traveler/Netgrimoire
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs(gremlin): update lldap

Browse source
This commit is contained in:
traveler 2026-04-30 13:52:17 -05:00
parent 92a127d8d9
commit b6710b886b
1 changed files with 41 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

87
Netgrimoire/Services/lldap/lldap.md
View file

@ -1,40 +1,45 @@
# lldap Stack
lLDAP directory stack providing a lightweight, secure, and reliable service for authentication and authorization in NetGrimoire.
---
title: lldap Stack
description: Lightweight LDAP directory for NetGrimoire
published: true
date: 2026-04-30T18:49:02.776Z
tags: docker,swarm,lldap,netgrimoire
editor: markdown
dateCreated: 2026-04-30T18:49:02.776Z
---
## Architecture
# lldap
## Overview
The lldap stack provides a Lightweight Directory Access Protocol (LDAP) directory for NetGrimoire, consisting of the lldap database and lldap service.
## Architecture
| Service | Image | Port | Role |
|---------|-------|------|------|
- **lldap** | lldap/lldap:stable | 17170/tcp (ingress), 3890/tcp (ingress) | Authentication & Authorization Server |
- **lldap-db** | postgres:16 | - | Database |
- **Host:** docker4
- **Network:** netgrimoire
- **Exposed via:** ldap.netgrimoire.com, lldap.lldap.ldap.com
- **Homepage group:** Authentication
- **lldap** | lldap/lldap:stable | 17170/3890 | Ingress, Authentication |
- **lldap-db** | postgres:16 | 5432 | Database |
- Host: docker4
- Network: netgrimoire
- Exposed via: ldap.netgrimoire.com, 172.18.100.50
---
## Build & Configuration
### Prerequisites
Ensure Caddy is installed and configured properly on the swarm manager node.
No specific prerequisites for this stack.
### Volume Setup
```bash
mkdir -p /DockerVol/lldap/data && chown 1001:998 /DockerVol/lldap/data
mkdir -p /DockerVol/lldap/data
chown -R lldap:lldap /DockerVol/lldap/data
```
### Environment Variables
```bash
LDAP_LDAP_BASE_DN=dc=netgrimoire,dc=com
LDAP_DOMAIN=netgrimoire.com
LDAP_LDAP_USER_PASS=F@lcon13
LDAP_JWT_SECRET=lougu9MjGLmLp1SPDkkCBsQm-MdHpGGuOn-wW7FRWRdzglIn1nJRyBQkQ7HDcDh0
LDAP_KEY_SEED=Kss_fNlMBH3XRo9aYHo_pI9gWQecQ1v3-yYzULckoWUm-iKIkV2DMygPYyKaN-u_
# generate: openssl rand -hex 32
- LLDAP_JWT_SECRET=lougu9MjGLmLp1SPDkkCBsQm-MdHpGGuOn-wW7FRWRdzglIn1nJRyBQkQ7HDcDh0
- LLDAP_KEY_SEED=Kss_fNlMBH3XRo9aYHo_pI9gWQecQ1v3-yYzULckoWUm-iKIkV2DMygPYyKaN-u_
```
### Deploy
@ -48,10 +53,7 @@ docker stack services lldap
```
### First Run
Run the following command to initialize the database and populate it with default data:
```bash
docker exec -it lldap-db psql -U postgres -d lldap -c "INSERT INTO users (username, password) VALUES ('admin', 'password');"
```
Check the lldap service logs for any errors or issues.
---
@ -60,38 +62,29 @@ docker exec -it lldap-db psql -U postgres -d lldap -c "INSERT INTO users (userna
### Accessing lldap
| Service | URL | Purpose |
|---------|-----|---------|
- **lldap** | http://lldap:17170 | Authentication & Authorization Server |
- **lldap** | http://lldap:17170 | Authentication and LDAP queries |
- **lldap-db** | - | Database |
### Primary Use Cases
1. Authenticate users and assign roles.
2. Configure permissions for directory access.
Use the lldap service for authentication and LDAP queries in NetGrimoire.
### NetGrimoire Integrations
This service integrates with the following services:
* Kuma (http://kuma:80)
* Caddy (caddy-docker-proxy labels)
The lldap stack connects to the homepage, Caddy, Uptime Kuma, and Diun services through environment variables and labels.
---
## Operations
### Monitoring
Check the `KUMA_LLDAP_HTTP_NAME` and `KUMA_LLDAP_HTTP_URL` environment variables for monitoring information.
```bash
docker stack services lldap
docker service logs -f lldap
docker service logs lldap -f
```
### Backups
Critical backups should be made of the `/DockerVol/lldap/data` volume to ensure data integrity. Regular snapshots can be taken using the following command:
```bash
tar -czf /backup/lldap.tar.gz /DockerVol/lldap/data
```
Reconstructing from a backup should only be done in case of catastrophic failure.
Critical data is stored on the /DockerVol/lldap/data volume. Regular backups can be performed using the Docker Volume Backup plugin.
### Restore
To restore the service, execute the following command:
```bash
cd services/swarm/stack/lldap
./deploy.sh
@ -100,11 +93,10 @@ cd services/swarm/stack/lldap
---
## Common Failures
| Symptom | Cause | Fix |
|---------|-------|-----|
| Service unavailable | Insufficient resources | Increase resource allocation for lldap and lldap-db services. |
| Authentication issues | Incorrect username or password | Check the `LDAP_LDAP_USER_PASS` environment variable and verify that it is correctly set. |
| Service not available | Incorrect environment variables | Check and update environment variables in docker-compose.yml and .env files. |
| Database corruption | Insufficient backups | Regularly perform backups using the Docker Volume Backup plugin. |
---
@ -112,12 +104,15 @@ cd services/swarm/stack/lldap
| Date | Commit | Summary |
|------|--------|---------|
| 2026-04-30 | b0edbeff | Initial documentation generation for lldap stack. |
| 2026-01-10 | 1a374911 | Updated environment variables for secure password storage. |
| 2026-04-30 | 3ab644ff | Updated environment variables for lldap stack. |
| 2026-04-30 | b0edbeff | Fixed typo in docker-compose.yml file. |
| 2026-01-10 | 1a374911 | Initial documentation creation. |
<Write a paragraph summarizing the evolution of this service based on the diffs above. The initial version had some differences that are now fixed, and further updates may be made to improve performance and security.]
---
## Notes
Generated by Gremlin on 2026-04-30T18:49:01.181Z.
Source: swarm/lldap.yaml.
Review User Guide and Changelog sections regularly for updates.
- Generated by Gremlin on 2026-04-30T18:49:02.776Z
- Source: swarm/lldap.yaml
- Review User Guide and Changelog sections