--- title: description: date: 2023-04-20 lang: zh-tw tags: - 樹莓派 - Linux - docker --- # 樹莓派筆記- LLDAP 先前資料庫都是各做各的，而且要添加新使用者很麻煩 現在要將他們整合起來 LLDAP提供簡易的Web UI 很容易使用 ## docker-compose `docker-compose.yml` ```yml= version: '3.3' networks: default: name: ${DOCKER_MY_NETWORK} external: true services: lldap: container_name: lldap image: nitnelave/lldap:stable restart: unless-stopped expose: - 3890 # LDAP - 17170 # Web UI env_file: - stack.env volumes: - ${HOME_PATH}/lldap/data:/data ``` ## .env `stack.env` ```env= DOCKER_MY_NETWORK=caddy_net HOME_PATH=<your path> TZ=Asia/Taipei LLDAP_LDAP_BASE_DN="dc=example,dc=com" #改成自己的域名 #用這個創建隨機密鑰 https://www.grc.com/passwords.htm LLDAP_JWT_SECRET="隨機密鑰" LLDAP_LDAP_USER_PASS="預設帳號密碼" LLDAP_DATABASE_URL=postgres://Username:Password@postgres:5432/DateBase-Name ``` ## Caddyfile 添加以下 `Caddyfile` ```Caddyfile= lldap.{$MY_DOMAIN} { forward_auth authelia:9091 { uri /api/verify?rd=https://auth.{$MY_DOMAIN}/ copy_headers Remote-User Remote-Groups Remote-Name Remote-Email ## This import needs to be included if you're relying on a trusted proxies configuration. import trusted_proxy_list } reverse_proxy lldap:17170 { ## This import needs to be included if you're relying on a trusted proxies configuration. import trusted_proxy_list } } ``` ## 使用 Web UI :::warning 設定好後，就去Caddyfile註解掉 不要暴露在公網上 ::: 進入`lldap .{$MY_DOMAIN}` 先登入Authelia，就會跳轉至lldap web ui lldap 預設的管理者帳號是:`admin`;密碼:先前設的管理者密碼 使用方法很簡單，一看就會了 ## Ref * https://github.com/lldap/lldap * https://helgeklein.com/blog/authentication-sso-user-management-password-reset-for-home-networks/