Added instructions for Proxmox & PocketID #1186
Conversation
Added instructions for deploying LLDAP as a Proxmox LXC Container based on how I did it.
Added a logging block to `lldap_config.toml` Added an example configuration for PocketID
| <img alt="Discord" src="https://img.shields.io/discord/898492935446876200?label=discord&logo=discord" /> | ||
| </a> | ||
|
|
||
| <a href="https://twitter.com/nitnelave1?ref_src=twsrc%5Etfw"> |
There was a problem hiding this comment.
That's an... Interesting change :D
| WorkingDirectory=/var/lib/lldap | ||
| Environment="LLDAP_JWT_SECRET_FILE=/etc/lldap/.secrets/jwt_secret.txt" | ||
| Environment="LLDAP_LDAP_USER_PASS_FILE=/etc/lldap/.secrets/admin_pass.txt" | ||
| Environment="LLDAP_KEY_SEED=<your-random-key-seed-here>" |
There was a problem hiding this comment.
You can use LLDAP_KEY_SEED_FILE for consistency
| chmod 644 /var/log/lldap.log | ||
| ``` | ||
|
|
||
| * **Edit `/etc/lldap/lldap_config.toml` as follows:** |
There was a problem hiding this comment.
Can you instead call out the few values that are relevant? Maybe the DB URL, the certificate paths for LDAPS, and that's pretty much it. The rest should be adapted from the template from this repository, which includes the documentation and doesn't go out of date.
| cert_file = "/etc/lldap/ssl/cert.pem" | ||
| key_file = "/etc/lldap/ssl/key.pem" | ||
|
|
||
| [logging] |
There was a problem hiding this comment.
The [logging] section doesn't exist. Maybe you were thinking of the serviced file? LLDAP has the top-level "verbose=true" config value, but that's it. It always writes to standard output, it's up to the caller to redirect to a file.
| LLDAP configuration file: /usr/local/lldap_server/lldap_config.toml<br> | ||
| </details> | ||
| <details> | ||
| <summary><b>Proxmox LXC using Helper Scripts</b></summary> |
There was a problem hiding this comment.
This entire section doesn't really belong here. It should be in an example_configs file, and then linked from the readme.
Is everything necessary in this guide? Can we decouple the proxmox instructions from NPMplus and other tools?
Otherwise, it looks like a guide to your specific stack (which is very nice, but maybe more appropriate for a blog post than an official configuration guide)
| - A Reverse Proxy | ||
| - This example uses an NPMplus LXC Container set up using a [Proxmox VE Helper Scipt](https://community-scripts.github.io/ProxmoxVE/scripts?id=npmplus). NPMplus manages Let's Encrypt Wildcard Certificates | ||
| - An email account | ||
| - This example uses Yahoo Mail with an already configured Send-Only Email address & app password. |
There was a problem hiding this comment.
I think the references to Yahoo don't help. The instructions are applicable regardless of your email provider. The only call-out I would make is to warn that maybe you need an app password, depending on your provider.
| | Attribute | Value | | ||
| | --------------------------------- | ---------------- | | ||
| | User Unique Identifier Attribute | `uuid` | | ||
| | Username Attribute | `user_id` | |
There was a problem hiding this comment.
I would recommend using "uid", since some clients can't handle underscores
| | User Unique Identifier Attribute | `uuid` | | ||
| | Username Attribute | `user_id` | | ||
| | User Mail Attribute | `mail` | | ||
| | User First Name Attribute | `first_name` | |
| | Username Attribute | `user_id` | | ||
| | User Mail Attribute | `mail` | | ||
| | User First Name Attribute | `first_name` | | ||
| | User Last Name Attribute | `last_name` | |
| | User Profile Picture Attribute | `avatar` | | ||
| | Group Members Attribute | `member` | | ||
| | Group Unique Identifier Attribute | `uuid` | | ||
| | Group Name Attribute | `cn` | |
There was a problem hiding this comment.
Maybe "uid" or "displayname" for consistency/clarity? They're all equivalent
|
@AkshayRao27 - are you aware that there are already LLDAP and PocketID community scripts for a Proxmox LXC setup? If there are any problems with these, it might be worth to fix them: https://community-scripts.github.io/ProxmoxVE/scripts?id=lldap |
I deployed LLDAP as a Proxmox LXC and got it working with PocketID, so I documented everything I did. Hopefully this helps someone with their setup π