HomarrH
Homarr16mo ago
49 replies
Larsluph

Trouble setting up LDAP sync

I'm currently trying to setup LDAP syncing with my local Authentik instance.

I created everything needed to make LDAP queries and tested querying the server from the Homarr container, here's the following command I used from a shell attached to the Homarr docker container that returned the list of users in my LDAP server: 
ldapsearch -x -H $AUTH_LDAP_URI -D "$AUTH_LDAP_BIND_DN" -b "$AUTH_LDAP_BASE" '(objectClass=user)' -w "$AUTH_LDAP_BIND_PASSWORD"


Here's my docker compose file so far:
services:
  homarr:
    container_name: homarr
    image: ghcr.io/ajnart/homarr:latest
    restart: unless-stopped
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - "${HOMARR_CONFIG}/configs:/app/data/configs"
      - "${HOMARR_CONFIG}/icons:/app/public/icons"
      - "${HOMARR_CONFIG}/data:/data"
      - "/var/run/docker.sock:/var/run/docker.sock"
    environment:
      DEFAULT_COLOR_SCHEME: dark
      PORT: ${HOMARR_PORT}
      AUTH_PROVIDER: ldap
      AUTH_LDAP_URI: "ldap://host.docker.internal"
      AUTH_LDAP_BASE: "${LDAP_BASE_DN}"
      AUTH_LDAP_BIND_DN: "${LDAP_BIND_USER}"
      AUTH_LDAP_BIND_PASSWORD: "${LDAP_BIND_PWD}"
      AUTH_LDAP_ADMIN_GROUP: "authentik Admins"
      AUTH_LDAP_OWNER_GROUP: "authentik Admins"
Solution
Because I currently have two layers of security, one for accessing the app (forward auth) which was already configured, and one for logging in and modifying boards (LDAP).
Authentik doesn't allow for backchannel (secondary) providers for OIDC so I gave LDAP a shot.
Now that you mention it, it might be a good idea to migrate both into a single OIDC provider if it's better supported by Homarr.
Jump to solution
Was this page helpful?
CommunitiesDocsAboutTermsPrivacy