lldap
Example
{config, ...}: {
lldap = {
enable = true;
baseDn = "DC=example,DC=com";
jwtSecretFile = config.sops.secrets."lldap/jwtSecret".path;
keySeedFile = config.sops.secrets."lldap/keySeed".path;
adminPasswordFile = config.sops.secrets."lldap/adminPassword".path;
bootstrap = {
users = {
guest = {
email = "guest@example.com";
password_file = config.sops.secrets."users/guest/password".path;
displayName = "Guest";
groups = [
config.nps.stacks.immich.oidc.userGroup
config.nps.stacks.streaming.jellyfin.oidc.userGroup
];
};
};
};
};
}Stack Options
nps.stacks.lldap.adminPasswordFile
Path to the file containing the admin password.
nps.stacks.lldap.adminUsername
Admin username for LDAP as well as the web interface.
nps.stacks.lldap.baseDn
The starting point in the LDAP directory tree from which searches begin.
string"DC=example,DC=com""DC=mydomain,DC=net"nps.stacks.lldap.bootstrap.cleanUp
Whether to delete groups and users not specified in the config, also remove users from groups that they do not belong to
nps.stacks.lldap.bootstrap.groupSchemas
Group schemas. Can be used to create custom group attributes.
nps.stacks.lldap.bootstrap.groupSchemas.<name>.attributeType
Type of the attribute
nps.stacks.lldap.bootstrap.groupSchemas.<name>.isEditable
Whether the attribute is editable by users
nps.stacks.lldap.bootstrap.groupSchemas.<name>.isList
Whether the attribute can have multiple values
nps.stacks.lldap.bootstrap.groupSchemas.<name>.isVisible
Whether the attribute is visible by users
nps.stacks.lldap.bootstrap.groupSchemas.<name>.name
Name of field, case insensitve - you should use lowercase
string matching the pattern ^[a-zA-Z0-9-]+$<name>nps.stacks.lldap.bootstrap.groups
Groups that will be created.
Besides the name, you can also specify custom attributes for the group, if they are defined in the groupSchemas option.
attribute set of (open submodule of (string or signed integer or boolean)){ }nps.stacks.lldap.bootstrap.groups.<name>.name
Name of the group. Defaults to the name of the attribute.
nps.stacks.lldap.bootstrap.userSchemas
User schema. Can be used to create custom user attributes.
nps.stacks.lldap.bootstrap.userSchemas.<name>.attributeType
Type of the attribute
nps.stacks.lldap.bootstrap.userSchemas.<name>.isEditable
Whether the attribute is editable by users
nps.stacks.lldap.bootstrap.userSchemas.<name>.isList
Whether the attribute can have multiple values
nps.stacks.lldap.bootstrap.userSchemas.<name>.isVisible
Whether the attribute is visible by users
nps.stacks.lldap.bootstrap.userSchemas.<name>.name
Name of field, case insensitve - you should use lowercase
string matching the pattern ^[a-zA-Z0-9-]+$<name>nps.stacks.lldap.bootstrap.users
LLDAP users that will be provisioned at startup.
You can also specify custom attributes for the user, if they are defined in the useSchemas option.
attribute set of (open submodule of (string or signed integer or boolean)){ }nps.stacks.lldap.bootstrap.users.<name>.avatar_url
Must be a valid URL to jpeg file. (ignored if gravatar_avatar specified)
nps.stacks.lldap.bootstrap.users.<name>.displayName
Display name of the user
nps.stacks.lldap.bootstrap.users.<name>.email
E-Mail of the user
nps.stacks.lldap.bootstrap.users.<name>.firstName
First name of the user
nps.stacks.lldap.bootstrap.users.<name>.gravatar_avatar
the script will try to get an avatar from gravatar by previously specified email
nps.stacks.lldap.bootstrap.users.<name>.groups
An array of groups the user will be a member of (all the groups must be specified in the bootstrap.groups option)
nps.stacks.lldap.bootstrap.users.<name>.id
ID of the user. Defaults to the name of the attribute.
nps.stacks.lldap.bootstrap.users.<name>.lastName
Last name of the user
nps.stacks.lldap.bootstrap.users.<name>.password_file
Path to the file containing the user password
nps.stacks.lldap.containers.lldap
Alias of {option}services.podman.containers.lldap.
nps.stacks.lldap.enable
Whether to enable lldap.
nps.stacks.lldap.jwtSecretFile
Path to the file containing the JWT secret
nps.stacks.lldap.keySeedFile
Path to the file containing the key seed
nps.stacks.lldap.settings
Additional lldap configuration.
If provided, will be mounted as lldap_config.toml;
See https://github.com/lldap/lldap/blob/main/lldap_config.docker_template.toml