LDAP authorization for homer and grafana in docker-compose

sipcapture / homer7-docker

HOMER 7 Docker Images

93 stars 84 forks source link

LDAP authorization for homer and grafana in docker-compose #126

Closed perrfect closed 2 years ago

perrfect commented 2 years ago

Hello. Is it possible to enable LDAP authorization for homer and grafana in docker-compose? And which parameters for docker-compose should I use?

lmangani commented 2 years ago

Hello @perrfect no the docker-compose doesn't include any variables for enabling LDAP so the options are: 1) create a PR to extend the entrypoint and config template behaviour 2) map your own custom JSON config with the desired settings off your filesystem

perrfect commented 2 years ago

Hello @perrfect no the docker-compose doesn't include any variables for enabling LDAP so the options are:

1. create a PR to extend the [entrypoint](https://github.com/sipcapture/homer-app/blob/master/docker/docker-entrypoint.d/1) and [config template](https://github.com/sipcapture/homer-app/blob/master/docker/webapp_config.json#L57) behaviour

2. map your own custom JSON config with the desired settings off your filesystem

Hello. Thank you for your reply. I've checked and seems parameters from the endpoint work fine. But I didn't find how to create mapping for my LDAP groups and groups in homer. Is it possible mapping separate groups for admins and users?

lmangani commented 2 years ago

perhaps @adubovikov and his team might have a suggestion here

lmangani commented 2 years ago

@perrfect I would start by extending the template config with a variable for any fields you need to be configurable through ENV like you see for the other supported dynamic parameters, and then add it to the entrypoint. It's a copy-paste job using the examples already available - feel free to do a PR and we will correct if needed.

perrfect commented 2 years ago

@perrfect I would start by extending the template config with a variable for any fields you need to be configurable through ENV like you see for the other supported dynamic parameters, and then add it to the entrypoint. It's a copy-paste job using the examples already available - feel free to do a PR and we will correct if needed.

First of all I need understand why LDAP group mapping not working and then create a PR, because now I have not full working LDAP configuration(

lmangani commented 2 years ago

Sure. Unfortunately we can't help with that part but feel free to share any observations.

perrfect commented 2 years ago

Works fine for FreeIPA in this configuration in docker-compose:

      - "AUTH_TYPE=ldap"
      - "LDAP_BASE=dc=ipa,dc=example,dc=com"
      - "LDAP_HOST=ipa-1.example.com"
      - "LDAP_PORT=636"
      - "LDAP_SSL=true"
      - "LDAP_SKIP_TLS=false"
      - "LDAP_SKIP_VERIFY=true"
      - "LDAP_ANONYMOUS=false"
      - "LDAP_BIND_DN=uid=homer,cn=users,cn=accounts,dc=ipa,dc=example,dc=com"
      - "LDAP_BIND_PASS=PASSWORD"
      - "LDAP_USER_FILTER=(\\&(objectClass=person)(uid=%s))"
      - "LDAP_GROUP_FILTER=(member=%s)"
      - "LDAP_USER_DN=uid=%s,cn=users,cn=accounts,dc=ipa,dc=example,dc=com"
      - "LDAP_ADMINGROUP=admin"
      - "LDAP_USERGROUP=sec_homer_users"
      - "LDAP_USERMODE=false"
      - "LDAP_ADMINMODE=false"

Still only the problem described in this issue 127

Thank you. This issue can close.