62 lines
2.3 KiB
Markdown
62 lines
2.3 KiB
Markdown
# Home Assistant Add-on: LDAP Auth Server
|
|
|
|
## How to use
|
|
|
|
1. Install the add-on.
|
|
2. Configure `LDAP Server URL` and `Bind DN Template` to match your LDAP
|
|
server.
|
|
3. (Optionally) Configure `Search Base DN` and `Search Filter Template` if you
|
|
want to hide some users from Home Assistant.
|
|
4. Copy the
|
|
[ldap_auth_command.sh](https://github.com/vqvu/home-assistant-addons/ldap-auth-server/ldap_auth_command.sh)
|
|
file to your Home Assistant config directory.
|
|
5. Add a custom [Command Line authentication
|
|
provider](https://www.home-assistant.io/docs/authentication/providers/#command-line)
|
|
to your configuration to call that script.
|
|
|
|
```yaml
|
|
homeassistant:
|
|
auth_providers:
|
|
- type: command_line
|
|
command: /config/ldap_auth_command.sh
|
|
args:
|
|
# Provide the hostname of the add-on as the first argument. You can
|
|
# the hostname on the add-on's Info page.
|
|
- 7860403f-ldap-auth-server
|
|
meta: true
|
|
# Optionally add the homeassistant provider as a fallback if you're
|
|
# concerned about a failed LDAP server locking you out of Home
|
|
# Assistant.
|
|
# - type: homeassistant
|
|
```
|
|
|
|
## Limitations
|
|
|
|
These limitations are current as of Home Assistant v2023.2.
|
|
|
|
1. The users created via the `command_line` provider are different from the
|
|
ones created via the `homeassistant` provider, even if their usernames are
|
|
the same. This means you will lose all user configurations when adopting a
|
|
new auth provider.
|
|
2. Users created by `command_line` provider are all Administrators, and it is
|
|
not possible to change this in the UI. You will need to manually modify the
|
|
`group_ids` field of the user in the `/config/.storage/auth` file to be
|
|
`system-users`. Example
|
|
|
|
```json
|
|
{
|
|
"id": "5de09f4cdcdb4d4fa2a39291147803df",
|
|
"group_ids": [
|
|
"system-users"
|
|
],
|
|
...
|
|
"name": "Non-admin User",
|
|
...
|
|
},
|
|
```
|
|
|
|
Don't forget to restart your Home Assistant afterwards.
|
|
3. This add-on is only tested with an [LLDAP
|
|
server](https://github.com/nitnelave/lldap), so it is possible (though
|
|
probably unlikely) that it doesn't work with other types of LDAP servers for
|
|
one reason or another.
|