From 2cad9a3d07e7d381ac833081e572125e4483cfb9 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 5 May 2021 11:48:07 +0200 Subject: [PATCH] website/docs: add LDAP Outpost docs Signed-off-by: Jens Langhammer --- web/src/pages/outposts/OutpostForm.ts | 2 +- website/docs/outposts/ldap.md | 42 +++++++++++++++++++++++++++ website/docs/releases/next.md | 12 ++++++++ website/sidebars.js | 1 + 4 files changed, 56 insertions(+), 1 deletion(-) create mode 100644 website/docs/outposts/ldap.md diff --git a/web/src/pages/outposts/OutpostForm.ts b/web/src/pages/outposts/OutpostForm.ts index dfec1651e..24d531a40 100644 --- a/web/src/pages/outposts/OutpostForm.ts +++ b/web/src/pages/outposts/OutpostForm.ts @@ -51,7 +51,7 @@ export class OutpostForm extends Form { name="type"> ` and groups under `cn=groups,`. + +The following fields are currently sent for users: + +- cn: User's username +- uid: Unique user identifier +- name: User's name +- displayName: User's name +- mail: User's email address +- objectClass: A list of these strings: + - "user" + - "organizationalPerson" + - "goauthentik.io/ldap/user" +- accountStatus: "active" if the account is active, otherwise "inactive" +- superuser: "active" if the account is part of a group with superuser permissions, otherwise "inactive" +- memberOf: A list of all DNs that the user is a member of + +The following fields are current set for groups: + +- cn: The group's name +- uid: Unique group identifier +- objectClass: A list of these strings: + - "user" + - "goauthentik.io/ldap/group" + +**Additionally**, for both users and groups, any attributes you set are also present as LDAP Attributes. diff --git a/website/docs/releases/next.md b/website/docs/releases/next.md index 0fa632395..fdbcf2c3b 100644 --- a/website/docs/releases/next.md +++ b/website/docs/releases/next.md @@ -4,6 +4,18 @@ title: Next ## Headline Changes +- LDAP Provider + +:::info +This feature is still in technical preview, so please report any Bugs you run into on [GitHub](https://github.com/goauthentik/authentik/issues) +::: + + You can now configure an LDAP Provider for applications that don't support any newer protocols or require LDAP. + + All users and groups in authentik's database are searchable. Currently, there is a limited support for filters (you can only search for objectClass), but this will be expanded in further releases. + + Binding against the LDAP Server uses a flow in the background. This allows you to use the same policies and flows as you do for web-based logins. The only limitation is that currently only identification and password stages are supported, due to how LDAP works. + - Compatibility with forwardAuth/auth_request The authentik proxy is now compatible with forwardAuth (traefik) / auth_request (nginx). All that is required is the latest version of the outpost, diff --git a/website/sidebars.js b/website/sidebars.js index 7edd7b216..0129a9ffa 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -35,6 +35,7 @@ module.exports = { items: [ "outposts/outposts", "outposts/proxy", + "outposts/ldap", "outposts/upgrading", "outposts/manual-deploy-docker-compose", "outposts/manual-deploy-kubernetes",