homeserver/docker-compose/authelia/configuration.yml.j2
Michael Grote a4444df568
All checks were successful
ansible-lint / gitleaks (push) Successful in 7s
ansible-lint / Ansible Lint (push) Successful in 46s
authelia: enable password reset (#251)
docker-compose/nextcloud/ldap.sh.j2

Signed-off-by: Michael Grote <michael.grote@posteo.de>

Reviewed-on: #251
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
2024-11-24 21:08:55 +01:00

86 lines
2.3 KiB
Django/Jinja

---
# geklaut von: https://ruanbekker.hashnode.dev/sso-with-authelia-using-traefik-on-docker + https://www.reddit.com/r/selfhosted/comments/158quyz/authelia_ldap_groups/
server.address: "0.0.0.0:9091"
theme: auto
log:
level: debug
identity_validation:
reset_password:
jwt_secret: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_jwt_secret', 'password') }}
totp:
issuer: totp.mgrote.net
access_control:
default_policy: deny
rules:
- domain: wiki.mgrote.net
policy: one_factor
subject:
- 'group:authelia_wiki'
- domain: rui.mgrote.net
policy: one_factor
subject:
- 'group:authelia_registry-ui'
session:
name: authelia_session
secret: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_session_secret', 'password') }}
expiration: 3600
inactivity: 300
cookies:
- name: mgrote.net
domain: mgrote.net
authelia_url: https://auth.mgrote.net
redis:
host: authelia-redis
port: 6379
regulation:
max_retries: 3
find_time: 120
ban_time: 300
storage:
encryption_key: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_storage_encryption_key', 'password') }}
mysql:
database: authelia
address: 'tcp://authelia-db:3306'
username: authelia
password: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}
notifier:
smtp:
address: postfix:25
sender: no-reply-authelia@mgrote.net
disable_require_tls: true
# ldap
# https://github.com/lldap/lldap/blob/main/example_configs/authelia_config.yml
authentication_backend:
password_reset:
disable: false
refresh_interval: 1m
ldap:
implementation: custom
address: ldap://lldap:3890
timeout: 5s
start_tls: false
base_dn: dc=mgrote,dc=net
additional_users_dn: ou=people
users_filter: "(&({username_attribute}={input})(objectClass=person))"
additional_groups_dn: ou=groups
groups_filter: "(&(member={dn})(objectclass=groupOfUniqueNames))"
attributes:
display_name: displayName
username: uid
group_name: cn
mail: mail
user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net
password: '{{ lookup('viczem.keepass.keepass', 'authelia/lldap_authelia_bind_user', 'password') }}'
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/