Installation notes
Default Configuration
LLDAP is configured using the default options generated by the application on first run. The exception to this is the ‘Base DN for LDAP’ option which has been exposed to the user.
workload: main: podSpec: containers: main: env: # replace with your domain LLDAP_LDAP_BASE_DN: "dc=example,dc=com" # initial lldap admin account LLDAP_LDAP_USER_DN: admin # initial lldap admin email # above user password in plain text LLDAP_LDAP_USER_PASS: somepassword # allow password reset using email LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET: true # smtp setup (example is gmail) LLDAP_SMTP_OPTIONS__SERVER: smtp.gmail.com LLDAP_SMTP_OPTIONS__PORT: 587 LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION: "STARTTLS" # gmail email address (username) # use a google app password if using gmail LLDAP_SMTP_OPTIONS__PASSWORD: somepassword # email address to show as sender # email address to show as reply address
Usage
LLDAP can be used as the user backend for Authelia and Authentik as well as any other application that supports LDAP e.g. Jellyfin and Nextcloud. A specific guide for Authelia is available in this documentation but other authentication applications can be configured in a similar way.
When setting your bind user you should avoid using the admin user as this is a security risk. Instead, create a new user with the minimum permissions required for your application. LLDAP has a user group lldap_strict_readonly
which can be used for this purpose. This group has read-only access to the LDAP database and can be used to create a new user with the minimum permissions required for your application. However, if you want to provide password reset then create a user in the lldap_password_manager
group.
Support
- If you need more details or have a more custom setup the documentation on the upstream is very useful so check the descriptions of the options there including example configs for various apps.
- You can also reach us using Discord for real-time feedback and support
All Rights Reserved - The TrueCharts Project