TrueCharts LLDAP
Overview
Setup the TrueCharts LLDAP application on TrueNAS Scale.
Assumptions
TrueNAS Scale Setup completed.
TrueCharts Setup completed.
TrueCharts Traefik completed.
Logged in as administrative user.
WARNING: TrueCharts Deprecated
TrueCharts has unfortunately been deprecated with the removal of Kubernetes from TrueNAS Scale. Consider another solution, do not start a fresh deployment of TrueCharts applications with TrueNAS Scale. Refer to the following resources for more details.
- TrueCharts. “Deprecation of TrueNAS SCALE Apps.” 2024.
- TrueNAS. “The Future of Electric Eel and Apps.” 2024.
Install LLDAP
Navigate to the Applications
page in the TrueNAS Scale dashboard, Apps
on the main navigation.
Switch to the Available Applications
tab in the Applications
page.
Using the search tool, find the lldap
application. Verify LLDAP is from the TrueCharts
catalog and is on the Stable
train.
Select Install
to begin configuration and installation of the application. Configuration options not mentioned in this section can be left as default.
Application Name
Setting | Value | Description |
---|---|---|
Application Name | lldap | Name for the application. |
Version Number | #.#.# | Version to use, latest by default. |
Containers
Setting | Value | Description |
---|---|---|
LDAP Base DN | dc=example,dc=com | The distinguished name of the domain. Modify to fit the server domain. |
LDAP User DN | lldapadmin | Username for the LDAP admin user. |
LDAP User Email | [email protected] | Email address for the LDAP admin user. |
LDAP User Password | GenerateSecurePassword | Generate a secure password and save for access. |
Public URL | ldap://lldap.ix-lldap.svc.cluster.local | Domain name on TrueNAS local cluster. |
Enable Verbose | false | Enable when LDAP is giving you headaches. |
Show SMTP Settings | false | Enable for SMTP options. Leave disabled when using providers like Authelia or Authentik. |
Networking and Services
Setting | Value | Description |
---|---|---|
Main Service | — | — |
Service Type | ClusterIP (Do Not Expose Ports) | LLDAP service dashboard, use ClusterIP so it can be accessed via ingress. |
Port | 17170 | Default port. |
LDAP Service | — | — |
Service Type | ClusterIP (Do Not Expose Ports) | LLDAP LDAP service, use ClusterIP so it is only available to other TrueNAS cluster applications. |
Port | 3890 | Default port. |
Storage and Persistence
Setting | Value | Description |
---|---|---|
App Config Storage | — | — |
Type of Storage | PVC | Use PersistentVolume. |
Read Only | false | Keep disabled, write permission required. |
Size quotum of Storage | 16Gi | Maximum disk usage - can never be decreased, only increased. |
Ingress
Setting | Value | Description |
---|---|---|
Main Ingress | — | — |
Enable Ingress | true | Toggle ingress state. |
HostName | lldap.example.com | Ingress host on the server domain. |
Path | / | Root path. |
Path Type | Prefix | Prefix path. |
Cert-Manager clusterIssuer | cert | Cluster issuer for automatic certificates. |
Traefik Middlewares |
| Leave empty until authentication provider is setup. |
Save
Verify you have checked the TrueCharts documentation for LLDAP and Save
. The application will begin installation and deploy. Navigate to the Installed Applications
tab to monitor the status.
Setup
Login
Login to LLDAP at the configured ingress domain, https://lldap.example.com/
. The username will be the LDAP User DN / Password configured during setup.
Create Groups
Required groups will depend on the applications being used with the server. The process for creating groups is the same every time. Add a group called all_users
, for use and example.
- Navigate to the
Groups
tab in LLDAP. - Select
Create a group
on the Groups page. - Name the group
all_users
. - Select
Submit
.
Navigate back to the Groups
tab and notice the all_users
group is now preset.
Create Users
Create user accounts for sentient users and system users.
- Navigate to the
Users
tab in LLDAP. - Select
Create a user
on the Users page. - Complete the user creation form.
- Select
Submit
.
Setting | Value | Description |
---|---|---|
User Name | test | UID for the user. |
[email protected] | User email address. | |
Display Name | Test | User decorative display name, used by applications. |
Password | GenerateSecurePassword | Select default user password. Users should be forced to reset later. |
When the new user is a person, the user should be added to the all_users
group.
When the new user is a system or application user, add them to the LLDAP group granting the least required permissions. For example, the Authelia user should be added to the lldap_password_manager
group.
References
iXsystems. “TrueNAS Documentation.” 2024. ↩︎
TrueCharts. “TrueCharts Documentation.” 2024. ↩︎
TrueCharts. “TrueCharts GitHub.” 2024. ↩︎
TrueCharts. “LightLDAP Chart.” 2024. ↩︎
LightLDAP. “LLDAP GitHub.” 2024. ↩︎
Traefik Labs. “Traefik Documentation.” 2024. ↩︎
Traefik Labs. “Traefik GitHub.” 2024. ↩︎