From 53e62ecf5a1ee06d188b35b12d801fe5753b5dee Mon Sep 17 00:00:00 2001 From: Hendrik Sievers <89412959+hendrik1120@users.noreply.github.com> Date: Sun, 13 Jul 2025 22:29:09 +0200 Subject: [PATCH] docs: move authelia configuration to markdown file (#1205) --- example_configs/README.md | 2 +- example_configs/authelia.md | 39 +++++++++++++++++++++++++++++ example_configs/authelia_config.yml | 35 -------------------------- example_configs/seafile.md | 4 +-- 4 files changed, 42 insertions(+), 38 deletions(-) create mode 100644 example_configs/authelia.md delete mode 100644 example_configs/authelia_config.yml diff --git a/example_configs/README.md b/example_configs/README.md index 8ffefa2..27c7e21 100644 --- a/example_configs/README.md +++ b/example_configs/README.md @@ -6,7 +6,7 @@ configuration files: - [Airsonic Advanced](airsonic-advanced.md) - [Apache Guacamole](apacheguacamole.md) - [Apereo CAS Server](apereo_cas_server.md) -- [Authelia](authelia_config.yml) +- [Authelia](authelia.md) - [Authentik](authentik.md) - [Bookstack](bookstack.env.example) - [Calibre-Web](calibre_web.md) diff --git a/example_configs/authelia.md b/example_configs/authelia.md new file mode 100644 index 0000000..8f77a22 --- /dev/null +++ b/example_configs/authelia.md @@ -0,0 +1,39 @@ +# Configuration for Authelia + +## Authelia LDAP configuration + +For all configuration options see the [Authelia LDAP Documentation](https://www.authelia.com/configuration/first-factor/ldap/). + +The following example configuration uses the LLDAP implementation template, the default values are documented in the +[Authelia LLDAP Integration Guide](https://www.authelia.com/integration/ldap/lldap/). + +Users will be able to sign in using their username or email address. + +```yaml +authentication_backend: + # How often authelia should check if there is a user update in LDAP + refresh_interval: '1m' + ldap: + implementation: 'lldap' + # Format is [://][:] + # ldap port for LLDAP is 3890 and ldaps 6360 + address: 'ldap://lldap:3890' + # Set base dn that you configured in LLDAP + base_dn: 'DC=example,DC=com' + # The username and password of the bind user. + # "bind_user" should be the username you created for authentication with the "lldap_strict_readonly" permission. It is not recommended to use an actual admin account here. + # If you are configuring Authelia to change user passwords, then the account used here needs the "lldap_password_manager" permission instead. + user: 'UID=bind_user,OU=people,DC=example,DC=com' + # Password can also be set using a secret: https://www.authelia.com/configuration/methods/secrets/. + password: 'REPLACE_ME' + # Optional: Setup TLS if you've enabled LDAPS + # tls: + # skip_verify: false + # minimum_version: TLS1.2 + + # Disable the authelia password change and reset functionality if the "bind_user" does not have the "lldap_password_manager" permission. + password_reset: + disable: false + password_change: + disable: false +``` \ No newline at end of file diff --git a/example_configs/authelia_config.yml b/example_configs/authelia_config.yml deleted file mode 100644 index ae19268..0000000 --- a/example_configs/authelia_config.yml +++ /dev/null @@ -1,35 +0,0 @@ -############################################################### -# Authelia configuration # -############################################################### - -# This is just the LDAP part of the Authelia configuration! -# See Authelia docs at https://www.authelia.com/configuration/first-factor/ldap/ for more info - -authentication_backend: - # Password reset through authelia works normally. - password_reset: - disable: false - # How often authelia should check if there is a user update in LDAP - refresh_interval: 1m - ldap: - implementation: lldap - # Pattern is ldap://HOSTNAME-OR-IP:PORT - # Normal ldap port is 389, standard in LLDAP is 3890 - address: ldap://lldap:3890 - # Set base dn that you configured in LLDAP - base_dn: dc=example,dc=com - # The username and password of the bind user. - # "bind_user" should be the username you created for authentication with the "lldap_strict_readonly" permission. It is not recommended to use an actual admin account here. - # If you are configuring Authelia to change user passwords, then the account used here needs the "lldap_password_manager" permission instead. - user: uid=bind_user,ou=people,dc=example,dc=com - additional_users_dn: ou=people - # Password can also be set using a secret: https://www.authelia.com/configuration/methods/secrets/ - password: "REPLACE_ME" - - # Optional: Setup TLS if you've enabled LDAPS - # tls: - # skip_verify: false - # minimum_version: TLS1.2 - - # Optional: To allow sign in with BOTH username and email, you can change the users_filter to this - # users_filter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))" diff --git a/example_configs/seafile.md b/example_configs/seafile.md index 53f241c..74db5a1 100644 --- a/example_configs/seafile.md +++ b/example_configs/seafile.md @@ -56,7 +56,7 @@ FILTER = memberOf=cn=seafile_user,ou=groups,dc=example,dc=com ## Configuring Seafile to use LLDAP with Authelia as an intermediary Authelia is an open-source authentication and authorization server that can use LLDAP as a backend and act as an OpenID Connect Provider. We're going to assume that you have already set up Authelia and configured it with LLDAP. -If not, you can find an example configuration [here](authelia_config.yml). +If not, you can find an example configuration [here](authelia.md). 1. Add the following to Authelia's `configuration.yml`: ``` @@ -117,4 +117,4 @@ OAUTH_ATTRIBUTE_MAP = { } ``` -Restart both your Authelia and Seafile server. You should see a "Single Sign-On" button on Seafile's login page. Clicking it should redirect you to Authelia. If you use the [example config for Authelia](authelia_config.yml), you should be able to log in using your LLDAP User ID. +Restart both your Authelia and Seafile server. You should see a "Single Sign-On" button on Seafile's login page. Clicking it should redirect you to Authelia. If you use the [example config for Authelia](authelia.md), you should be able to log in using your LLDAP User ID.