LLDAP Setup

Last Edit: 2023.12.10

Overview

Setup the TrueCharts LLDAP application on TrueNAS Scale.

Assumptions

Install LLDAP

Navigate to the Applications page in the TrueNAS Scale dashboard, Apps on the main navigation.

Switch to the Available Applications tab in the Applications page.

Using the search tool, find the lldap application. Verify LLDAP is from the TrueCharts catalog and is on the Stable train.

Select Install to begin configuration and installation of the application. Configuration options not mentioned in this section can be left as default.

Application Name

SettingValueDescription
Application NamelldapName for the application.
Version Number#.#.#Version to use, latest by default.

Containers

SettingValueDescription
LDAP Base DNdc=example,dc=comThe distinguished name of the domain. Modify to fit the server domain.
LDAP User DNlldapadminUsername for the LDAP admin user.
LDAP User Email[email protected]Email address for the LDAP admin user.
LDAP User PasswordGenerateSecurePasswordGenerate a secure password and save for access.
Public URLldap://lldap.ix-lldap.svc.cluster.localDomain name on TrueNAS local cluster.
Enable VerbosefalseEnable when LDAP is giving you headaches.
Show SMTP SettingsfalseEnable for SMTP options. Leave disabled when using providers like Authelia or Authentik.

Networking and Services

SettingValueDescription
Main Service
Service TypeClusterIP (Do Not Expose Ports)LLDAP service dashboard, use ClusterIP so it can be accessed via ingress.
Port17170Default port.
LDAP Service
Service TypeClusterIP (Do Not Expose Ports)LLDAP LDAP service, use ClusterIP so it is only available to other TrueNAS cluster applications.
Port3890Default port.

Storage and Persistence

SettingValueDescription
App Config Storage
Type of StoragePVCUse PersistentVolume.
Read OnlyfalseKeep disabled, write permission required.
Size quotum of Storage16GiMaximum disk usage - can never be decreased, only increased.

Ingress

SettingValueDescription
Main Ingress
Enable IngresstrueToggle ingress state.
HostNamelldap.example.comIngress host on the server domain.
Path/Root path.
Path TypePrefixPrefix path.
Cert-Manager clusterIssuercertCluster issuer for automatic certificates.
Traefik MiddlewaresLeave empty until authentication provider is setup.

Save

Verify you have checked the TrueCharts documentation for LLDAP and Save. The application will begin installation and deploy. Navigate to the Installed Applications tab to monitor the status.

Setup

Login

Login to LLDAP at the configured ingress domain, https://lldap.example.com/. The username will be the LDAP User DN / Password configured during setup.

LLDAP login page.

Create Groups

Required groups will depend on the applications being used with the server. The process for creating groups is the same every time. Add a group called all_users, for use and example.

  • Navigate to the Groups tab in LLDAP.
  • Select Create a group on the Groups page.
  • Name the group all_users.
  • Select Submit.

Navigate back to the Groups tab and notice the all_users group is now preset.

LLDAP Groups page.

Create Users

Create user accounts for sentient users and system users.

  • Navigate to the Users tab in LLDAP.
  • Select Create a user on the Users page.
  • Complete the user creation form.
  • Select Submit.
SettingValueDescription
User NametestUID for the user.
Email[email protected]User email address.
Display NameTestUser decorative display name, used by applications.
PasswordGenerateSecurePasswordSelect default user password. Users should be forced to reset later.

When the new user is a person, the user should be added to the all_users group.

When the new user is a system or application user, add them to the LLDAP group granting the least required permissions. For example, the Authelia user should be added to the lldap_password_manager group.

LLDAP Users page.

References

1 2 3

  1. TrueNAS Scale Documentation ↩︎

  2. TrueCharts Documentation ↩︎

  3. LLDAP Documentation ↩︎