3diy
/
moonraker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: add ldap documentation 

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
This commit is contained in:
Eric Callahan 2022-06-10 10:23:26 -04:00
parent 65d532a6cf
commit a492ae983c
No known key found for this signature in database
GPG Key ID: 7027245FBBDDF59A
2 changed files with 61 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
docs/configuration.md
View File

@ -285,6 +285,46 @@ force_logins: False
# one user has been created, overriding the "trusted_clients" configuration.
# If no users have been created then trusted client checks will apply.
# The default is False.
default_source: moonraker
# The default source used to authenticate user logins. Can be "ldap" or
# "moonraker" The default is "moonraker".
```
### `[ldap]`
The `ldap` module may be used by `[authorization]` to perform user
authentication though an ldap server.
```ini
# moonraker.conf
[ldap]
ldap_host: ldap.local
# The host address of the LDAP server. This parameter must be provided
ldap_port:
# The LDAP server's port. The default is 389 for standard connections
# and 636 for SSL/TLS connections.
ldap_secure: True
# Enables LDAP over SSL/TLS. The default is False.
base_dn: DC=ldap,DC=local
# The base distinguished name used to search for users on the server.
# This option accepts Jinja2 Templates, see the [secrets] section for details.
# This parameter must be provided.
bind_dn: {secrets.ldap_credentials.bind_dn}
# The distinguished name for bind authentication. For example:
# CN=moonraker,OU=Users,DC=ldap,DC=local
# This option accepts Jinja2 Templates, see the [secrets] section for
# details. By default the ldap client will attempt to bind anonymously.
bind_password: {secrets.ldap_credentials.bind_password}
# The password for bind authentication. This option accepts Jinja2 Templates,
# see the [secrets] section for details. This parameter must be provided
# if a "bind_dn" is specified, otherwise it must be omitted.
group_dn: CN=moonraker,OU=Groups,DC=ldap,DC=local
# A group distinguished name in which the user must be a member of to pass
# authentication. This option accepts Jinja2 Templates, see the [secrets]
# section for details. The default is no group requirement.
is_active_directory: True
# Enables support for Microsoft Active Directory. The default is False.
```
### `[octoprint_compat]`

28
docs/web_api.md
View File

@ -1900,11 +1900,18 @@ Content-Type: application/json
{
"username": "my_user",
"password": "my_password"
"password": "my_password",
"source": "moonraker"
}
```
JSON-RPC request: Not Available
Arguments:
- `username`: The user login name. This argument is required.
- `password`: The user password. This arugment is required.
- `source`: The authentication source. Can be `moonraker` or `ldap`. The
default is `moonraker`.
Returns: An object the logged in username, auth token, refresh token,
and action summary:
```json
@ -1912,7 +1919,8 @@ and action summary:
"username": "my_user",
"token": "eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpc3MiOiAiTW9vbnJha2VyIiwgImlhdCI6IDE2MTg4NzY4MDAuNDgxNjU1LCAiZXhwIjogMTYxODg4MDQwMC40ODE2NTUsICJ1c2VybmFtZSI6ICJteV91c2VyIiwgInRva2VuX3R5cGUiOiAiYXV0aCJ9.QdieeEskrU0FrH7rXKuPDSZxscM54kV_vH60uJqdU9g",
"refresh_token": "eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpc3MiOiAiTW9vbnJha2VyIiwgImlhdCI6IDE2MTg4NzY4MDAuNDgxNzUxNCwgImV4cCI6IDE2MjY2NTI4MDAuNDgxNzUxNCwgInVzZXJuYW1lIjogIm15X3VzZXIiLCAidG9rZW5fdHlwZSI6ICJyZWZyZXNoIn0.btJF0LJfymInhGJQ2xvPwkp2dFUqwgcw4OA_wE-EcCM",
"action": "user_logged_in"
"action": "user_logged_in",
"source": "moonraker"
}
```
- The `token` field is a JSON Web Token used to authorize the user. It should
@ -1924,7 +1932,7 @@ and action summary:
!!! Note
This endpoint may be accessed by unauthorized clients. A 401 would
only be returned if the username and/or password is invalid.
only be returned if the authentication failed.
#### Logout Current User
HTTP Request:
@ -1949,11 +1957,12 @@ GET /access/user
```
JSON-RPC request: Not Available
Returns: An object containing the currently logged in user name and
Returns: An object containing the currently logged in user name, the source and
the date on which the user was created (in unix time).
```json
{
"username": "my_user",
"source": "moonraker",
"created_on": 1618876783.8896716
}
```
@ -1972,13 +1981,15 @@ Content-Type: application/json
JSON-RPC request: Not Available
Returns: An object containing the created user name, an auth token,
a refresh token, and an action summary. Creating a user also effectively
logs the user in.
a refresh token, the source, and an action summary. Creating a user also
effectively logs the user in.
```json
{
"username": "my_user",
"token": "eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpc3MiOiAiTW9vbnJha2VyIiwgImlhdCI6IDE2MTg4NzY3ODMuODkxNjE5LCAiZXhwIjogMTYxODg4MDM4My44OTE2MTksICJ1c2VybmFtZSI6ICJteV91c2VyIiwgInRva2VuX3R5cGUiOiAiYXV0aCJ9.oH0IShTL7mdlVs4kcx3BIs_-1j0Oe-qXezJKjo-9Xgo",
"refresh_token": "eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpc3MiOiAiTW9vbnJha2VyIiwgImlhdCI6IDE2MTg4NzY3ODMuODkxNzAyNCwgImV4cCI6IDE2MjY2NTI3ODMuODkxNzAyNCwgInVzZXJuYW1lIjogIm15X3VzZXIiLCAidG9rZW5fdHlwZSI6ICJyZWZyZXNoIn0.a6ZeRjk8RQQJDDH0JV-qGY_d_HIgfI3XpsqUlUaFT7c",
"source": "moonraker",
"action": "user_created"
}
```
@ -2028,10 +2039,12 @@ Returns: A list of created users on the system
"users": [
{
"username": "testuser",
"source": "moonraker",
"created_on": 1618771331.1685035
},
{
"username": "testuser2",
"source": "ldap",
"created_on": 1620943153.0191233
}
]
@ -2076,11 +2089,12 @@ Content-Type: application/json
JSON-RPC request: Not Available
Returns: The username, new auth token, and action summary.
Returns: The username, new auth token, the source and action summary.
```json
{
"username": "my_user",
"token": "eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpc3MiOiAiTW9vbnJha2VyIiwgImlhdCI6IDE2MTg4NzgyNDMuNTE2Nzc5MiwgImV4cCI6IDE2MTg4ODE4NDMuNTE2Nzc5MiwgInVzZXJuYW1lIjogInRlc3R1c2VyIiwgInRva2VuX3R5cGUiOiAiYXV0aCJ9.Ia_X_pf20RR4RAEXcxalZIOzOBOs2OwearWHfRnTSGU",
"source": "moonraker",
"action": "user_jwt_refresh"
}
```