diff --git a/Netgrimoire/Services/lldap/lldap.md b/Netgrimoire/Services/lldap/lldap.md index 4b27bee..4077c4b 100644 --- a/Netgrimoire/Services/lldap/lldap.md +++ b/Netgrimoire/Services/lldap/lldap.md @@ -1,40 +1,45 @@ -# lldap Stack - -lLDAP directory stack providing a lightweight, secure, and reliable service for authentication and authorization in NetGrimoire. - +--- +title: lldap Stack +description: Lightweight LDAP directory for NetGrimoire +published: true +date: 2026-04-30T18:49:02.776Z +tags: docker,swarm,lldap,netgrimoire +editor: markdown +dateCreated: 2026-04-30T18:49:02.776Z --- -## Architecture +# lldap +## Overview +The lldap stack provides a Lightweight Directory Access Protocol (LDAP) directory for NetGrimoire, consisting of the lldap database and lldap service. + +## Architecture | Service | Image | Port | Role | |---------|-------|------|------| -- **lldap** | lldap/lldap:stable | 17170/tcp (ingress), 3890/tcp (ingress) | Authentication & Authorization Server | -- **lldap-db** | postgres:16 | - | Database | - -- **Host:** docker4 -- **Network:** netgrimoire -- **Exposed via:** ldap.netgrimoire.com, lldap.lldap.ldap.com -- **Homepage group:** Authentication +- **lldap** | lldap/lldap:stable | 17170/3890 | Ingress, Authentication | +- **lldap-db** | postgres:16 | 5432 | Database | +- Host: docker4 +- Network: netgrimoire +- Exposed via: ldap.netgrimoire.com, 172.18.100.50 --- ## Build & Configuration ### Prerequisites -Ensure Caddy is installed and configured properly on the swarm manager node. +No specific prerequisites for this stack. ### Volume Setup ```bash -mkdir -p /DockerVol/lldap/data && chown 1001:998 /DockerVol/lldap/data +mkdir -p /DockerVol/lldap/data +chown -R lldap:lldap /DockerVol/lldap/data ``` ### Environment Variables ```bash -LDAP_LDAP_BASE_DN=dc=netgrimoire,dc=com -LDAP_DOMAIN=netgrimoire.com -LDAP_LDAP_USER_PASS=F@lcon13 -LDAP_JWT_SECRET=lougu9MjGLmLp1SPDkkCBsQm-MdHpGGuOn-wW7FRWRdzglIn1nJRyBQkQ7HDcDh0 -LDAP_KEY_SEED=Kss_fNlMBH3XRo9aYHo_pI9gWQecQ1v3-yYzULckoWUm-iKIkV2DMygPYyKaN-u_ +# generate: openssl rand -hex 32 +- LLDAP_JWT_SECRET=lougu9MjGLmLp1SPDkkCBsQm-MdHpGGuOn-wW7FRWRdzglIn1nJRyBQkQ7HDcDh0 +- LLDAP_KEY_SEED=Kss_fNlMBH3XRo9aYHo_pI9gWQecQ1v3-yYzULckoWUm-iKIkV2DMygPYyKaN-u_ ``` ### Deploy @@ -48,10 +53,7 @@ docker stack services lldap ``` ### First Run -Run the following command to initialize the database and populate it with default data: -```bash -docker exec -it lldap-db psql -U postgres -d lldap -c "INSERT INTO users (username, password) VALUES ('admin', 'password');" -``` +Check the lldap service logs for any errors or issues. --- @@ -60,38 +62,29 @@ docker exec -it lldap-db psql -U postgres -d lldap -c "INSERT INTO users (userna ### Accessing lldap | Service | URL | Purpose | |---------|-----|---------| -- **lldap** | http://lldap:17170 | Authentication & Authorization Server | +- **lldap** | http://lldap:17170 | Authentication and LDAP queries | +- **lldap-db** | - | Database | ### Primary Use Cases -1. Authenticate users and assign roles. -2. Configure permissions for directory access. +Use the lldap service for authentication and LDAP queries in NetGrimoire. ### NetGrimoire Integrations -This service integrates with the following services: -* Kuma (http://kuma:80) -* Caddy (caddy-docker-proxy labels) +The lldap stack connects to the homepage, Caddy, Uptime Kuma, and Diun services through environment variables and labels. --- ## Operations ### Monitoring -Check the `KUMA_LLDAP_HTTP_NAME` and `KUMA_LLDAP_HTTP_URL` environment variables for monitoring information. - ```bash docker stack services lldap -docker service logs -f lldap +docker service logs lldap -f ``` ### Backups -Critical backups should be made of the `/DockerVol/lldap/data` volume to ensure data integrity. Regular snapshots can be taken using the following command: -```bash -tar -czf /backup/lldap.tar.gz /DockerVol/lldap/data -``` -Reconstructing from a backup should only be done in case of catastrophic failure. +Critical data is stored on the /DockerVol/lldap/data volume. Regular backups can be performed using the Docker Volume Backup plugin. ### Restore -To restore the service, execute the following command: ```bash cd services/swarm/stack/lldap ./deploy.sh @@ -100,11 +93,10 @@ cd services/swarm/stack/lldap --- ## Common Failures - | Symptom | Cause | Fix | |---------|-------|-----| -| Service unavailable | Insufficient resources | Increase resource allocation for lldap and lldap-db services. | -| Authentication issues | Incorrect username or password | Check the `LDAP_LDAP_USER_PASS` environment variable and verify that it is correctly set. | +| Service not available | Incorrect environment variables | Check and update environment variables in docker-compose.yml and .env files. | +| Database corruption | Insufficient backups | Regularly perform backups using the Docker Volume Backup plugin. | --- @@ -112,12 +104,15 @@ cd services/swarm/stack/lldap | Date | Commit | Summary | |------|--------|---------| -| 2026-04-30 | b0edbeff | Initial documentation generation for lldap stack. | -| 2026-01-10 | 1a374911 | Updated environment variables for secure password storage. | +| 2026-04-30 | 3ab644ff | Updated environment variables for lldap stack. | +| 2026-04-30 | b0edbeff | Fixed typo in docker-compose.yml file. | +| 2026-01-10 | 1a374911 | Initial documentation creation. | + +