Skip to content
TrueCharts Charts

Docs

News

Merch/Store

Installation notes

Default Configuration

LLDAP is configured using the default options generated by the application on first run. The exception to this is the ‘Base DN for LDAP’ option which has been exposed to the user.

values.yaml
workload:
  main:
    podSpec:
      containers:
        main:
          env:
            # replace with your domain
            LLDAP_LDAP_BASE_DN: "dc=example,dc=com"
            # initial lldap admin account
            LLDAP_LDAP_USER_DN: admin
            # initial lldap admin email
            LLDAP_LDAP_USER_EMAIL: email@gmail.com
            # above user password in plain text
            LLDAP_LDAP_USER_PASS: somepassword
            # allow password reset using email
            LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET: true
            # smtp setup (example is gmail)
            LLDAP_SMTP_OPTIONS__SERVER: smtp.gmail.com
            LLDAP_SMTP_OPTIONS__PORT: 587
            LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION: "STARTTLS"
            # gmail email address (username)
            LLDAP_SMTP_OPTIONS__USER: email@gmail.com
            # use a google app password if using gmail
            LLDAP_SMTP_OPTIONS__PASSWORD: somepassword
            # email address to show as sender
            LLDAP_SMTP_OPTIONS__FROM: "LLDAP Admin <no-reply@example.com>"
            # email address to show as reply address
            LLDAP_SMTP_OPTIONS__REPLY_TO: "Do not reply <no-reply@example.com>"

Usage

LLDAP can be used as the user backend for Authelia and Authentik as well as any other application that supports LDAP e.g. Jellyfin and Nextcloud. A specific guide for Authelia is available in this documentation but other authentication applications can be configured in a similar way.

When setting your bind user you should avoid using the admin user as this is a security risk. Instead, create a new user with the minimum permissions required for your application. LLDAP has a user group lldap_strict_readonly which can be used for this purpose. This group has read-only access to the LDAP database and can be used to create a new user with the minimum permissions required for your application. However, if you want to provide password reset then create a user in the lldap_password_manager group.

Support

  • If you need more details or have a more custom setup the documentation on the upstream is very useful so check the descriptions of the options there including example configs for various apps.
  • You can also reach us using Discord for real-time feedback and support

All Rights Reserved - The TrueCharts Project