summaryrefslogtreecommitdiff
path: root/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'README.md')
-rw-r--r--README.md34
1 files changed, 34 insertions, 0 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..aa3610e
--- /dev/null
+++ b/README.md
@@ -0,0 +1,34 @@
+## ldap_forwardauth
+
+LDAP Forward Auth is a forward auth service (shocking) that i made to use with the caddy reverse proxy.
+
+It allows a proxied login page to appear if a user tries to access restricted content while not logged in.
+
+It uses LDAP for authentication, which can be configured in the conf/ldap/ldap.env file.
+
+```
+# the following is all the ldap credentials for a ldap bind dn auth setup
+# this does not support ldap simple auth
+LDAP_URL=
+LDAP_BIND_DN=
+LDAP_BIND_PASSWORD=
+LDAP_BASE_DN=
+LDAP_FILTER="(&)"
+LDAP_UID="cn"
+
+# the host that the forward auth is hosted at
+# if the user is not logged in they will be redirected here
+HTTP_HOST=auth.example.com
+
+# the base domain for all websites that are being authed checked including the forward auth itself.
+# they all need to have a common root domain otherwise the X-LDAP-Auth-Key cookie cannot be set.
+COOKIE_DOMAIN=example.com
+```
+
+Once authenticated, sets the X-Webauth-User header, which can be used by applications to see who is logged in.
+
+### how to run
+
+'''
+docker compose up -d
+'''
generated by cgit v1.2.3-freya (git 2.51.0) at 2025-09-22 17:28:51 +0000