From f1aec8ce907d0d4751b3476eb2d764177d1782e9 Mon Sep 17 00:00:00 2001
From: Simon <simonthiessen@posteo.de>
Date: Fri, 22 Nov 2024 15:54:52 +0100
Subject: [PATCH] add ldap outpost configuration

---
 .env.sample               |  2 ++
 README.md                 |  6 ++++++
 compose.outposts.ldap.yml | 23 +++++++++++++++++++++++
 3 files changed, 31 insertions(+)
 create mode 100644 compose.outposts.ldap.yml

diff --git a/.env.sample b/.env.sample
index 8cfd635..34d4b1b 100644
--- a/.env.sample
+++ b/.env.sample
@@ -18,6 +18,8 @@ AUTHENTIK_LOG_LEVEL=info
 
 ## Outpost Integration
 # COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.yml"
+# COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.ldap.yml"
+# SECRET_LDAP_TOKEN_VERSION=v1
 
 ## ADMIN
 AUTHENTIK_BOOTSTRAP_EMAIL=admin@example.com
diff --git a/README.md b/README.md
index 7e6ac5b..5782b2d 100644
--- a/README.md
+++ b/README.md
@@ -54,6 +54,12 @@ Set the nextcloud Icon using `abra app cmd -l -d <app_name> set_icons`
 
 The configuration inside Nextcloud can be found in the [nextcloud recipe](https://git.coopcloud.tech/coop-cloud/nextcloud#authentik-integration)
 
+## Add LDAP outpost
+
+- Follow [this official guide](https://docs.goauthentik.io/docs/add-secure-apps/providers/ldap/generic_setup) and skip the LDAP Flow as we don't need it.
+- Token under `Applications` -> `Outposts` `-> `View install info` is needed to setup outpost manually
+- tbc...
+
 ## Import User from CSV
 
 Users can be imported from a CSV file of the following format:
diff --git a/compose.outposts.ldap.yml b/compose.outposts.ldap.yml
new file mode 100644
index 0000000..01f1455
--- /dev/null
+++ b/compose.outposts.ldap.yml
@@ -0,0 +1,23 @@
+version: "3.8"
+services:
+  authentik_ldap:
+      image: ghcr.io/goauthentik/ldap
+      # Optionally specify which networks the container should be
+      # might be needed to reach the core authentik server
+      networks:
+        - internal
+        - proxy
+      ports:
+        - 389:3389
+        - 636:6636
+      secrets:
+        - ldap_token
+      environment:
+        - AUTHENTIK_HOST=https://${DOMAIN}
+        - AUTHENTIK_INSECURE=true
+        - AUTHENTIK_TOKEN=file:///run/secrets/ldap_token
+
+secrets:
+  ldap_token:
+    external: true
+    name: ${STACK_NAME}_ldap_token_${SECRET_LDAP_TOKEN_VERSION}
\ No newline at end of file