authelia: enable password reset #251
3 changed files with 10 additions and 2 deletions
|
@ -63,7 +63,7 @@ notifier:
|
||||||
# https://github.com/lldap/lldap/blob/main/example_configs/authelia_config.yml
|
# https://github.com/lldap/lldap/blob/main/example_configs/authelia_config.yml
|
||||||
authentication_backend:
|
authentication_backend:
|
||||||
password_reset:
|
password_reset:
|
||||||
disable: true
|
disable: false
|
||||||
refresh_interval: 1m
|
refresh_interval: 1m
|
||||||
ldap:
|
ldap:
|
||||||
implementation: custom
|
implementation: custom
|
||||||
|
@ -83,4 +83,4 @@ authentication_backend:
|
||||||
user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net
|
user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net
|
||||||
password: '{{ lookup('viczem.keepass.keepass', 'authelia/lldap_authelia_bind_user', 'password') }}'
|
password: '{{ lookup('viczem.keepass.keepass', 'authelia/lldap_authelia_bind_user', 'password') }}'
|
||||||
|
|
||||||
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/
|
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/
|
||||||
|
|
7
docker-compose/authelia/docs.md
Normal file
7
docker-compose/authelia/docs.md
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
# authelia function matrix
|
||||||
|
|
||||||
|
| App | User | Password Reset | Group |
|
||||||
|
| - | - | - | - |
|
||||||
|
| ``authelia_*`` | `authelia_bind_user` | yes | `lldap_password_manager` |
|
||||||
|
| `forgejo` | `forgejo_bind_user` | no | `lldap_strict_readonly` + `lldap_password_manager` |
|
||||||
|
| `nextcloud` | `nextcloud_bind_user` | yes | `lldap_password_manager` |
|
|
@ -45,5 +45,6 @@ php occ ldap:set-config s01 ldapUuidGroupAttribute auto
|
||||||
php occ ldap:set-config s01 ldapUuidUserAttribute auto
|
php occ ldap:set-config s01 ldapUuidUserAttribute auto
|
||||||
php occ ldap:set-config s01 ldapExpertUsernameAttr user_id
|
php occ ldap:set-config s01 ldapExpertUsernameAttr user_id
|
||||||
php occ ldap:set-config s01 ldap_mark_remnants_as_disabled 1
|
php occ ldap:set-config s01 ldap_mark_remnants_as_disabled 1
|
||||||
|
php occ ldap:set-config s01 ldap_turn_on_pwd_change 1
|
||||||
|
|
||||||
# damit der Login über LDAP geht muss das Attribute "DisplayName" gesetzt sein!
|
# damit der Login über LDAP geht muss das Attribute "DisplayName" gesetzt sein!
|
||||||
|
|
Loading…
Reference in a new issue