taqi/homeserver
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added ldap config info for jellyfin and gitea

Browse Source
This commit is contained in:
Taqi Tahmid
2025-05-05 12:08:21 +03:00
parent fd8a011aa8
commit a6df84d495
1 changed files with 53 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
kubernetes/README.md
View File

@ -221,6 +221,34 @@ kubectl apply -f media/pvc.yaml -n media
envsubst < media/jellyfin-deploy.yaml | kubectl apply -n media -f - envsubst < media/jellyfin-deploy.yaml | kubectl apply -n media -f -
``` ```
## Enable LDAP Authentication
In order to enable LDAP authentication for Jellyfin, the LDAP
plugin must be installed. The LDAP plugin is not included in the
Jellyfin helm chart. The plugin must be installed manually by
from the GUI.
1. Go to the Jellyfin web UI and login as admin.
2. Go to the Plugins section and click on the "Catalog" tab.
3. Search for the "LDAP" plugin and click on the "Install" button.
4. After the plugin is installed, go to the "Dashboard" section and click on
the "LDAP" tab.
5. Configure the LDAP settings as follows:
- LDAP Server:
- Host: 192.168.1.144
- Port: 3890
- LDAP Bind User: UID=admin,OU=people,DC=homelab,DC=local
- Bind Password:
- LDAP Base DN for searches: DC=homelab,DC=local
- LDAP Search Filter: (memberOf=CN=jellyfin_users,OU=groups,DC=homelab,DC=local)
- LDAP Search Attribute: uid, cn, mail, displayName
- LDAP Uid Attribute: uid
- LDAP Username Attribute: CN
- LDAP Password Attribute: userPassword
- LDAP Admin Bind DN: dc=homelab,dc=local
- LDAP Admin Filter: (memberOf=CN=jellyfin_users,OU=groups,DC=homelab,DC=local)
## Transfer media files from one PVC to another (Optional) ## Transfer media files from one PVC to another (Optional)
To transfer media files from one PVC to another, create a temporary pod to copy To transfer media files from one PVC to another, create a temporary pod to copy
@ -428,7 +456,7 @@ source .env
envsubst < postgres/pgadmin.yaml | kubectl apply -n postgres -f - envsubst < postgres/pgadmin.yaml | kubectl apply -n postgres -f -
``` ```
## Gitea Git Server # Gitea Git Server
Reference: Reference:
https://gitea.com/gitea/helm-chart/ https://gitea.com/gitea/helm-chart/
@ -487,7 +515,30 @@ and set the replicas to the desired number.
kubectl edit statefulset gitea-act-runner -n gitea kubectl edit statefulset gitea-act-runner -n gitea
``` ```
## Authentication Middleware Configuration for Traefik Ingress Controller ## Configure LDAP for Gitea
Ref: https://github.com/lldap/lldap/blob/main/example_configs/gitea.md
To configure LDAP authentication for Gitea, the LDAP server must be
deployed in the k3s cluster.
LDAP config is done via the Gitea GUI. Here is the LDAP configuration
```text
Host: 192.168.1.144
Port: 3890
Bind DN: uid=admin,ou=people,dc=homelab,dc=local
Bind Password: <admin password>
User Search Base: ou=people,dc=homelab,dc=local
User Filter: (&(memberof=cn=gitea_user,ou=groups,dc=homelab,dc=local)(|(uid=%[1]s)(mail=%[1]s)))
Admin Filter: (memberOf=CN=gitea_admin,OU=groups,DC=homelab,DC=local)
User Name Attribute: uid
First Name Attribute: givenName
Last Name Attribute: sn
Email Attribute: mail
```
# Authentication Middleware Configuration for Traefik Ingress Controller
The Traefik Ingress Controller provides robust authentication capabilities The Traefik Ingress Controller provides robust authentication capabilities
through middleware implementation. This functionality enables HTTP Basic through middleware implementation. This functionality enables HTTP Basic