Setting up a LLDAP server: Difference between revisions
Jhjacobs81 (talk | contribs) No edit summary |
Jhjacobs81 (talk | contribs) |
||
Line 13: | Line 13: | ||
= Configure = | = Configure = | ||
To configure LLDAP we have to create a config file, and an rc file to start it automaticly upon boot: | To configure LLDAP we have to create a config file, and an rc file to start it automaticly upon boot. First we generate 2 random strings to use in the configuration as jwt_secret and key_seed: | ||
{{Cmd| openssl rand -base64 15 && openssl rand -base64 15}} | |||
Then we paste the following configuration into /opt/lldap/lldap_config.toml and replace the jwt_secret and key_seed with the random generated value's: | |||
{{Cmd|<nowiki> | {{Cmd|<nowiki> | ||
ldap_port = 3890 | ldap_port = 3890 | ||
http_port = 17170 | http_port = 17170 | ||
Line 44: | Line 46: | ||
## Certificate key file. | ## Certificate key file. | ||
#key_file="/data/key.pem" | #key_file="/data/key.pem" | ||
</nowiki>}} | </nowiki>}} | ||
Revision as of 07:54, 3 October 2024
General
LLDAP is a small LDAP server designed for directory services without the overhead of a full blown OpenLDAP server. LLDAP server is designed for easy management using a simple web gui. It lacks some of the features found in other directory servers, because its specificly designed for easy use.
Install
Installing LLDAP is fairly simple and can be done in less then 5 minutes. start by logging in as root:
doas su -
Then we make sure the system is up to date and install wget:
apk update && apk upgrade && apk add wget
Then we make the directory for LLDAP to live in and install the software:
mkdir /opt/lldap && cd /opt/lldap
wget https://github.com/lldap/lldap/releases/download/v0.5.0/amd64-lldap.tar.gz && tar xzf amd64-lldap.tar.gz && mv amd64-lldap/* . && rm -rf amd64-lldap
Configure
To configure LLDAP we have to create a config file, and an rc file to start it automaticly upon boot. First we generate 2 random strings to use in the configuration as jwt_secret and key_seed:
openssl rand -base64 15 && openssl rand -base64 15
Then we paste the following configuration into /opt/lldap/lldap_config.toml and replace the jwt_secret and key_seed with the random generated value's:
ldap_port = 3890 http_port = 17170 http_url = "https://domain.tld" jwt_secret = "very-long-string" ldap_base_dn = "dc=domain,dc=tld" ldap_user_dn = "admin" ldap_user_email = "admin@domain.tld" ldap_user_pass = "very-strong-password" database_url = "sqlite:///opt/lldap/users.db?mode=rwc" key_seed = "random-string-again" [smtp_options] #enable_password_reset=true #server="smtp.gmail.com" #port=587 #smtp_encryption = "TLS" #user="sender@gmail.com" #password="password" #from="LLDAP Admin <sender@gmail.com>" #reply_to="Do not reply <noreply@localhost>" [ldaps_options] #enabled=true #port=6360 ## Certificate file. #cert_file="/data/cert.pem" ## Certificate key file. #key_file="/data/key.pem"
Replace domain.tld with your chose domain name. Next we need to create an openrc file so we can automaticly start lldap:
cat <<EOF > /etc/init.d/lldap #!/sbin/openrc-run name=lldap command="/opt/lldap/lldap" command_args="run" command_background="yes" pidfile="/run/lldap.pid" depend() { need net } start_pre() { cd /opt/lldap } EOF
This is not an extensive file, but it gets you running and ensures lldap starts and works correctly. Now we need to add it to the default runlevel and start the service
chmod +x /etc/init.d/lldap && rc-update add lldap
Use
To use LLDAP we can browse to http://<ip>:17170 and login with the credentials we specified in the config file.
This is a basic configuration. You can now connect other services that support ldap logins to LLDAP.
Troubleshooting
- Some troubleshooting information