leviathonbeast/lldap
1
0
Fork 0
mirror of https://github.com/lldap/lldap.git synced 2026-03-31 15:07:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
lldap/example_configs/home-assistant.md
T
MickMorley f5f3091313 example_configs: update Home Assistant 
Found that only a restart of Home Assistant will read the new lines in configuration.yaml.  Also added a note to use `-k` when using the curl command if needed.
2025-02-27 17:30:51 +01:00

2.5 KiB
Raw Permalink Blame History

Home Assistant Configuration

Home Assistant configures ldap auth via the Command Line Auth Provider. The wiki mentions a script that can be used for LDAP authentication, but it doesn't work in the container version (it is lacking both ldapsearch and curl ldap protocol support). Thankfully LLDAP has a graphql API to save the day!

Graphql-based Auth Script

The auth script attempts to authenticate a user against an LLDAP server, using credentials provided via username and password environment variables. The first argument must be the URL of your LLDAP server, accessible from Home Assistant. You can provide an additional optional argument to confine allowed logins to a single group. The script will output the user's display name as the name variable, if not empty.

  1. Copy the auth script to your home assistant instance. In this example, we use /config/lldap-ha-auth.sh.
    • Set the script as executable by running chmod +x /config/lldap-ha-auth.sh
    • If your lldap reverse proxy is using a local (insecure) certificate, you have to add -k to the curl commands
  2. Add the following to your configuration.yaml in Home assistant:
homeassistant:
  auth_providers:
    # Ensure you have the homeassistant provider enabled if you want to continue using your existing accounts
    - type: homeassistant
    - type: command_line
      command: /config/lldap-ha-auth.sh
      # arguments: [<LDAP Host>, <regular user group>, <admin user group>, <local user group>]
      # <regular user group>: Find users that has permission to access homeassistant, anyone inside
      # this group will have the default 'system-users' permission in homeassistant.
      #
      # <admin user group>: Allow users in the <regular user group> to be assigned into 'system-admin' group.
      # Anyone inside this group will not have the 'system-users' permission as only one permission group
      # is allowed in homeassistant
      #
      # <local user group>: Users in the <local user group> (e.g., 'homeassistant_local') can only access
      # homeassistant inside LAN network.
      #
      # Only the first argument is required. ["https://lldap.example.com"] allows all users to log in from
      # anywhere and have 'system-users' permissions. 
      args: ["https://lldap.example.com", "homeassistant_user", "homeassistant_admin", "homeassistant_local"]
      meta: true
  1. Restart Home Assistant
Reference in New Issue View Git Blame Copy Permalink