website/docs: Minor LDAP and NGINX Documentation Updates (#1406)
* update LDAP documentation * include domain level nginx forward auth example * wrap in banner * update placeholder
This commit is contained in:
parent
3e4ce62dfe
commit
fcbcfbc3c0
|
@ -2,7 +2,7 @@
|
||||||
title: Outposts
|
title: Outposts
|
||||||
---
|
---
|
||||||
|
|
||||||
An outpost is a single deployment of a authentik component, which can be deployed in a completely separate environment. Currently, only the Proxy Provider is supported as outpost.
|
An outpost is a single deployment of a authentik component, which can be deployed in a completely separate environment. Currently, Proxy Provider and LDAP are supported as outposts.
|
||||||
|
|
||||||
![](outposts.png)
|
![](outposts.png)
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,10 @@ This feature is still in technical preview, so please report any Bugs you run in
|
||||||
|
|
||||||
You can configure an LDAP Provider for applications that don't support any newer protocols or require LDAP.
|
You can configure an LDAP Provider for applications that don't support any newer protocols or require LDAP.
|
||||||
|
|
||||||
|
:::info
|
||||||
|
Note: This provider requires the deployment of the [LDAP Outpost](../outposts/outposts.md)
|
||||||
|
:::
|
||||||
|
|
||||||
All users and groups in authentik's database are searchable. Currently, there is a limited support for filters (you can only search for objectClass), but this will be expanded in further releases.
|
All users and groups in authentik's database are searchable. Currently, there is a limited support for filters (you can only search for objectClass), but this will be expanded in further releases.
|
||||||
|
|
||||||
Binding against the LDAP Server uses a flow in the background. This allows you to use the same policies and flows as you do for web-based logins. The only limitation is that currently only identification and password stages are supported, due to how LDAP works.
|
Binding against the LDAP Server uses a flow in the background. This allows you to use the same policies and flows as you do for web-based logins. The only limitation is that currently only identification and password stages are supported, due to how LDAP works.
|
||||||
|
|
|
@ -34,6 +34,7 @@ For domain level, you'd use the same domain as authentik.
|
||||||
|
|
||||||
:::info
|
:::info
|
||||||
*example-outpost* is used as a placeholder for the outpost name.
|
*example-outpost* is used as a placeholder for the outpost name.
|
||||||
|
*authentik.company* is used as a placeholder for the authentik install.
|
||||||
:::
|
:::
|
||||||
|
|
||||||
## Nginx
|
## Nginx
|
||||||
|
@ -72,6 +73,9 @@ server {
|
||||||
# authentik-specific config
|
# authentik-specific config
|
||||||
auth_request /akprox/auth;
|
auth_request /akprox/auth;
|
||||||
error_page 401 = @akprox_signin;
|
error_page 401 = @akprox_signin;
|
||||||
|
# For domain level, use the below error_page to redirect to your Authentik server with the full redirect path
|
||||||
|
# error_page 401 =302 https://authentik.company/akprox/start?rd=$scheme://$http_host$request_uri;
|
||||||
|
|
||||||
# translate headers from the outposts back to the actual upstream
|
# translate headers from the outposts back to the actual upstream
|
||||||
auth_request_set $username $upstream_http_x_auth_username;
|
auth_request_set $username $upstream_http_x_auth_username;
|
||||||
auth_request_set $email $upstream_http_X_Forwarded_Email;
|
auth_request_set $email $upstream_http_X_Forwarded_Email;
|
||||||
|
|
Reference in a new issue