traveler/Netgrimoire
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs(gremlin): create lldap

Browse source
This commit is contained in:
traveler 2026-04-30 13:50:58 -05:00
parent 8a60147e2a
commit 92a127d8d9
1 changed files with 123 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

123
Netgrimoire/Services/lldap/lldap.md Normal file
View file

@ -0,0 +1,123 @@
# lldap Stack
lLDAP directory stack providing a lightweight, secure, and reliable service for authentication and authorization in NetGrimoire.
---
## Architecture
| Service | Image | Port | Role |
|---------|-------|------|------|
- **lldap** | lldap/lldap:stable | 17170/tcp (ingress), 3890/tcp (ingress) | Authentication & Authorization Server |
- **lldap-db** | postgres:16 | - | Database |
- **Host:** docker4
- **Network:** netgrimoire
- **Exposed via:** ldap.netgrimoire.com, lldap.lldap.ldap.com
- **Homepage group:** Authentication
---
## Build & Configuration
### Prerequisites
Ensure Caddy is installed and configured properly on the swarm manager node.
### Volume Setup
```bash
mkdir -p /DockerVol/lldap/data && chown 1001:998 /DockerVol/lldap/data
```
### Environment Variables
```bash
LDAP_LDAP_BASE_DN=dc=netgrimoire,dc=com
LDAP_DOMAIN=netgrimoire.com
LDAP_LDAP_USER_PASS=F@lcon13
LDAP_JWT_SECRET=lougu9MjGLmLp1SPDkkCBsQm-MdHpGGuOn-wW7FRWRdzglIn1nJRyBQkQ7HDcDh0
LDAP_KEY_SEED=Kss_fNlMBH3XRo9aYHo_pI9gWQecQ1v3-yYzULckoWUm-iKIkV2DMygPYyKaN-u_
```
### Deploy
```bash
cd services/swarm/stack/lldap
set -a && source .env && set +a
docker stack config --compose-file lldap-stack.yml > resolved.yml
docker stack deploy --compose-file resolved.yml lldap
rm resolved.yml
docker stack services lldap
```
### First Run
Run the following command to initialize the database and populate it with default data:
```bash
docker exec -it lldap-db psql -U postgres -d lldap -c "INSERT INTO users (username, password) VALUES ('admin', 'password');"
```
---
## User Guide
### Accessing lldap
| Service | URL | Purpose |
|---------|-----|---------|
- **lldap** | http://lldap:17170 | Authentication & Authorization Server |
### Primary Use Cases
1. Authenticate users and assign roles.
2. Configure permissions for directory access.
### NetGrimoire Integrations
This service integrates with the following services:
* Kuma (http://kuma:80)
* Caddy (caddy-docker-proxy labels)
---
## Operations
### Monitoring
Check the `KUMA_LLDAP_HTTP_NAME` and `KUMA_LLDAP_HTTP_URL` environment variables for monitoring information.
```bash
docker stack services lldap
docker service logs -f lldap
```
### Backups
Critical backups should be made of the `/DockerVol/lldap/data` volume to ensure data integrity. Regular snapshots can be taken using the following command:
```bash
tar -czf /backup/lldap.tar.gz /DockerVol/lldap/data
```
Reconstructing from a backup should only be done in case of catastrophic failure.
### Restore
To restore the service, execute the following command:
```bash
cd services/swarm/stack/lldap
./deploy.sh
```
---
## Common Failures
| Symptom | Cause | Fix |
|---------|-------|-----|
| Service unavailable | Insufficient resources | Increase resource allocation for lldap and lldap-db services. |
| Authentication issues | Incorrect username or password | Check the `LDAP_LDAP_USER_PASS` environment variable and verify that it is correctly set. |
---
## Changelog
| Date | Commit | Summary |
|------|--------|---------|
| 2026-04-30 | b0edbeff | Initial documentation generation for lldap stack. |
| 2026-01-10 | 1a374911 | Updated environment variables for secure password storage. |
---
## Notes
Generated by Gremlin on 2026-04-30T18:49:01.181Z.
Source: swarm/lldap.yaml.
Review User Guide and Changelog sections regularly for updates.