diff options
author | oupala | 2020-07-01 11:52:17 +0200 |
---|---|---|
committer | oupala | 2020-07-10 18:57:59 +0200 |
commit | 2f462f90d4608763e5cb9618ec80d939a679fe2e (patch) | |
tree | 0f13c88084116c53edfd0752576b7f596b5d8030 /docs/guides/auth/ldap-ad.md | |
parent | 73219909602e026616af6a97f588bc9e0eab1fa8 (diff) |
style: linting markdown files
Linting markdown files according to default remark-lint configuration.
Files inside the `public` directory were not linted.
Signed-off-by: oupala <oupala@users.noreply.github.com>
Diffstat (limited to 'docs/guides/auth/ldap-ad.md')
-rw-r--r-- | docs/guides/auth/ldap-ad.md | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/docs/guides/auth/ldap-ad.md b/docs/guides/auth/ldap-ad.md new file mode 100644 index 00000000..fa41346e --- /dev/null +++ b/docs/guides/auth/ldap-ad.md @@ -0,0 +1,38 @@ +# AD LDAP auth + +To setup your CodiMD instance with Active Directory you need the following configs: + +```env +CMD_LDAP_URL=ldap://internal.example.com +CMD_LDAP_BINDDN=cn=binduser,cn=Users,dc=internal,dc=example,dc=com +CMD_LDAP_BINDCREDENTIALS=<super secret password> +CMD_LDAP_SEARCHBASE=dc=internal,dc=example,dc=com +CMD_LDAP_SEARCHFILTER=(&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}}))) +CMD_LDAP_USERIDFIELD=sAMAccountName +CMD_LDAP_PROVIDERNAME=Example Inc AD +``` + +`CMD_LDAP_BINDDN` is either the `distinguishedName` or the `userPrincipalName`. *This can cause "username/password is invalid" when either this value or the password from `CMD_LDAP_BINDCREDENTIALS` are incorrect.* + +`CMD_LDAP_SEARCHFILTER` matches on all users and uses either the email address or the `sAMAccountName` (usually the login name you also use to login to Windows). + +*Only using `sAMAccountName` looks like this:* `(&(objectcategory=person)(objectclass=user)(sAMAccountName={{username}}))` + +`CMD_LDAP_USERIDFIELD` says we want to use `sAMAccountName` as unique identifier for the account itself. + +`CMD_LDAP_PROVIDERNAME` just the name written above the username and password field on the login page. + +Same in json: + +```json +"ldap": { + "url": "ldap://internal.example.com", + "bindDn": "cn=binduser,cn=Users,dc=internal,dc=example,dc=com", + "bindCredentials": "<super secret password>", + "searchBase": "dc=internal,dc=example,dc=com", + "searchFilter": "(&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}})))", + "useridField": "sAMAccountName", +}, +``` + +More details and example: <https://www.npmjs.com/package/passport-ldapauth> |