yml.j2
@ -12,6 +12,7 @@ services:
      - "17170:17170"
    networks:
      - intern
+      - nw_aaa
      - traefik
    volumes:
      - /etc/localtime:/etc/localtime:ro
@ -65,6 +66,7 @@ volumes:
  db:
 ######## Networks ########
 networks:
+  nw_aaa:
  intern:
  traefik:
    external: true