authelia: enable password reset #251

Merged
mg merged 2 commits from authelia_password-reset into master 2024-11-24 21:09:00 +01:00
3 changed files with 10 additions and 2 deletions

View file

@ -63,7 +63,7 @@ notifier:
# https://github.com/lldap/lldap/blob/main/example_configs/authelia_config.yml # https://github.com/lldap/lldap/blob/main/example_configs/authelia_config.yml
authentication_backend: authentication_backend:
password_reset: password_reset:
disable: true disable: false
refresh_interval: 1m refresh_interval: 1m
ldap: ldap:
implementation: custom implementation: custom
@ -83,4 +83,4 @@ authentication_backend:
user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net
password: '{{ lookup('viczem.keepass.keepass', 'authelia/lldap_authelia_bind_user', 'password') }}' password: '{{ lookup('viczem.keepass.keepass', 'authelia/lldap_authelia_bind_user', 'password') }}'
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/ # Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/

View file

@ -0,0 +1,7 @@
# authelia function matrix
| App | User | Password Reset | Group |
| - | - | - | - |
| ``authelia_*`` | `authelia_bind_user` | yes | `lldap_password_manager` |
| `forgejo` | `forgejo_bind_user` | no | `lldap_strict_readonly` + `lldap_password_manager` |
| `nextcloud` | `nextcloud_bind_user` | yes | `lldap_password_manager` |

View file

@ -45,5 +45,6 @@ php occ ldap:set-config s01 ldapUuidGroupAttribute auto
php occ ldap:set-config s01 ldapUuidUserAttribute auto php occ ldap:set-config s01 ldapUuidUserAttribute auto
php occ ldap:set-config s01 ldapExpertUsernameAttr user_id php occ ldap:set-config s01 ldapExpertUsernameAttr user_id
php occ ldap:set-config s01 ldap_mark_remnants_as_disabled 1 php occ ldap:set-config s01 ldap_mark_remnants_as_disabled 1
php occ ldap:set-config s01 ldap_turn_on_pwd_change 1
# damit der Login über LDAP geht muss das Attribute "DisplayName" gesetzt sein! # damit der Login über LDAP geht muss das Attribute "DisplayName" gesetzt sein!