Connect Authelia to LDAP with LLDAP
This commit is contained in:
parent
7f14aaaa3d
commit
13c43273a5
GPG key ID:
7FCD64BD81180ED0
6 changed files with 59 additions and 8 deletions
|
|
@ -27,6 +27,31 @@ in {
|
|||
type = types.path;
|
||||
};
|
||||
|
||||
|
||||
# https://www.authelia.com/integration/ldap/lldap/
|
||||
ldap = {
|
||||
addr = mkOption {
|
||||
type = types.str;
|
||||
description = "LDAP URL";
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = "Path to LDAP service account password file";
|
||||
};
|
||||
|
||||
baseDN = mkOption {
|
||||
type = types.str;
|
||||
example = "DC=example,DC=com";
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
example = "UID=authelia,OU=people,DC=example,DC=com";
|
||||
};
|
||||
};
|
||||
|
||||
jwtSecretFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
|
|
@ -105,7 +130,7 @@ in {
|
|||
|
||||
config = mkIf cfg.enable {
|
||||
services.authelia.instances.main = {
|
||||
inherit (cfg) settingsFiles environmentVariables;
|
||||
inherit (cfg) settingsFiles;
|
||||
|
||||
enable = true;
|
||||
|
||||
|
|
@ -140,8 +165,12 @@ in {
|
|||
authentication_backend = {
|
||||
password_change.disable = true;
|
||||
password_reset.disable = true;
|
||||
file = {
|
||||
path = cfg.userDbFile;
|
||||
|
||||
ldap = {
|
||||
implementation = "lldap";
|
||||
address = cfg.ldap.addr;
|
||||
base_dn = cfg.ldap.baseDN;
|
||||
user = cfg.ldap.user;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -156,6 +185,10 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
environmentVariables = cfg.environmentVariables // {
|
||||
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE = cfg.ldap.passwordFile;
|
||||
};
|
||||
|
||||
secrets = {
|
||||
inherit
|
||||
(cfg)
|
||||
|
|
|
|||
|
|
@ -23,6 +23,12 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
ldap_port = mkOption {
|
||||
type = lib.types.port;
|
||||
default = 3890;
|
||||
description = "LDAP Port";
|
||||
};
|
||||
|
||||
environmentFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
|
|
@ -56,6 +62,7 @@ in {
|
|||
# Base setup.
|
||||
http_port = cfg.port;
|
||||
http_url = cfg.url;
|
||||
ldap_port = cfg.ldap_port;
|
||||
ldap_base_dn = cfg.base_dn;
|
||||
jwt_secret_file = cfg.jwtSecretFile;
|
||||
|
||||
|
|
@ -71,5 +78,7 @@ in {
|
|||
group = "lldap";
|
||||
};
|
||||
users.groups.lldap = {};
|
||||
|
||||
systemd.services.lldap.serviceConfig.DynamicUser = lib.mkForce false;
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue