ca89201bd8
* outposts: initial ldap outpost implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: add LDAP Binding using flows Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: add API to check access to single application by slug Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/ldap: check application access Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/ldap: add LDAP provider Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/ldap: add ability to use multiple providers on the same outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add UI for LDAP Provider Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/ldap: fix linting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/ldap: add controllers Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: fix type not being configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/ldap: use authorization_flow instead of separate field Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/ldap: add dockerfile Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/ldap: fix lint error Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: add groups to users Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/ldap: add search_group to limit who can do search requests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/ldap: improve logging,return success for empty DN Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: allow outposts to have non-object specific permissions Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/ldap: use forked version of ldap library Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/ldap: save user DN to determine who can search Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * */api: fix lookups per user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: only show plex servers you own Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * lib: add support for file:// protocol in config file Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: hide oauth client secret if not updating Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/ldap: check access based on Group Membership Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: show users and groups when user has overall user permissions Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * lib: handle errors when reading config from file:// Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix package json failing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: bump node spec to 16x for npm version and lockfile v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
What is authentik?
authentik is an open-source Identity Provider focused on flexibility and versatility. You can use authentik in an existing environment to add support for new protocols. authentik is also a great solution for implementing signup/recovery/etc in your application, so you don't have to deal with it.
Installation
For small/test setups it is recommended to use docker-compose, see the documentation
For bigger setups, there is a Helm Chart in the helm/ directory. This is documented here
Screenshots
| Light | Dark |
|---|---|
 |
 |
 |
 |
Development
Security
See SECURITY.md