Created
October 20, 2023 21:19
-
-
Save sasoiliev/7ced162e3dfc9c94eadbf08eab0a5d78 to your computer and use it in GitHub Desktop.
authentik LDAP Outpost Blueprint
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: 1 | |
metadata: | |
labels: | |
blueprints.goauthentik.io/instantiate: "true" | |
name: ldap-outpost | |
context: {} | |
entries: | |
- id: ldap-auth-flow | |
identifiers: | |
name: ldap-authentication-flow | |
model: authentik_flows.flow | |
state: present | |
attrs: | |
authentication: require_unauthenticated | |
denied_action: message_continue | |
designation: authentication | |
layout: stacked | |
name: ldap-authentication-flow | |
policy_engine_mode: any | |
slug: ldap-authentication-flow | |
title: LDAP Authorization Flow | |
- id: default-identification-stage | |
identifiers: | |
name: default-authentication-identification | |
model: authentik_stages_identification.identificationstage | |
state: present | |
attrs: | |
case_insensitive_matching: true | |
name: default-authentication-identification | |
password_stage: !Find [authentik_stages_password.passwordstage, [name, default-authentication-password]] | |
show_matched_user: true | |
user_fields: | |
- username | |
- id: ldap-authentication-login | |
identifiers: | |
name: ldap-authentication-login | |
model: authentik_stages_user_login.userloginstage | |
state: present | |
attrs: | |
name: ldap-authentication-login | |
remember_me_offset: seconds=0 | |
session_duration: seconds=5 | |
- identifiers: | |
order: 10 | |
stage: !KeyOf ldap-authentication-login | |
target: !KeyOf ldap-auth-flow | |
model: authentik_flows.flowstagebinding | |
state: present | |
attrs: | |
invalid_response_action: retry | |
policy_engine_mode: any | |
re_evaluate_policies: true | |
- identifiers: | |
order: 30 | |
stage: !Find [authentik_stages_user_login.userloginstage, [name, default-authentication-login]] | |
target: !KeyOf ldap-auth-flow | |
model: authentik_flows.flowstagebinding | |
state: present | |
attrs: | |
invalid_response_action: retry | |
policy_engine_mode: any | |
re_evaluate_policies: true | |
- id: ldap-provider | |
identifiers: | |
name: LDAP | |
model: authentik_providers_ldap.ldapprovider | |
state: present | |
attrs: | |
authorization_flow: !KeyOf ldap-auth-flow | |
base_dn: !Env _AUTHENTIK_LDAP_BASE_DN | |
bind_mode: direct | |
gid_start_number: 4000 | |
name: LDAP | |
search_mode: direct | |
uid_start_number: 2000 | |
- identifiers: | |
name: LDAP | |
model: authentik_core.application | |
state: present | |
attrs: | |
name: LDAP | |
policy_engine_mode: any | |
provider: !KeyOf ldap-provider | |
slug: ldap | |
- identifiers: | |
name: LDAP | |
model: authentik_outposts.outpost | |
state: | |
present | |
attrs: | |
config: | |
authentik_host: http://server:9000 | |
authentik_host_browser: '' | |
authentik_host_insecure: false | |
container_image: null | |
docker_labels: null | |
docker_map_ports: true | |
docker_network: null | |
kubernetes_disabled_components: [] | |
kubernetes_image_pull_secrets: [] | |
kubernetes_ingress_annotations: {} | |
kubernetes_ingress_class_name: null | |
kubernetes_ingress_secret_name: authentik-outpost-tls | |
kubernetes_json_patches: null | |
kubernetes_namespace: default | |
kubernetes_replicas: 1 | |
kubernetes_service_type: ClusterIP | |
log_level: info | |
object_naming_template: ak-outpost-%(name)s | |
name: LDAP | |
providers: | |
- !KeyOf ldap-provider | |
type: ldap |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment