Setting up a LLDAP server: Difference between revisions

From Alpine Linux
m (→‎Configure: Use path template; typo fix.)
 
(6 intermediate revisions by one other user not shown)
Line 1: Line 1:
= General =
= General =
LLDAP is a small LDAP server designed for directory services without the overhead of a full blown OpenLDAP server. LLDAP server is designed for easy management using a simple web gui. It lacks some of the features found in other directory servers, because its specificly designed for home use.
LLDAP is a small LDAP server designed for directory services without the overhead of a full blown OpenLDAP server. LLDAP server is designed for easy management using a simple web gui. It lacks some of the features found in other directory servers, because its specificly designed for easy use.


= Install =
= Install =
Line 9: Line 9:
Then we make the directory for LLDAP to live in and install the software:
Then we make the directory for LLDAP to live in and install the software:
{{Cmd|mkdir /opt/lldap && cd /opt/lldap}}
{{Cmd|mkdir /opt/lldap && cd /opt/lldap}}
{{Cmd|wget https://github.com/lldap/lldap/releases/download/v0.5.0/amd64-lldap.tar.gz && tar xzf amd64-lldap.tar.gz && mv amd64-lldap/* . && rn -rf amd64-lldap}}
{{Cmd|wget https://github.com/lldap/lldap/releases/download/v0.5.0/amd64-lldap.tar.gz && tar xzf amd64-lldap.tar.gz && mv amd64-lldap/* . && rm -rf amd64-lldap}}




= Configure =
= Configure =
To configure LLDAP we have to create a config file, and an rc file to start it automaticly upon boot:
To configure LLDAP we have to create a config file, and an rc file to start it automaticly upon boot. First we generate 2 random strings to use in the configuration as jwt_secret and key_seed:
{{Code|cat <<EOF > /opt/lldap/lldap_config.toml
{{Cmd| openssl rand -base64 15 && openssl rand -base64 15}}
 
Then we paste the following configuration into {{path|/opt/lldap/lldap_config.toml}} and replace the jwt_secret and key_seed with the random generated value's:
{{Cmd|<nowiki>
ldap_port = 3890
ldap_port = 3890
http_port = 17170
http_port = 17170
Line 43: Line 46:
## Certificate key file.
## Certificate key file.
#key_file="/data/key.pem"
#key_file="/data/key.pem"
EOF
</nowiki>}}
}}
 
Replace domain.tld with your chose domain name.
Replace domain.tld with your chose domain name.
Next we need to create an openrc file so we can automaticly start lldap:
Next we need to create an openrc file so we can automatically start lldap:


{{Code|cat <<EOF > /etc/init.d/lldap
{{Cmd|<nowiki>cat <<EOF > /etc/init.d/lldap
#!/sbin/openrc-run
#!/sbin/openrc-run


Line 65: Line 68:
         cd /opt/lldap
         cd /opt/lldap
}
}
EOF
</nowiki>}}


}}
This is not an extensive file, but it gets you running and ensures lldap starts and works correctly.
This is not an extensive file, but it gets you running and ensures lldap starts and works correctly.
Now we need to add it to the default runlevel and start the service
Now we need to add it to the default runlevel and start the service

Latest revision as of 02:08, 4 October 2024

General

LLDAP is a small LDAP server designed for directory services without the overhead of a full blown OpenLDAP server. LLDAP server is designed for easy management using a simple web gui. It lacks some of the features found in other directory servers, because its specificly designed for easy use.

Install

Installing LLDAP is fairly simple and can be done in less then 5 minutes. start by logging in as root:

doas su -

Then we make sure the system is up to date and install wget:

apk update && apk upgrade && apk add wget

Then we make the directory for LLDAP to live in and install the software:

mkdir /opt/lldap && cd /opt/lldap

wget https://github.com/lldap/lldap/releases/download/v0.5.0/amd64-lldap.tar.gz && tar xzf amd64-lldap.tar.gz && mv amd64-lldap/* . && rm -rf amd64-lldap


Configure

To configure LLDAP we have to create a config file, and an rc file to start it automaticly upon boot. First we generate 2 random strings to use in the configuration as jwt_secret and key_seed:

openssl rand -base64 15 && openssl rand -base64 15

Then we paste the following configuration into /opt/lldap/lldap_config.toml and replace the jwt_secret and key_seed with the random generated value's:

ldap_port = 3890 http_port = 17170 http_url = "https://domain.tld" jwt_secret = "very-long-string" ldap_base_dn = "dc=domain,dc=tld" ldap_user_dn = "admin" ldap_user_email = "admin@domain.tld" ldap_user_pass = "very-strong-password" database_url = "sqlite:///opt/lldap/users.db?mode=rwc" key_seed = "random-string-again" [smtp_options] #enable_password_reset=true #server="smtp.gmail.com" #port=587 #smtp_encryption = "TLS" #user="sender@gmail.com" #password="password" #from="LLDAP Admin <sender@gmail.com>" #reply_to="Do not reply <noreply@localhost>" [ldaps_options] #enabled=true #port=6360 ## Certificate file. #cert_file="/data/cert.pem" ## Certificate key file. #key_file="/data/key.pem"

Replace domain.tld with your chose domain name. Next we need to create an openrc file so we can automatically start lldap:

cat <<EOF > /etc/init.d/lldap #!/sbin/openrc-run name=lldap command="/opt/lldap/lldap" command_args="run" command_background="yes" pidfile="/run/lldap.pid" depend() { need net } start_pre() { cd /opt/lldap } EOF

This is not an extensive file, but it gets you running and ensures lldap starts and works correctly. Now we need to add it to the default runlevel and start the service

chmod +x /etc/init.d/lldap && rc-update add lldap

Use

To use LLDAP we can browse to http://<ip>:17170 and login with the credentials we specified in the config file.


This is a basic configuration. You can now connect other services that support ldap logins to LLDAP.

Troubleshooting

  • Some troubleshooting information


Resources