lldap/example_configs/authelia_config.yml

###############################################################
#                   Authelia configuration                    #
###############################################################

# This is just the LDAP part of the Authelia configuration!


authentication_backend:
  # Password reset through authelia works normally.
  password_reset:
    disable: false
  # How often authelia should check if there is an user update in LDAP
  refresh_interval: 1m
  ldap:
    implementation: custom
    # Pattern is ldap://HOSTNAME-OR-IP:PORT
    # Normal ldap port is 389, standard in LLDAP is 3890
    url: ldap://lldap:3890
    # The dial timeout for LDAP.
    timeout: 5s
    # Use StartTLS with the LDAP connection, TLS not supported right now
    start_tls: false
    #tls:
    #  skip_verify: false
    #  minimum_version: TLS1.2
    # Set base dn, like dc=google,dc.com
    base_dn: dc=example,dc=com
    username_attribute: uid
    # You need to set this to ou=people, because all users are stored in this ou!
    additional_users_dn: ou=people
    # To allow sign in both with username and email, one can use a filter like
    # (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
    users_filter: "(&({username_attribute}={input})(objectClass=person))"
    # Set this to ou=groups, because all groups are stored in this ou
    additional_groups_dn: ou=groups
    # The groups are not displayed in the UI, but this filter works.
    groups_filter: "(member={dn})"
    # The attribute holding the name of the group.
    group_name_attribute: cn
    # Email attribute
    mail_attribute: mail
    # The attribute holding the display name of the user. This will be used to greet an authenticated user.
    display_name_attribute: displayName
    # The username and password of the bind user.
    # "bind_user" should be the username you created for authentication with the "lldap_strict_readonly" permission. It is not recommended to use an actual admin account here.
    # If you are configuring Authelia to change user passwords, then the account used here needs the "lldap_password_manager" permission instead.
    user: uid=bind_user,ou=people,dc=example,dc=com
    # Password can also be set using a secret: https://www.authelia.com/docs/configuration/secrets.html
    password: 'REPLACE_ME'
Added Authelia configuration 2021-10-24 12:14:35 +02:00			`###############################################################`
			`# Authelia configuration #`
			`###############################################################`

			`# This is just the LDAP part of the Authelia configuration!`


			`authentication_backend:`
authelia: Re-enable password reset 2021-11-25 10:13:21 +01:00			`# Password reset through authelia works normally.`
Update Authelia config for Authelia 4.36.1 Authelia 4.36.1 changed the key for password resets. Fixed an error where the user: field was incorrectly set to uid=admin, resulting in a fatal error starting Authelia. 2022-07-01 08:10:11 +02:00			`password_reset:`
			`disable: false`
Added Authelia configuration 2021-10-24 12:14:35 +02:00			`# How often authelia should check if there is an user update in LDAP`
authelia: Re-enable password reset 2021-11-25 10:13:21 +01:00			`refresh_interval: 1m`
Added Authelia configuration 2021-10-24 12:14:35 +02:00			`ldap:`
			`implementation: custom`
			`# Pattern is ldap://HOSTNAME-OR-IP:PORT`
			`# Normal ldap port is 389, standard in LLDAP is 3890`
			`url: ldap://lldap:3890`
			`# The dial timeout for LDAP.`
			`timeout: 5s`
			`# Use StartTLS with the LDAP connection, TLS not supported right now`
			`start_tls: false`
			`#tls:`
			`# skip_verify: false`
			`# minimum_version: TLS1.2`
			`# Set base dn, like dc=google,dc.com`
			`base_dn: dc=example,dc=com`
			`username_attribute: uid`
			`# You need to set this to ou=people, because all users are stored in this ou!`
			`additional_users_dn: ou=people`
			`# To allow sign in both with username and email, one can use a filter like`
			`# (&(\|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))`
example_configs: Add quotes to authelia filters 2022-10-19 14:12:55 +02:00			`users_filter: "(&({username_attribute}={input})(objectClass=person))"`
Added Authelia configuration 2021-10-24 12:14:35 +02:00			`# Set this to ou=groups, because all groups are stored in this ou`
			`additional_groups_dn: ou=groups`
docs: add lldap-cli references, improve README 2024-01-13 22:51:46 +01:00			`# The groups are not displayed in the UI, but this filter works.`
example_configs: Add quotes to authelia filters 2022-10-19 14:12:55 +02:00			`groups_filter: "(member={dn})"`
Added Authelia configuration 2021-10-24 12:14:35 +02:00			`# The attribute holding the name of the group.`
			`group_name_attribute: cn`
			`# Email attribute`
			`mail_attribute: mail`
			`# The attribute holding the display name of the user. This will be used to greet an authenticated user.`
			`display_name_attribute: displayName`
example_configs: fix role in authelia 2024-03-14 20:42:03 +01:00			`# The username and password of the bind user.`
			`# "bind_user" should be the username you created for authentication with the "lldap_strict_readonly" permission. It is not recommended to use an actual admin account here.`
			`# If you are configuring Authelia to change user passwords, then the account used here needs the "lldap_password_manager" permission instead.`
			`user: uid=bind_user,ou=people,dc=example,dc=com`
Added Authelia configuration 2021-10-24 12:14:35 +02:00			`# Password can also be set using a secret: https://www.authelia.com/docs/configuration/secrets.html`
Added Authelia configuration 2021-10-24 12:31:01 +02:00			`password: 'REPLACE_ME'`