website/docs: add LDAP Outpost docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

web/src/pages/outposts/OutpostForm.ts

@@ -51,7 +51,7 @@ export class OutpostForm extends Form<Outpost> {
                 name="type">
                 <select class="pf-c-form-control">
                     <option value=${OutpostTypeEnum.Proxy} ?selected=${this.outpost?.type === OutpostTypeEnum.Proxy}>${t`Proxy`}</option>
-                    <option value=${OutpostTypeEnum.Ldap} ?selected=${this.outpost?.type === OutpostTypeEnum.Ldap}>${t`LDAP`}</option>
+                    <option value=${OutpostTypeEnum.Ldap} ?selected=${this.outpost?.type === OutpostTypeEnum.Ldap}>${t`LDAP (Technical preview)`}</option>
                 </select>
             </ak-form-element-horizontal>
             <ak-form-element-horizontal

website/docs/outposts/ldap.md

@@ -0,0 +1,42 @@
+---
+title: LDAP Outpost
+---
+
+:::info
+This feature is still in technical preview, so please report any Bugs you run into on [GitHub](https://github.com/goauthentik/authentik/issues)
+:::
+
+You can configure an LDAP Provider for applications that don't support any newer protocols or require LDAP.
+
+All users and groups in authentik's database are searchable. Currently, there is a limited support for filters (you can only search for objectClass), but this will be expanded in further releases.
+
+Binding against the LDAP Server uses a flow in the background. This allows you to use the same policies and flows as you do for web-based logins. The only limitation is that currently only identification and password stages are supported, due to how LDAP works.
+
+You can configure under which base DN the information should be available. For this documentation we'll use the default of `DC=ldap,DC=goauthentik,DC=io`.
+
+Users are available under `cn=users,<base DN>` and groups under `cn=groups,<base DN>`.
+
+The following fields are currently sent for users:
+
+- cn: User's username
+- uid: Unique user identifier
+- name: User's name
+- displayName: User's name
+- mail: User's email address
+- objectClass: A list of these strings:
+  - "user"
+  - "organizationalPerson"
+  - "goauthentik.io/ldap/user"
+- accountStatus: "active" if the account is active, otherwise "inactive"
+- superuser: "active" if the account is part of a group with superuser permissions, otherwise "inactive"
+- memberOf: A list of all DNs that the user is a member of
+
+The following fields are current set for groups:
+
+- cn: The group's name
+- uid: Unique group identifier
+- objectClass: A list of these strings:
+  - "user"
+  - "goauthentik.io/ldap/group"
+
+**Additionally**, for both users and groups, any attributes you set are also present as LDAP Attributes.

website/docs/releases/next.md

@@ -4,6 +4,18 @@ title: Next
 
 ## Headline Changes
 
+- LDAP Provider
+
+:::info
+This feature is still in technical preview, so please report any Bugs you run into on [GitHub](https://github.com/goauthentik/authentik/issues)
+:::
+
+    You can now configure an LDAP Provider for applications that don't support any newer protocols or require LDAP.
+
+    All users and groups in authentik's database are searchable. Currently, there is a limited support for filters (you can only search for objectClass), but this will be expanded in further releases.
+
+    Binding against the LDAP Server uses a flow in the background. This allows you to use the same policies and flows as you do for web-based logins. The only limitation is that currently only identification and password stages are supported, due to how LDAP works.
+
 - Compatibility with forwardAuth/auth_request
 
     The authentik proxy is now compatible with forwardAuth (traefik) / auth_request (nginx). All that is required is the latest version of the outpost,

website/sidebars.js

@@ -35,6 +35,7 @@ module.exports = {
             items: [
                 "outposts/outposts",
                 "outposts/proxy",
+                "outposts/ldap",
                 "outposts/upgrading",
                 "outposts/manual-deploy-docker-compose",
                 "outposts/manual-deploy-kubernetes",