trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

website/docs: Minor LDAP and NGINX Documentation Updates (#1406) 

* update LDAP documentation

* include domain level nginx forward auth example

* wrap in banner

* update placeholder
This commit is contained in:
Jeremy Willans 2021-09-17 17:47:27 +10:00 committed by GitHub
parent 3e4ce62dfe
commit fcbcfbc3c0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
website/docs/outposts/outposts.md
View File

@ -2,7 +2,7 @@
title: Outposts title: Outposts
--- ---
An outpost is a single deployment of a authentik component, which can be deployed in a completely separate environment. Currently, only the Proxy Provider is supported as outpost. An outpost is a single deployment of a authentik component, which can be deployed in a completely separate environment. Currently, Proxy Provider and LDAP are supported as outposts.
![](outposts.png) ![](outposts.png)

4
website/docs/providers/ldap.md
View File

@ -8,6 +8,10 @@ This feature is still in technical preview, so please report any Bugs you run in
You can configure an LDAP Provider for applications that don't support any newer protocols or require LDAP. You can configure an LDAP Provider for applications that don't support any newer protocols or require LDAP.
:::info
Note: This provider requires the deployment of the [LDAP Outpost](../outposts/outposts.md)
:::
All users and groups in authentik's database are searchable. Currently, there is a limited support for filters (you can only search for objectClass), but this will be expanded in further releases. All users and groups in authentik's database are searchable. Currently, there is a limited support for filters (you can only search for objectClass), but this will be expanded in further releases.
Binding against the LDAP Server uses a flow in the background. This allows you to use the same policies and flows as you do for web-based logins. The only limitation is that currently only identification and password stages are supported, due to how LDAP works. Binding against the LDAP Server uses a flow in the background. This allows you to use the same policies and flows as you do for web-based logins. The only limitation is that currently only identification and password stages are supported, due to how LDAP works.

4
website/docs/providers/proxy/forward_auth.mdx
View File

@ -34,6 +34,7 @@ For domain level, you'd use the same domain as authentik.
:::info :::info
*example-outpost* is used as a placeholder for the outpost name. *example-outpost* is used as a placeholder for the outpost name.
*authentik.company* is used as a placeholder for the authentik install.
::: :::
## Nginx ## Nginx
@ -72,6 +73,9 @@ server {
# authentik-specific config # authentik-specific config
auth_request /akprox/auth; auth_request /akprox/auth;
error_page 401 = @akprox_signin; error_page 401 = @akprox_signin;
# For domain level, use the below error_page to redirect to your Authentik server with the full redirect path
# error_page 401 =302 https://authentik.company/akprox/start?rd=$scheme://$http_host$request_uri;
# translate headers from the outposts back to the actual upstream # translate headers from the outposts back to the actual upstream
auth_request_set $username $upstream_http_x_auth_username; auth_request_set $username $upstream_http_x_auth_username;
auth_request_set $email $upstream_http_X_Forwarded_Email; auth_request_set $email $upstream_http_X_Forwarded_Email;