From a6df84d49594e5aa02c1d28c6aa16c1472c7cd10 Mon Sep 17 00:00:00 2001 From: Taqi Tahmid Date: Mon, 5 May 2025 12:08:21 +0300 Subject: [PATCH] added ldap config info for jellyfin and gitea --- kubernetes/README.md | 55 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 53 insertions(+), 2 deletions(-) diff --git a/kubernetes/README.md b/kubernetes/README.md index 5385990..2c03662 100644 --- a/kubernetes/README.md +++ b/kubernetes/README.md @@ -221,6 +221,34 @@ kubectl apply -f media/pvc.yaml -n media envsubst < media/jellyfin-deploy.yaml | kubectl apply -n media -f - ``` +## Enable LDAP Authentication + +In order to enable LDAP authentication for Jellyfin, the LDAP +plugin must be installed. The LDAP plugin is not included in the +Jellyfin helm chart. The plugin must be installed manually by +from the GUI. + +1. Go to the Jellyfin web UI and login as admin. +2. Go to the Plugins section and click on the "Catalog" tab. +3. Search for the "LDAP" plugin and click on the "Install" button. +4. After the plugin is installed, go to the "Dashboard" section and click on + the "LDAP" tab. +5. Configure the LDAP settings as follows: + - LDAP Server: + - Host: 192.168.1.144 + - Port: 3890 + - LDAP Bind User: UID=admin,OU=people,DC=homelab,DC=local + - Bind Password: + - LDAP Base DN for searches: DC=homelab,DC=local + - LDAP Search Filter: (memberOf=CN=jellyfin_users,OU=groups,DC=homelab,DC=local) + - LDAP Search Attribute: uid, cn, mail, displayName + - LDAP Uid Attribute: uid + - LDAP Username Attribute: CN + - LDAP Password Attribute: userPassword + - LDAP Admin Bind DN: dc=homelab,dc=local + - LDAP Admin Filter: (memberOf=CN=jellyfin_users,OU=groups,DC=homelab,DC=local) + + ## Transfer media files from one PVC to another (Optional) To transfer media files from one PVC to another, create a temporary pod to copy @@ -428,7 +456,7 @@ source .env envsubst < postgres/pgadmin.yaml | kubectl apply -n postgres -f - ``` -## Gitea Git Server +# Gitea Git Server Reference: https://gitea.com/gitea/helm-chart/ @@ -487,7 +515,30 @@ and set the replicas to the desired number. kubectl edit statefulset gitea-act-runner -n gitea ``` -## Authentication Middleware Configuration for Traefik Ingress Controller +## Configure LDAP for Gitea + +Ref: https://github.com/lldap/lldap/blob/main/example_configs/gitea.md + +To configure LDAP authentication for Gitea, the LDAP server must be +deployed in the k3s cluster. + +LDAP config is done via the Gitea GUI. Here is the LDAP configuration + +```text +Host: 192.168.1.144 +Port: 3890 +Bind DN: uid=admin,ou=people,dc=homelab,dc=local +Bind Password: +User Search Base: ou=people,dc=homelab,dc=local +User Filter: (&(memberof=cn=gitea_user,ou=groups,dc=homelab,dc=local)(|(uid=%[1]s)(mail=%[1]s))) +Admin Filter: (memberOf=CN=gitea_admin,OU=groups,DC=homelab,DC=local) +User Name Attribute: uid +First Name Attribute: givenName +Last Name Attribute: sn +Email Attribute: mail +``` + +# Authentication Middleware Configuration for Traefik Ingress Controller The Traefik Ingress Controller provides robust authentication capabilities through middleware implementation. This functionality enables HTTP Basic