yadd/lemonldap-ng-portal

Lemonldap::NG portal based on yadd/lemonldap-ng-base⁠

Note that you should share sessions and configuration to use. See docker-compose example to see how to do this using redis and PostgreSQL⁠.

Tags

• stable: latest lemonldap-ng* packages from Debian backports
• stable-no-s6: the same without S6-overlay⁠
• 2.x.x: versioned lemonldap-ng* packages from Debian backports
• 2.x.x-no-s6: the same without S6-overlay⁠

Features (inherited from yadd/lemonldap-ng-base⁠)

• Update current configuration using given variables :
  • set domain (SSODOMAIN)
  • set portal (PORTAL)
  • set log level (LOGLEVEL)
  • if REDIS_SERVER is set, change globalStorage to Apache::Session::Browseable::Redis and configure it (indexes given by REDIS_INDEXES, default: "uid mail")
• Upload local configuration into PostgreSQL database if:
  • PG_SERVER is given AND
  • PostgreSQL table is empty

Variables and default values

See yadd/lemonldap-ng-base⁠

• Other:
  • DEFAULT_WEBSITE = no, if set to yes the default Nginx website is deleted
  • PROTECTION = manager, set it to none if you don't want to protect the manager by LemonLDAP-NG itself
  • AUTHBASIC, if you use PROTECTION=none, you can add a basic authentication using AUTHBASIC=<login>:<password>

Docker-compose example

Example with Crowdsec enabled, Postgres database and Redis to share sessions.

version: "3.4"

services:
  db:
    image: yadd/lemonldap-ng-pg-database
    environment:
      - POSTGRES_PASSWORD=zz
    healthcheck:
      test: ["CMD-SHELL", "pg_isready"]
      interval: 10s
      timeout: 5s
      retries: 5
  redis:
    image: redis
  portal:
    image: yadd/lemonldap-ng-portal
    environment:
      - PG_SERVER=db
      - REDIS_SERVER=redis:6379
      - LOGGER=stderr
      - USERLOGGER=stderr
      - CROWDSEC_SERVER=http://crowdsec:8080
      - CROWDSEC_KEY=myrandomstring
      - CROWDSEC_ACTION=reject
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_started
  manager:
    image: yadd/lemonldap-ng-manager
    environment:
      - PG_SERVER=db
      - REDIS_SERVER=redis:6379
      - LOGGER=stderr
      - USERLOGGER=stderr
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_started
      portal:
        condition: service_started
  crowdsec:
    image: crowdsecurity/crowdsec
    environment:
      - BOUNCER_KEY_llng=myrandomstring

  haproxy:
    image: haproxy:2.6-bullseye
    ports:
      - 80:80
    volumes:
      - ./haproxy:/usr/local/etc/haproxy:ro
    sysctls:
      - net.ipv4.ip_unprivileged_port_start=0
    depends_on:
      - portal
      - manager

Repository and bug reports

• Repository: github.com/guimard/llng-docker⁠
• Dockerfile⁠
• Issues database⁠

Copyright and license

Copyright:

• 2018-2024, Xavier Guimard yadd@debian.org⁠
• 2023-2024, LINAGORA https://linagora.com⁠

License: GNU General Public License v2.0⁠