habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "website: latest migration to new structure" (#11634)

Browse Source 
Revert "website: latest migration to new structure (#11522)"

This reverts commit 9a89a5f94b.
This commit is contained in:
Tana M Berry
2024-10-08 17:30:50 -05:00
committed by GitHub
parent 9a89a5f94b
commit 6b2fced1b9
336 changed files with 883 additions and 2636 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
website/docs/add-secure-apps/providers/ldap/generic_setup.md
View File

@ -1,95 +0,0 @@
---
title: Create an LDAP provider
---
### Create Service account
1. Create a new user account to bind with under _Directory_ -> _Users_ -> _Create_, in this example called `ldapservice`.
Note the DN of this user will be `cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io`
:::info
Note: The `default-authentication-flow` validates MFA by default, and currently everything but SMS-based devices and WebAuthn devices are supported by LDAP. If you plan to use only dedicated service accounts to bind to LDAP, or don't use SMS-based authenticators, then you can use the default flow and skip the extra steps below and continue at [Create LDAP Application & Provider](#create-ldap-application--provider)
:::
### LDAP Flow
#### Create Custom Stages
1. Create a new identification stage. _Flows & Stage_ -> _Stages_ -> _Create_
![](./general_setup1.png)
2. Name it `ldap-identification-stage`. Select User fields Username and Email (and UPN if it is relevant to your setup).
![](./general_setup2.png)
3. Create a new password stage. _Flows & Stage_ -> _Stages_ -> _Create_
![](./general_setup3.png)
4. Name it `ldap-authentication-password`. Leave the defaults for Backends.
![](./general_setup4.png)
5. Create a new user login stage. _Flows & Stage_ -> _Stages_ -> _Create_
![](./general_setup5.png)
6. Name it `ldap-authentication-login`.
![](./general_setup6.png)
#### Create Custom Flow
1. Create a new authentication flow under _Flows & Stage_ -> _Flows_ -> _Create_, and name it `ldap-authentication-flow`
![](./general_setup7.png)
2. Click the newly created flow and choose _Stage Bindings_.
![](./general_setup8.png)
3. Click `Bind Stage` choose `ldap-identification-stage` and set the order to `10`.
![](./general_setup9.png)
4. Click `Bind Stage` choose `ldap-authentication-login` and set the order to `30`.
![](./general_setup11.png)
5. Edit the `ldap-identification-stage`.
![](./general_setup12.png)
6. Change the Password stage to `ldap-authentication-password`.
![](./general_setup13.png)
### Create LDAP Application & Provider
1. Create the LDAP Application under _Applications_ -> _Applications_ -> _Create With Wizard_ and name it `LDAP`.
![](./general_setup14.png)
![](./general_setup15.png)
### Assign LDAP permissions
1. Navigate to the LDAP Provider under _Applications_ -> _Providers_ -> `Provider for LDAP`.
2. Switch to the _Permissions_ tab.
3. Click the _Assign to new user_ button to select a user to assign the full directory search permission to.
4. Select the `ldapservice` user in the modal by typing in its username. Select the _Search full LDAP directory_ permission and click _Assign_
### Create LDAP Outpost
1. Create (or update) the LDAP Outpost under _Applications_ -> _Outposts_ -> _Create_. Set the Type to `LDAP` and choose the `LDAP` application created in the previous step.
![](./general_setup16.png)
:::info
The LDAP Outpost selects different providers based on their Base DN. Adding multiple providers with the same Base DN will result in inconsistent access
:::
### ldapsearch Test
Test connectivity by using ldapsearch.
:::info
ldapsearch can be installed on Linux system with these commands
```shell
sudo apt-get install ldap-utils -y # Debian-based systems
sudo yum install openldap-clients -y # CentOS-based systems
```
:::
```shell
ldapsearch \
-x \
-H ldap://<LDAP Outpost IP address>:<Port number 389> \ # In production it is recommended to use SSL, which also requires `ldaps://` as the protocol and the SSL port
-D 'cn=ldapservice,ou=users,DC=ldap,DC=goauthentik,DC=io' \
-w '<ldapuserpassword>' \
-b 'DC=ldap,DC=goauthentik,DC=io' \
'(objectClass=user)'
```
:::info
This query will log the first successful attempt in an event in the _Events_ -> _Logs_ area, further successful logins from the same user are not logged as they are cached in the outpost.
:::