docs: update ad docs for password writeback permissions

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-04-09 11:23:24 +02:00
parent 33fb06a299
commit e7b7186f4b
6 changed files with 9 additions and 4 deletions

Binary file not shown.

Before

Width:  |  Height:  |  Size: 26 KiB

After

Width:  |  Height:  |  Size: 41 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 31 KiB

After

Width:  |  Height:  |  Size: 59 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 80 KiB

View file

Before

Width:  |  Height:  |  Size: 64 KiB

After

Width:  |  Height:  |  Size: 64 KiB

View file

Before

Width:  |  Height:  |  Size: 52 KiB

After

Width:  |  Height:  |  Size: 52 KiB

View file

@ -19,7 +19,7 @@ The following placeholders will be used:
3. Give the User a password, generated using for example `pwgen 64 1`.
4. Open the Delegation of Control Wizard by right-clicking the domain.
4. Open the Delegation of Control Wizard by right-clicking the domain and selecting "All Tasks".
5. Select the authentik service user you've just created.
@ -27,8 +27,13 @@ The following placeholders will be used:
![](./02_delegate.png)
## authentik Setup
7. Grant these additional permissions (only required when *Sync users' password* is enabled, and dependant on your AD Domain)
![](./03_additional_perms.png)
Additional infos: https://support.microfocus.com/kb/doc.php?id=7023371
## authentik Setup
In authentik, create a new LDAP Source in Administration -> Sources.
Use these settings:
@ -55,8 +60,8 @@ The other settings might need to be adjusted based on the setup of your domain.
After you save the source, a synchronization will start in the background. When its done, you cen see the summary on the System Tasks page.
![](./03_ak_status.png)
![](./10_ak_status.png)
To finalise the Active Directory setup, you need to enable the backend "authentik LDAP" in the Password Stage.
![](./04_ak_stage.png)
![](./11_ak_stage.png)