From eaeb88401d07687eb3db8c273f7a4c0ed31ec153 Mon Sep 17 00:00:00 2001 From: Tilman Vatteroth Date: Mon, 4 Jan 2021 13:07:44 +0100 Subject: Move docs into subdirectory to make mkdocs work in a subdirectory Signed-off-by: Tilman Vatteroth --- docs/content/guides/auth/ldap-ad.md | 38 +++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 docs/content/guides/auth/ldap-ad.md (limited to 'docs/content/guides/auth/ldap-ad.md') diff --git a/docs/content/guides/auth/ldap-ad.md b/docs/content/guides/auth/ldap-ad.md new file mode 100644 index 00000000..b7d0284e --- /dev/null +++ b/docs/content/guides/auth/ldap-ad.md @@ -0,0 +1,38 @@ +# AD LDAP auth + +To setup your HedgeDoc instance with Active Directory you need the following configs: + +```env +CMD_LDAP_URL=ldap://internal.example.com +CMD_LDAP_BINDDN=cn=binduser,cn=Users,dc=internal,dc=example,dc=com +CMD_LDAP_BINDCREDENTIALS= +CMD_LDAP_SEARCHBASE=dc=internal,dc=example,dc=com +CMD_LDAP_SEARCHFILTER=(&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}}))) +CMD_LDAP_USERIDFIELD=sAMAccountName +CMD_LDAP_PROVIDERNAME=Example Inc AD +``` + +`CMD_LDAP_BINDDN` is either the `distinguishedName` or the `userPrincipalName`. *This can cause "username/password is invalid" when either this value or the password from `CMD_LDAP_BINDCREDENTIALS` are incorrect.* + +`CMD_LDAP_SEARCHFILTER` matches on all users and uses either the email address or the `sAMAccountName` (usually the login name you also use to login to Windows). + +*Only using `sAMAccountName` looks like this:* `(&(objectcategory=person)(objectclass=user)(sAMAccountName={{username}}))` + +`CMD_LDAP_USERIDFIELD` says we want to use `sAMAccountName` as unique identifier for the account itself. + +`CMD_LDAP_PROVIDERNAME` just the name written above the username and password field on the login page. + +Same in json: + +```json +"ldap": { + "url": "ldap://internal.example.com", + "bindDn": "cn=binduser,cn=Users,dc=internal,dc=example,dc=com", + "bindCredentials": "", + "searchBase": "dc=internal,dc=example,dc=com", + "searchFilter": "(&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}})))", + "useridField": "sAMAccountName", +}, +``` + +More details and example: -- cgit v1.2.3