LDAP authentication plugin for Tiny Tiny RSS forked from TTRSS-Auth-LDAP - updated and extended:
- Active Directory authentication is now supported without some dedicated bind-account.
- There is a new filter for admin-users.
- Full name and email can be fetched from LDAP.
A full Docker Compose example setup can be found here.
-
Follow Tiny Tiny RSS docker installation guide but build your own image by using some simple
Dockerfile
likeFROM cthulhoo/ttrss-fpm-pgsql-static:latest RUN apk add php83-ldap # Plugins WORKDIR /var/www/html/tt-rss/plugins.local RUN git clone https://github.com/pasbec/ttrss-auth-ldap.git auth_ldap # ... WORKDIR /opt/tt-rss
-
Enable the plugin by adding
auth_ldap
toTTRSS_PLUGINS
, e.g.TTRSS_PLUGINS=auth_ldap, auth_internal, note, nginx_xaccel
-
Configure the plugin via its own environment variables:
# Example for Active Directory search with extended attribute retrieval, user/admin filters and support for nested groups without requiring separate bind account TTRSS_LDAP_URI=ldap://dc.some.example.com TTRSS_LDAP_TLS=true # optional TTRSS_LDAP_BASE_DN=CN=Users,DC=some,DC=example,DC=com TTRSS_LDAP_BIND_DN=SOME\%login TTRSS_LDAP_BIND_PW=%password TTRSS_LDAP_ADMIN_FILTER=(&(objectClass=person)(memberOf:1.2.840.113556.1.4.1941:=CN=TinyTinyRSS-Admins,CN=Users,DC=some,DC=example,DC=com)(sAMAccountName=%login)) # optional TTRSS_LDAP_USER_FILTER=(&(objectClass=person)(memberOf:1.2.840.113556.1.4.1941:=CN=TinyTinyRSS-Users,CN=Users,DC=some,DC=example,DC=com)(sAMAccountName=%login)) TTRSS_LDAP_USER_ATTRIBUTE=sAMAccountName TTRSS_LDAP_NAME_ATTRIBUTE=name # optional TTRSS_LDAP_MAIL_ATTRIBUTE=mail # optional # General example using dedicated bind account TTRSS_LDAP_URI=ldap://localhost TTRSS_LDAP_TLS=false # optional TTRSS_LDAP_BASE_DN=DC=example,DC=com TTRSS_LDAP_BIND_DN=CN=some-bind-user,DC=example,DC=com TTRSS_LDAP_BIND_PW=<SOME_BIND_USER_PASSWORD> TTRSS_LDAP_USER_FILTER=(&(objectClass=person)(uid=%login)) TTRSS_LDAP_USER_ATTRIBUTE=uid # General example using anonymous bind TTRSS_LDAP_URI=ldap://localhost TTRSS_LDAP_TLS=false # optional TTRSS_LDAP_BASE_DN=DC=example,DC=com TTRSS_LDAP_USER_FILTER=(&(objectClass=person)(uid=%login)) TTRSS_LDAP_USER_ATTRIBUTE=uid