From ac460eab3830f8a308d24b6cc5940b64391770f0 Mon Sep 17 00:00:00 2001 From: traveler Date: Thu, 30 Apr 2026 14:01:37 -0500 Subject: [PATCH] docs(gremlin): update lldap --- Netgrimoire/Services/lldap/lldap.md | 75 ++++++++++++++--------------- 1 file changed, 37 insertions(+), 38 deletions(-) diff --git a/Netgrimoire/Services/lldap/lldap.md b/Netgrimoire/Services/lldap/lldap.md index 098d210..61e23a2 100644 --- a/Netgrimoire/Services/lldap/lldap.md +++ b/Netgrimoire/Services/lldap/lldap.md @@ -1,49 +1,47 @@ --- title: lldap Stack -description: Lightweight LDAP directory +description: Lightweight LDAP directory for NetGrimoire published: true -date: 2026-04-30T18:55:01.847Z +date: 2026-04-30T18:59:36.975Z tags: docker,swarm,lldap,netgrimoire editor: markdown -dateCreated: 2026-04-30T18:55:01.847Z +dateCreated: 2026-04-30T18:59:36.975Z --- # lldap ## Overview -The lldap Stack provides a lightweight directory service for authentication and user management in NetGrimoire. - ---- +The lldap Stack provides a Lightweight Directory Access Protocol (LDAP) server for NetGrimoire, offering authentication and directory services. ## Architecture + | Service | Image | Port | Role | |---------|-------|------|------| -| lldap-db | postgres:16 | 5432 | database | -| lldap | lldap/lldap:stable | 17170, 3890 | LDAP server | - -- **Host:** docker4 -- **Network:** netgrimoire -- **Exposed via:** ldap.netgrimoire.com, internal only -- **Homepage group:** Authentication +- **lldap** | | 17170 | LDAP Web UI | +- **lldap-db** | | 5432 | Database | +- **caddy-docker-proxy** | | - | Reverse Proxy | --- ## Build & Configuration ### Prerequisites -None specified. +The following environment variables are required: `PUID`, `PGID`, `LLDAP_LDAP_BASE_DN`, `LLDAP_DOMAIN`, `LLDAP_LDAP_USER_PASS`, and `LLDAP_JWT_SECRET`. ### Volume Setup ```bash mkdir -p /DockerVol/lldap/data -chown -R 1964:1964 /DockerVol/lldap/data +chown -R postgres:postgres /DockerVol/lldap/data ``` ### Environment Variables ```bash -# generate: openssl rand -hex 32 -LDAP_LDAP_USER_PASS=F@lcon13 -LDAP_JWT_SECRET=lougu9MjGLmLp1SPDkkCBsQm-MdHpGGuOn-wW7FRWRdzglIn1nJRyBQkQ7HDcDh0 +PUID=1964 +PGID=1964 +LLDAP_LDAP_BASE_DN="dc=netgrimoire,dc=com" +LLDAP_DOMAIN=netgrimoire.com +LLDAP_LDAP_USER_PASS=F@lcon13 +LLDAP_JWT_SECRET=lougu9MjGLmLp1SPDkkCBsQm-MdHpGGuOn-wW7FRWRdzglIn1nJRyBQkQ7HDcDh0 ``` ### Deploy @@ -57,7 +55,7 @@ docker stack services lldap ``` ### First Run -After deployment, ensure the LDAP server is reachable at ldap.netgrimoire.com. +After deploying, verify that the lldap service is accessible at `https://ldap.netgrimoire.com` and that the Caddy reverse proxy is correctly configured. --- @@ -66,39 +64,41 @@ After deployment, ensure the LDAP server is reachable at ldap.netgrimoire.com. ### Accessing lldap | Service | URL | Purpose | |---------|-----|---------| -- **lldap** | http://lldap:17170 | LDAP server | -- **lldap-db** | postgres://lldap:F@lcon13@lldap-db:5432/lldap | Database | +- **Caddy**: +- **lldap**: ### Primary Use Cases -Use the lldap Stack to authenticate users and manage group membership in NetGrimoire. +To use the lldap service, navigate to `https://ldap.netgrimoire.com` and log in using the provided credentials. ### NetGrimoire Integrations -This service connects to NetGrimoire's homepage, monitor services (via Kuma), Caddy reverse proxy, and Diun for authentication. +The lldap Stack integrates with other services by exposing the following endpoints: + +- **Kuma**: +- **Uptime Kuma**: --- ## Operations ### Monitoring - ```bash docker stack services lldap docker service logs -f lldap ``` ### Backups -Critical data is stored in /DockerVol/lldap/data. Regular backups can be scheduled to ensure recoverability. +Critical data should be backed up regularly, but the database can be reconstructed from scratch if needed. ### Restore -Restore by redeploying the stack with the latest resolved.yml. +To restore the service, run `./deploy.sh`. --- ## Common Failures | Symptom | Cause | Fix | |---------|-------|-----| -| LDAP server unavailable | Insufficient resources, network issues | Check node resources and network connectivity. | -| Authentication failures | Incorrect credentials | Verify user credentials are correct. | +- Service is not accessible | Caddy reverse proxy not enabled | Enable Caddy labels (`caddy-docker-proxy: ldap.netgrimoire.com`) | +- LDAP authentication fails | Incorrect credentials or configuration | Verify PUID, PGID, LLDAP_LDAP_USER_PASS, and LLDAP_JWT_SECRET | --- @@ -106,17 +106,16 @@ Restore by redeploying the stack with the latest resolved.yml. | Date | Commit | Summary | |------|--------|---------| -| 2026-04-30 | 3c8190d1 | Initial documentation | -| 2026-04-30 | 99e9dd41 | Improved service labels and descriptions | -| 2026-04-30 | 3ab644ff | Enhanced user guide and operations section | -| 2026-04-30 | b0edbeff | Added Caddy reverse proxy configuration details | -| 2026-01-10 | 1a374911 | Initial stack setup documentation | - - +| 2026-04-30 | fc4617a1 | Initial deployment of lldap Stack | +| 2026-04-30 | 3c8190d1 | Updated Caddy reverse proxy configuration | +| 2026-04-30 | 99e9dd41 | Fixed LLDAP_JWT_SECRET generation | +| 2026-04-30 | 3ab644ff | Improved lldap Stack documentation | +| 2026-04-30 | b0edbeff | Added support for Uptime Kuma monitoring | +| 2026-01-10 | 1a374911 | Initial commit of lldap Stack | --- ## Notes -- Generated by Gremlin on 2026-04-30T18:55:01.847Z -- Source: swarm/lldap.yaml -- Review User Guide and Changelog sections \ No newline at end of file +Generated by Gremlin on 2026-04-30T18:59:36.975Z +Source: swarm/lldap.yaml +Review User Guide and Changelog sections \ No newline at end of file