BlackDragon/yealink-bridge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
yealink-bridge/ldap-auth-server/DOCS.md
Kyan Wanschers c432c7dbf2 add ldap thing
2025-02-19 19:31:51 +01:00

62 lines
2.3 KiB
Markdown
Raw Blame History

# Home Assistant Add-on: LDAP Auth Server
## How to use
1. Install the add-on.
2. Configure `LDAP Server URL` and `Bind DN Template` to match your LDAP
server.
3. (Optionally) Configure `Search Base DN` and `Search Filter Template` if you
want to hide some users from Home Assistant.
4. Copy the
[ldap_auth_command.sh](https://github.com/vqvu/home-assistant-addons/ldap-auth-server/ldap_auth_command.sh)
file to your Home Assistant config directory.
5. Add a custom [Command Line authentication
provider](https://www.home-assistant.io/docs/authentication/providers/#command-line)
to your configuration to call that script.
```yaml
homeassistant:
auth_providers:
- type: command_line
command: /config/ldap_auth_command.sh
args:
# Provide the hostname of the add-on as the first argument. You can
# the hostname on the add-on's Info page.
- 7860403f-ldap-auth-server
meta: true
# Optionally add the homeassistant provider as a fallback if you're
# concerned about a failed LDAP server locking you out of Home
# Assistant.
# - type: homeassistant
```
## Limitations
These limitations are current as of Home Assistant v2023.2.
1. The users created via the `command_line` provider are different from the
ones created via the `homeassistant` provider, even if their usernames are
the same. This means you will lose all user configurations when adopting a
new auth provider.
2. Users created by `command_line` provider are all Administrators, and it is
not possible to change this in the UI. You will need to manually modify the
`group_ids` field of the user in the `/config/.storage/auth` file to be
`system-users`. Example
```json
{
"id": "5de09f4cdcdb4d4fa2a39291147803df",
"group_ids": [
"system-users"
],
...
"name": "Non-admin User",
...
},
```
Don't forget to restart your Home Assistant afterwards.
3. This add-on is only tested with an [LLDAP
server](https://github.com/nitnelave/lldap), so it is possible (though
probably unlikely) that it doesn't work with other types of LDAP servers for
one reason or another.
Reference in a new issue View git blame Copy permalink