website/docs: Minor LDAP and NGINX Documentation Updates (#1406)
* update LDAP documentation * include domain level nginx forward auth example * wrap in banner * update placeholder
This commit is contained in:
parent
3e4ce62dfe
commit
fcbcfbc3c0
|
@ -2,7 +2,7 @@
|
|||
title: Outposts
|
||||
---
|
||||
|
||||
An outpost is a single deployment of a authentik component, which can be deployed in a completely separate environment. Currently, only the Proxy Provider is supported as outpost.
|
||||
An outpost is a single deployment of a authentik component, which can be deployed in a completely separate environment. Currently, Proxy Provider and LDAP are supported as outposts.
|
||||
|
||||
![](outposts.png)
|
||||
|
||||
|
|
|
@ -8,6 +8,10 @@ This feature is still in technical preview, so please report any Bugs you run in
|
|||
|
||||
You can configure an LDAP Provider for applications that don't support any newer protocols or require LDAP.
|
||||
|
||||
:::info
|
||||
Note: This provider requires the deployment of the [LDAP Outpost](../outposts/outposts.md)
|
||||
:::
|
||||
|
||||
All users and groups in authentik's database are searchable. Currently, there is a limited support for filters (you can only search for objectClass), but this will be expanded in further releases.
|
||||
|
||||
Binding against the LDAP Server uses a flow in the background. This allows you to use the same policies and flows as you do for web-based logins. The only limitation is that currently only identification and password stages are supported, due to how LDAP works.
|
||||
|
|
|
@ -34,6 +34,7 @@ For domain level, you'd use the same domain as authentik.
|
|||
|
||||
:::info
|
||||
*example-outpost* is used as a placeholder for the outpost name.
|
||||
*authentik.company* is used as a placeholder for the authentik install.
|
||||
:::
|
||||
|
||||
## Nginx
|
||||
|
@ -72,6 +73,9 @@ server {
|
|||
# authentik-specific config
|
||||
auth_request /akprox/auth;
|
||||
error_page 401 = @akprox_signin;
|
||||
# For domain level, use the below error_page to redirect to your Authentik server with the full redirect path
|
||||
# error_page 401 =302 https://authentik.company/akprox/start?rd=$scheme://$http_host$request_uri;
|
||||
|
||||
# translate headers from the outposts back to the actual upstream
|
||||
auth_request_set $username $upstream_http_x_auth_username;
|
||||
auth_request_set $email $upstream_http_X_Forwarded_Email;
|
||||
|
|
Reference in a new issue