Configuring Authentik
Once authentik is launched, there are several configurations
Sync with LDAP
To ease the onboarding of the users, the LDAP accounts should be used for authentik. To do so, from the administration page, select :
- Directory
- Federation and Social login
- Créer
- Select "LDAP Source"
- Give it a name
- Select : "Mettre a jour le mot de passe interne à la connexion", in order to store the password in authentik.
- Parameter de connexion :
- URI :
ldap://ldap.lavilleavelo.org - No SSL
- Bind DN :
cn=admin,o=lvv - Mot de passe : from Passe Partout
- DN Racine :
o=lvv
- URI :
- Mappage Utilisateurs : J'ai regarché dans la base LDAP des champs existant, a vérifier si possible. Selectionner :
- Active Directory Mapping : sn
- OpenLDAP Mapping: cn
- OpenLDAP Maaping: uid
- Mappage group: Selectionner :
- OpenLDAP Mapping: cn
- Paramétres additionnels :
- Filtres des objects Utilisateurs :
(objectClass=inetOrgPerson) - Filtres des objects de groups :
(objectClass=groupOfNames) - Champ d'appartenance au groupe :
member - User membership attribute :
distinguishedName - Champ d'unicité de l'objet :
cn
- Filtres des objects Utilisateurs :
/!\ The LDAP serveur needs to be accessible from Authentik ! The default port could be closed from the LDAP server, or hosted on another docker network. Check that.
The next step is : All members should log in at least once using the LDAP source though Authentik. At the first login, the password is stored (hashed) in authentik database. End the, the LDAP server can be disconnected.
It is also possible to just sync the user informations but the password, end the users will select "change password" from authentik, without user the LDAP password.