website/integrations: update vcenter docs (#5706)

* Update index.md

Updates to include details for integrating with Authentik's LDAP outpost.

Signed-off-by: David Davtian <1940369+ddavtian@users.noreply.github.com>

* slight cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: David Davtian <1940369+ddavtian@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
David Davtian 2023-05-21 10:53:15 -07:00 committed by GitHub
parent 411ef239f6
commit 3dd200dbe5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 2 deletions

View File

@ -31,7 +31,7 @@ The following placeholders will be used:
- `vcenter.company` is the FQDN of the vCenter server.
- `authentik.company` is the FQDN of the authentik install.
Since vCenter only allows OpenID-Connect in combination with Active Directory, it is recommended to have authentik sync with the same Active Directory.
Since vCenter only allows OpenID-Connect in combination with Active Directory/LDAP, it is recommended to have authentik sync with the same Active Directory. You also have the option of connecting to an authentik managed LDAP outpost for user management.
### Step 1
@ -43,6 +43,25 @@ return {
}
```
If you are using an authentik managed LDAP outpost you can use the following expression in your property mapping. This will correctly return the `groups` claim as a list of LDAP DNs instead of their names.
```python
ldap_base_dn = "DC=ldap,DC=goauthentik,DC=io"
groups = []
for group in request.user.ak_groups.all():
group_dn = f"CN={group.name},dc=groups,{ldap_base_dn}"
groups.append(group_dn)
return {
"name": request.user.name,
"email": request.user.email,
"given_name": request.user.name,
"preferred_username": request.user.username,
"nickname": request.user.username,
"groups": groups,
"domain": "ldap.goauthentik.io"
}
```
### Step 2
:::note
@ -56,7 +75,7 @@ Under _Sources_, click _Edit_ and ensure that "authentik default Active Director
Under _Providers_, create an OAuth2/OpenID provider with these settings:
- Redirect URI: `https://vcenter.company/ui/login/oauth2/authcode`
- Sub Mode: If your Email address Schema matches your UPN, select "Based on the User's Email...", otherwise select "Based on the User's UPN...".
- Sub Mode: If your Email address Schema matches your UPN, select "Based on the User's Email...", otherwise select "Based on the User's UPN...". If you are using authentik's managed LDAP outpost, chose "Based on the User's username"
- Scopes: Select the Scope Mapping you've created in Step 1
- Signing Key: Select any available key