TrueCharts LLDAP
Overview
Setup the TrueCharts LLDAP application on TrueNAS Scale.
Assumptions
TrueNAS Scale Setup completed.
TrueCharts Setup completed.
TrueCharts Traefik completed.
Logged in as administrative user.
WARNING: TrueCharts Depreciated
TrueCharts has unfortunately been depreciated with the pending removal of Kubernetes from TrueNAS Scale. Consider another solution, do not start a fresh deployment of TrueCharts applications. Refer to the following resources for more details.
- TrueCharts. “Deprecation of TrueNAS SCALE Apps.” 2024.
- TrueNAS. “The Future of Electric Eel and Apps.” 2024.
Install LLDAP
Navigate to the Applications page in the TrueNAS Scale dashboard, Apps on the main navigation.
Switch to the Available Applications tab in the Applications page.
Using the search tool, find the lldap application. Verify LLDAP is from the TrueCharts catalog and is on the Stable train.
Select Install to begin configuration and installation of the application. Configuration options not mentioned in this section can be left as default.
Application Name
| Setting | Value | Description |
|---|---|---|
| Application Name | lldap | Name for the application. |
| Version Number | #.#.# | Version to use, latest by default. |
Containers
| Setting | Value | Description |
|---|---|---|
| LDAP Base DN | dc=example,dc=com | The distinguished name of the domain. Modify to fit the server domain. |
| LDAP User DN | lldapadmin | Username for the LDAP admin user. |
| LDAP User Email | [email protected] | Email address for the LDAP admin user. |
| LDAP User Password | GenerateSecurePassword | Generate a secure password and save for access. |
| Public URL | ldap://lldap.ix-lldap.svc.cluster.local | Domain name on TrueNAS local cluster. |
| Enable Verbose | false | Enable when LDAP is giving you headaches. |
| Show SMTP Settings | false | Enable for SMTP options. Leave disabled when using providers like Authelia or Authentik. |
Networking and Services
| Setting | Value | Description |
|---|---|---|
| Main Service | — | — |
| Service Type | ClusterIP (Do Not Expose Ports) | LLDAP service dashboard, use ClusterIP so it can be accessed via ingress. |
| Port | 17170 | Default port. |
| LDAP Service | — | — |
| Service Type | ClusterIP (Do Not Expose Ports) | LLDAP LDAP service, use ClusterIP so it is only available to other TrueNAS cluster applications. |
| Port | 3890 | Default port. |
Storage and Persistence
| Setting | Value | Description |
|---|---|---|
| App Config Storage | — | — |
| Type of Storage | PVC | Use PersistentVolume. |
| Read Only | false | Keep disabled, write permission required. |
| Size quotum of Storage | 16Gi | Maximum disk usage - can never be decreased, only increased. |
Ingress
| Setting | Value | Description |
|---|---|---|
| Main Ingress | — | — |
| Enable Ingress | true | Toggle ingress state. |
| HostName | lldap.example.com | Ingress host on the server domain. |
| Path | / | Root path. |
| Path Type | Prefix | Prefix path. |
| Cert-Manager clusterIssuer | cert | Cluster issuer for automatic certificates. |
| Traefik Middlewares | | Leave empty until authentication provider is setup. |
Save
Verify you have checked the TrueCharts documentation for LLDAP and Save. The application will begin installation and deploy. Navigate to the Installed Applications tab to monitor the status.
Setup
Login
Login to LLDAP at the configured ingress domain, https://lldap.example.com/. The username will be the LDAP User DN / Password configured during setup.
Create Groups
Required groups will depend on the applications being used with the server. The process for creating groups is the same every time. Add a group called all_users, for use and example.
- Navigate to the
Groupstab in LLDAP. - Select
Create a groupon the Groups page. - Name the group
all_users. - Select
Submit.
Navigate back to the Groups tab and notice the all_users group is now preset.
Create Users
Create user accounts for sentient users and system users.
- Navigate to the
Userstab in LLDAP. - Select
Create a useron the Users page. - Complete the user creation form.
- Select
Submit.
| Setting | Value | Description |
|---|---|---|
| User Name | test | UID for the user. |
[email protected] | User email address. | |
| Display Name | Test | User decorative display name, used by applications. |
| Password | GenerateSecurePassword | Select default user password. Users should be forced to reset later. |
When the new user is a person, the user should be added to the all_users group.
When the new user is a system or application user, add them to the LLDAP group granting the least required permissions. For example, the Authelia user should be added to the lldap_password_manager group.
