website/docs: Minor LDAP and NGINX Documentation Updates (#1406)

* update LDAP documentation

* include domain level nginx forward auth example

* wrap in banner

* update placeholder
This commit is contained in:
Jeremy Willans 2021-09-17 17:47:27 +10:00 committed by GitHub
parent 3e4ce62dfe
commit fcbcfbc3c0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 1 deletions

View file

@ -2,7 +2,7 @@
title: Outposts
---
An outpost is a single deployment of a authentik component, which can be deployed in a completely separate environment. Currently, only the Proxy Provider is supported as outpost.
An outpost is a single deployment of a authentik component, which can be deployed in a completely separate environment. Currently, Proxy Provider and LDAP are supported as outposts.
![](outposts.png)

View file

@ -8,6 +8,10 @@ This feature is still in technical preview, so please report any Bugs you run in
You can configure an LDAP Provider for applications that don't support any newer protocols or require LDAP.
:::info
Note: This provider requires the deployment of the [LDAP Outpost](../outposts/outposts.md)
:::
All users and groups in authentik's database are searchable. Currently, there is a limited support for filters (you can only search for objectClass), but this will be expanded in further releases.
Binding against the LDAP Server uses a flow in the background. This allows you to use the same policies and flows as you do for web-based logins. The only limitation is that currently only identification and password stages are supported, due to how LDAP works.

View file

@ -34,6 +34,7 @@ For domain level, you'd use the same domain as authentik.
:::info
*example-outpost* is used as a placeholder for the outpost name.
*authentik.company* is used as a placeholder for the authentik install.
:::
## Nginx
@ -72,6 +73,9 @@ server {
# authentik-specific config
auth_request /akprox/auth;
error_page 401 = @akprox_signin;
# For domain level, use the below error_page to redirect to your Authentik server with the full redirect path
# error_page 401 =302 https://authentik.company/akprox/start?rd=$scheme://$http_host$request_uri;
# translate headers from the outposts back to the actual upstream
auth_request_set $username $upstream_http_x_auth_username;
auth_request_set $email $upstream_http_X_Forwarded_Email;