website/docs: add LDAP Outpost docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
ee48b8c225
commit
2cad9a3d07
|
@ -51,7 +51,7 @@ export class OutpostForm extends Form<Outpost> {
|
|||
name="type">
|
||||
<select class="pf-c-form-control">
|
||||
<option value=${OutpostTypeEnum.Proxy} ?selected=${this.outpost?.type === OutpostTypeEnum.Proxy}>${t`Proxy`}</option>
|
||||
<option value=${OutpostTypeEnum.Ldap} ?selected=${this.outpost?.type === OutpostTypeEnum.Ldap}>${t`LDAP`}</option>
|
||||
<option value=${OutpostTypeEnum.Ldap} ?selected=${this.outpost?.type === OutpostTypeEnum.Ldap}>${t`LDAP (Technical preview)`}</option>
|
||||
</select>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal
|
||||
|
|
42
website/docs/outposts/ldap.md
Normal file
42
website/docs/outposts/ldap.md
Normal file
|
@ -0,0 +1,42 @@
|
|||
---
|
||||
title: LDAP Outpost
|
||||
---
|
||||
|
||||
:::info
|
||||
This feature is still in technical preview, so please report any Bugs you run into on [GitHub](https://github.com/goauthentik/authentik/issues)
|
||||
:::
|
||||
|
||||
You can configure an LDAP Provider for applications that don't support any newer protocols or require LDAP.
|
||||
|
||||
All users and groups in authentik's database are searchable. Currently, there is a limited support for filters (you can only search for objectClass), but this will be expanded in further releases.
|
||||
|
||||
Binding against the LDAP Server uses a flow in the background. This allows you to use the same policies and flows as you do for web-based logins. The only limitation is that currently only identification and password stages are supported, due to how LDAP works.
|
||||
|
||||
You can configure under which base DN the information should be available. For this documentation we'll use the default of `DC=ldap,DC=goauthentik,DC=io`.
|
||||
|
||||
Users are available under `cn=users,<base DN>` and groups under `cn=groups,<base DN>`.
|
||||
|
||||
The following fields are currently sent for users:
|
||||
|
||||
- cn: User's username
|
||||
- uid: Unique user identifier
|
||||
- name: User's name
|
||||
- displayName: User's name
|
||||
- mail: User's email address
|
||||
- objectClass: A list of these strings:
|
||||
- "user"
|
||||
- "organizationalPerson"
|
||||
- "goauthentik.io/ldap/user"
|
||||
- accountStatus: "active" if the account is active, otherwise "inactive"
|
||||
- superuser: "active" if the account is part of a group with superuser permissions, otherwise "inactive"
|
||||
- memberOf: A list of all DNs that the user is a member of
|
||||
|
||||
The following fields are current set for groups:
|
||||
|
||||
- cn: The group's name
|
||||
- uid: Unique group identifier
|
||||
- objectClass: A list of these strings:
|
||||
- "user"
|
||||
- "goauthentik.io/ldap/group"
|
||||
|
||||
**Additionally**, for both users and groups, any attributes you set are also present as LDAP Attributes.
|
|
@ -4,6 +4,18 @@ title: Next
|
|||
|
||||
## Headline Changes
|
||||
|
||||
- LDAP Provider
|
||||
|
||||
:::info
|
||||
This feature is still in technical preview, so please report any Bugs you run into on [GitHub](https://github.com/goauthentik/authentik/issues)
|
||||
:::
|
||||
|
||||
You can now configure an LDAP Provider for applications that don't support any newer protocols or require LDAP.
|
||||
|
||||
All users and groups in authentik's database are searchable. Currently, there is a limited support for filters (you can only search for objectClass), but this will be expanded in further releases.
|
||||
|
||||
Binding against the LDAP Server uses a flow in the background. This allows you to use the same policies and flows as you do for web-based logins. The only limitation is that currently only identification and password stages are supported, due to how LDAP works.
|
||||
|
||||
- Compatibility with forwardAuth/auth_request
|
||||
|
||||
The authentik proxy is now compatible with forwardAuth (traefik) / auth_request (nginx). All that is required is the latest version of the outpost,
|
||||
|
|
|
@ -35,6 +35,7 @@ module.exports = {
|
|||
items: [
|
||||
"outposts/outposts",
|
||||
"outposts/proxy",
|
||||
"outposts/ldap",
|
||||
"outposts/upgrading",
|
||||
"outposts/manual-deploy-docker-compose",
|
||||
"outposts/manual-deploy-kubernetes",
|
||||
|
|
Reference in a new issue