Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
docker-lemonldap
Dockerized authentication server with Single Sign On SAML, OpenID Connect, CAS, and Header support
-
ldap-user-manager
A PHP web-based interface for LDAP user account management and self-service password change.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
xsrv
[mirror] Install and manage self-hosted services/applications, on your own server(s) - ansible collection and utilities
Vouch proxy
I have docker images for the following: Fusion Directory - A web based LDAP front end for user/group management OpenLDAP w/FusionDirectory Schemas - The Backend LDAP server that can be communicated to via your applications and also The front end above. LemnonLDAP:NG - Portal of Applications, OIDC, SAML, 2FA (TOTP and Yukikey) and Headers authentication powerhouse. Ties into the above quite nicely along with password resets, password policies, etc.
I have docker images for the following: Fusion Directory - A web based LDAP front end for user/group management OpenLDAP w/FusionDirectory Schemas - The Backend LDAP server that can be communicated to via your applications and also The front end above. LemnonLDAP:NG - Portal of Applications, OIDC, SAML, 2FA (TOTP and Yukikey) and Headers authentication powerhouse. Ties into the above quite nicely along with password resets, password policies, etc.
I have docker images for the following: Fusion Directory - A web based LDAP front end for user/group management OpenLDAP w/FusionDirectory Schemas - The Backend LDAP server that can be communicated to via your applications and also The front end above. LemnonLDAP:NG - Portal of Applications, OIDC, SAML, 2FA (TOTP and Yukikey) and Headers authentication powerhouse. Ties into the above quite nicely along with password resets, password policies, etc.
Limiting an application can be interesting as some applications don't have support for automatic login via SSO, but you can certainly protect it. I have another image which is simply Nginx that allows yout o authenticate via Basic Auth against an LDAP server, or against your LemonLDAP:NG instance. (Single Sign on) At that point you would just proxy over to your application and after your session expired or if it was removed/disabled you would no longer be able to access those applications even if the account still existed on them due to the way the "handlers" work. All my other images work in the same fashion.
The other is the newer universal prompt (https://github.com/instipod/DuoUniversalKeycloakAuthenticator).
The LDAP users and groups are managed with ldap-user-manager which makes the creation of users and groups a breeze.
It's not "hard" but understanding the concepts (DIT, common name, distinguished name...) helps. Check https://github.com/nodiscc/xsrv/tree/master/roles/openldap the tasks at https://github.com/nodiscc/xsrv/blob/master/roles/openldap/tasks/openldap.yml and https://github.com/nodiscc/xsrv/blob/master/roles/openldap/tasks/populate.yml should give you a breakdown of what needs to be done to get a minimal LDAP server running
Related posts
- Nginx removed the Nginx Amplify source from GitHub, and their new pre-built packages don't support Alpine or uncommon architectures - Here's an Alpine container with Amplify included, extracted from their packages and available for 6 architectures
- Beginner's Guide to Open LDAP?
- BunkerWeb: Nginx-based open-source Web Application Firewall (WAF)
- DevOps Simplified: Easy-to-Use Container Projects Deployment
- Best Xampp alternative