Authentik-SSO App for Nethserver 8

App
,
41

you mean --network=slirp4netns:allow_host_loopback=true \ thats it?

and this is to be implemented in the publish service, because authentik has 2 internal app services

1 Like
42

do i also need to implement --add-host=accountprovider:10.0.2.2

43

in authentik, there are 2 variables for defining Ldap,

  • AUTHENTIK_LISTEN__LDAP: Listening address:port (e.g. 0.0.0.0:3389) for LDAP (Applies to LDAP outpost)
  • AUTHENTIK_LISTEN__LDAPS: Listening address:port (e.g. 0.0.0.0:6636) for LDAPS (Applies to LDAP outpost)

I am not ure if i should define them in authentik.

Similalrly, if they are to be defined, SHould i define the special ip address, or the 127 ip address.

When using or prompted to define the ldap ip,on the UI (whether the env is available on not) do we define the special ip or just the loopback ip

44

I don’t think you should define those. I guess @stephdl is referring to the specific allow line in yellow above so that Authentik container is allowed to ‘reach’ an LDAP instance in the cluster/node?

45

could you update your authentik instance ad test if it works reaching ldap

api-cli run update-module --data '{"module_url":"ghcr.io/compgeniuses/goauthentik:dev","instances":["goauthentik1"],"force":true}'

46

What ldap URI to use?

47

kindly update again, if you had updated before, have jus pushed an update

try with 127 if it doesnt work, we use the special ip

48

Did you perhaps switched the base and the bind values?

49 
snow@vili:~$ ldapsearch \
  -x \
  -h '172.0.0.1' \
  -p 389 \ # Production should use SSL 636
  -D 'cn=ldapservice,ou=users,DC=ldap,DC=goauthentik,DC=io' \
  -w 'lAv.8Ackp13c35.5U5.lu8B3rly.r488L3m3nt' \
  -b 'DC=ldap,DC=goauthentik,DC=io' \
  '(objectClass=user)'
50

image
image810×1046 48.4 KB

51

have you updated less than 7 minutes ago?

52

Yes, saw your message. I cannot enter ldap://10.5.4.1:20088 as a valid URI entry.

I’ll try again tomorrow

53

where re you getting 10.5 and why are you trying to use it?

54

Wrong previous answer, where? domain configuration for that specific domain

55

my domain ldap URI is considered invalid, so how did you get that ldap URI accepted?

56

Answer: Authentik caches values. One must go back to the left menu, refresh by choosing another option and then go back to ldap. Now it acceptes 10.5.4.1:20088. And also stuck with the same symptoms @danb35 experiences.

57

No. These would be defined if you want Authentik to be an LDAP provider. We don’t want that; we want it to be able to connect to the system’s LDAP provider.

But the lack of the ldap_sync and ldap_check_connection is limiting our ability to figure out what’s going on here. Is there a reason you aren’t using the containers from Authentik themselves?

1 Like
58

How do you mean, thats the container from authentik, or well, the developer from docker hub.

We can change though and use the one provided from github

59

not followed this long topic, but to contact ldap proxy, the URL is 10.0.2.2 you might have a look to SOGo, I use LDAP to authenticate

60

the question is now.

whether or not the app requires ldap env vars, i have i have to impleemnt bind-ldap script, is that the case.

and if this is the case, how does ldap work for case of accessing it externally from ns8?