leviathonbeast/lldap
1
0
Fork 0
mirror of https://github.com/lldap/lldap.git synced 2026-03-31 15:07:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
48058540ec0eff1cc07f572343de861f06bd643a
lldap/example_configs/truenas-install.md
T

127 lines
4.7 KiB
Markdown
Raw Blame History

# Installing and Configuring LLDAP on TrueNAS
This guide walks through installing **LLDAP** from the TrueNAS Apps catalog and performing a basic configuration suitable for sharing authentication between multiple applications that support LDAP authentication.
It is intended to accompany the example configuration files in this repository and assumes a basic familiarity with the TrueNAS web interface.
## Prerequisites
- TrueNAS SCALE with Apps enabled
- Administrative access to the TrueNAS UI
- A system with working networking and DNS
- Optional but recommended: HTTPS certificates managed by TrueNAS
## Step 1: Install LLDAP from the TrueNAS Apps Catalog
1. Log in to the **TrueNAS web interface**.
2. Navigate to **Apps → Discover Apps**.
3. Search for **LLDAP**.
4. Click **Install**.
You will be presented with the LLDAP application configuration form.
## Step 2: Application Configuration
Below are the key configuration sections and recommended settings based on the official catalog definition.
### Application Name
- Leave the default name or choose a descriptive one (e.g. `lldap`).
### Networking
- **Web Port**: Default application port is typically **30325**. There is no standard port for the LLDAP web UI; this value is configurable in TrueNAS.
- **LDAP Port**:
- Standard LDAP port: **389**
- Default port configured by the TrueNAS app: **30326**
- **LDAPS Port**:
- Standard LDAPS port: **636**
- Default port configured by the TrueNAS app: **30327**
It is recommended to adjust these ports to suit your environment. Using standard ports (389/636) can simplify client configuration, but non-standard ports may be preferred to avoid conflicts on the host system. Ensure the selected ports are not already in use.
If LDAPS is enabled, it is strongly recommended to **disable the LDAP port** to ensure all directory traffic is encrypted.
### Authentication / Admin Account
- **LLDAP Admin Username**: Set an admin username (e.g. `admin`).
- **LLDAP Admin Password**: Set a strong password. This account is used to access the LLDAP web UI.
> ⚠️ Save this password securely. You will need it to log in and manage users and groups.
### Base DN Configuration
These values define your LDAP directory structure:
- **Base DN**: Example: `dc=example,dc=com`
- **User DN**: Typically `ou=people,dc=example,dc=com`
- **Group DN**: Typically `ou=groups,dc=example,dc=com`
These values must be consistent with the configuration used by client applications.
## Step 3: Storage Configuration
LLDAP requires persistent storage for its database.
- Configure an **application dataset** or **host path** for LLDAP data.
- Ensure the dataset is backed up as part of your normal TrueNAS backup strategy.
## Step 4: (Optional) Enable HTTPS Using TrueNAS Certificates
If your TrueNAS system manages certificates:
1. In the app configuration, select **Use Existing Certificate**.
2. Choose a certificate issued by TrueNAS.
3. Ensure the web port is accessed via `https://`.
This avoids storing certificate files inside the container and improves overall security.
## Step 5: Deploy the App
1. Review all configuration values.
2. Click **Install**.
3. Wait for the application status to show **Running**.
## Step 6: Access the LLDAP Web UI
- Navigate to: `http(s)://<truenas-ip>:<web-port>`
- Log in using the admin credentials you configured earlier.
From here you can:
- Create users
- Create groups
- Assign users to groups
## Step 7: Using LLDAP with Other Applications
LLDAP can be used as a central identity provider for many popular applications available in the TrueNAS Apps catalog. Common examples include:
- **Jellyfin** (media server)
- **Nextcloud** (collaboration and file sharing)
- **Gitea** (self-hosted Git service)
- **Grafana** (monitoring and dashboards)
- **MinIO** (object storage)
Configuration examples for several of these applications are also available in the upstream LLDAP repository under `example_configs`.
When configuring a client application:
- **LDAP Host**: TrueNAS IP address or the LLDAP app service name
- **LDAP / LDAPS Port**: As configured during install (prefer LDAPS if enabled)
- **Bind DN**: A dedicated service (bind) account or admin DN
- **Bind Password**: Password for the bind account
- **Base DN**: Must match the LLDAP Base DN
Once configured, users can authenticate to multiple applications using a single set of credentials managed centrally by LLDAP.
## Notes and Tips
- Prefer creating a **dedicated bind user** for applications instead of using the admin account.
- Keep Base DN values consistent across all services.
- Back up the LLDAP dataset regularly.
## References
- [TrueNAS Apps Catalog](https://apps.truenas.com/catalog/lldap/)
- [TrueNAS SCALE Documentation](https://www.truenas.com/docs/scale/)
Reference in New Issue View Git Blame Copy Permalink