yealink-bridge/ldap-auth-server/DOCS.md

Home Assistant Add-on: LDAP Auth Server

How to use

1. Install the add-on.

2. Configure LDAP Server URL and Bind DN Template to match your LDAP server.

3. (Optionally) Configure Search Base DN and Search Filter Template if you want to hide some users from Home Assistant.

4. Copy the ldap_auth_command.sh file to your Home Assistant config directory.

5. Add a custom Command Line authentication provider to your configuration to call that script.

   homeassistant:
     auth_providers:
       - type: command_line
         command: /config/ldap_auth_command.sh
         args:
           # Provide the hostname of the add-on as the first argument. You can
           # the hostname on the add-on's Info page.
           - 7860403f-ldap-auth-server
         meta: true
       # Optionally add the homeassistant provider as a fallback if you're
       # concerned about a failed LDAP server locking you out of Home
       # Assistant.
       # - type: homeassistant
   

Limitations

These limitations are current as of Home Assistant v2023.2.

1. The users created via the command_line provider are different from the ones created via the homeassistant provider, even if their usernames are the same. This means you will lose all user configurations when adopting a new auth provider.

2. Users created by command_line provider are all Administrators, and it is not possible to change this in the UI. You will need to manually modify the group_ids field of the user in the /config/.storage/auth file to be system-users. Example

   {
     "id": "5de09f4cdcdb4d4fa2a39291147803df",
     "group_ids": [
       "system-users"
     ],
     ...
     "name": "Non-admin User",
     ...
   },
   

   Don't forget to restart your Home Assistant afterwards.

3. This add-on is only tested with an LLDAP server, so it is possible (though probably unlikely) that it doesn't work with other types of LDAP servers for one reason or another.