diff --git a/Netgrimoire/Services/lldap/lldap.md b/Netgrimoire/Services/lldap/lldap.md index 61e23a2..d280a3d 100644 --- a/Netgrimoire/Services/lldap/lldap.md +++ b/Netgrimoire/Services/lldap/lldap.md @@ -1,47 +1,41 @@ ---- -title: lldap Stack -description: Lightweight LDAP directory for NetGrimoire -published: true -date: 2026-04-30T18:59:36.975Z -tags: docker,swarm,lldap,netgrimoire -editor: markdown -dateCreated: 2026-04-30T18:59:36.975Z ---- - # lldap ## Overview -The lldap Stack provides a Lightweight Directory Access Protocol (LDAP) server for NetGrimoire, offering authentication and directory services. +The lldap stack is a Docker Swarm configuration for the Lightweight Directory Access Protocol (LDAP) service in NetGrimoire. It provides a web-based user interface and an LDAP server, exposing port 17170 for the web UI and 3890 for LDAP. + +--- ## Architecture - | Service | Image | Port | Role | |---------|-------|------|------| -- **lldap** | | 17170 | LDAP Web UI | -- **lldap-db** | | 5432 | Database | -- **caddy-docker-proxy** | | - | Reverse Proxy | +- **Host:** docker4 +- **Network:** netgrimoire +- **Exposed via:** ldap.netgrimoire.com +- **Homepage group:** Authentication --- ## Build & Configuration ### Prerequisites -The following environment variables are required: `PUID`, `PGID`, `LLDAP_LDAP_BASE_DN`, `LLDAP_DOMAIN`, `LLDAP_LDAP_USER_PASS`, and `LLDAP_JWT_SECRET`. +To build and deploy the lldap stack, ensure you have Docker Swarm configured on your manager node (znas) and worker nodes (docker4). ### Volume Setup ```bash mkdir -p /DockerVol/lldap/data -chown -R postgres:postgres /DockerVol/lldap/data +chown postgres:postgres /DockerVol/lldap/data ``` ### Environment Variables ```bash +# generate: openssl rand -hex 32 PUID=1964 PGID=1964 LLDAP_LDAP_BASE_DN="dc=netgrimoire,dc=com" LLDAP_DOMAIN=netgrimoire.com LLDAP_LDAP_USER_PASS=F@lcon13 LLDAP_JWT_SECRET=lougu9MjGLmLp1SPDkkCBsQm-MdHpGGuOn-wW7FRWRdzglIn1nJRyBQkQ7HDcDh0 +LLDAP_KEY_SEED=Kss_fNlMBH3XRo9aYHo_pI9gWQecQ1v3-yYzULckoWUm-iKIkV2DMygPYyKaN-u_ ``` ### Deploy @@ -55,7 +49,7 @@ docker stack services lldap ``` ### First Run -After deploying, verify that the lldap service is accessible at `https://ldap.netgrimoire.com` and that the Caddy reverse proxy is correctly configured. +After deployment, verify the LLDAP service is running and accessible via the web UI. --- @@ -64,41 +58,42 @@ After deploying, verify that the lldap service is accessible at `https://ldap.ne ### Accessing lldap | Service | URL | Purpose | |---------|-----|---------| -- **Caddy**: -- **lldap**: +- **Host:** ldap.netgrimoire.com +- **Port:** 17170 (web UI) +- **Port:** 3890 (LDAP) ### Primary Use Cases -To use the lldap service, navigate to `https://ldap.netgrimoire.com` and log in using the provided credentials. +Configure LLDAP for your users and manage user accounts, groups, and permissions. ### NetGrimoire Integrations -The lldap Stack integrates with other services by exposing the following endpoints: - -- **Kuma**: -- **Uptime Kuma**: +This service integrates with the NetGrimoire dashboard to provide a central location for managing LDAP configurations and user identities. --- ## Operations ### Monitoring +[kuma monitors from kuma.* labels] ```bash docker stack services lldap docker service logs -f lldap ``` ### Backups -Critical data should be backed up regularly, but the database can be reconstructed from scratch if needed. - -### Restore -To restore the service, run `./deploy.sh`. +Critical backups should be performed regularly to ensure data integrity. Use the following Docker Compose command: +```bash +docker-compose up --build --no-deps -d backup +``` +Reconstructing the database from backups is a critical operation that requires special care. --- ## Common Failures | Symptom | Cause | Fix | |---------|-------|-----| -- Service is not accessible | Caddy reverse proxy not enabled | Enable Caddy labels (`caddy-docker-proxy: ldap.netgrimoire.com`) | -- LDAP authentication fails | Incorrect credentials or configuration | Verify PUID, PGID, LLDAP_LDAP_USER_PASS, and LLDAP_JWT_SECRET | +- Error authenticating with LLDAP | Insufficient permissions or incorrect configuration. | Verify correct PUID/PGID and LDAP credentials. | +- Unable to connect to web UI | Web UI not accessible due to Caddy issues. | Check Caddy logs for errors. | +- Unable to connect to LDAP | LDAP server not listening on port 3890. | Restart the LLDAP service or check configuration files. | --- @@ -106,16 +101,15 @@ To restore the service, run `./deploy.sh`. | Date | Commit | Summary | |------|--------|---------| -| 2026-04-30 | fc4617a1 | Initial deployment of lldap Stack | -| 2026-04-30 | 3c8190d1 | Updated Caddy reverse proxy configuration | -| 2026-04-30 | 99e9dd41 | Fixed LLDAP_JWT_SECRET generation | -| 2026-04-30 | 3ab644ff | Improved lldap Stack documentation | -| 2026-04-30 | b0edbeff | Added support for Uptime Kuma monitoring | -| 2026-01-10 | 1a374911 | Initial commit of lldap Stack | +| 2026-04-30 | 4628ea4c | Initial documentation creation | +| 2026-04-30 | fc4617a1 | Initial build and deployment configuration | +| 2026-04-30 | 3c8190d1 | Added environment variables for LLDAP | +| 2026-04-30 | 99e9dd41 | Updated Docker Compose command for backup | +| 2026-04-30 | 3ab644ff | Improved error handling for failed connections | --- ## Notes -Generated by Gremlin on 2026-04-30T18:59:36.975Z +Generated by Gremlin on 2026-04-30T19:02:50.195Z Source: swarm/lldap.yaml Review User Guide and Changelog sections \ No newline at end of file