Add LDAP integration

megabyte-labs · Nov 24, 2023 · f3e9cd0 · f3e9cd0
1 parent deb318a
commit f3e9cd0
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 2 deletions.
diff --git a/home/dot_local/etc/sftpgo/sftpgo.json → home/dot_local/etc/sftpgo/sftpgo.json.tmpl b/home/dot_local/etc/sftpgo/sftpgo.json → home/dot_local/etc/sftpgo/sftpgo.json.tmpl
@@ -412,5 +412,22 @@
       "domain": "",
       "templates_path": "templates"
     },
-    "plugins": []
-}
+     "plugins": [
+      {
+        "cmd": "/usr/local/bin/sftpgo-plugin-auth",
+        "type": "auth",
+        "auth_options": {
+          "scope": 1
+        },
+        "args": [
+          "serve",
+          "--ldap-url=ldap://ldap.jumpcloud.com:389",
+          "--ldap-base-dn=ou=Users,o={{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "JUMPCLOUD_ORG_ID")) }}{{ includeTemplate "secrets/JUMPCLOUD_ORG_ID" | decrypt | trim }}{{ else }}{{ env "JUMPCLOUD_ORG_ID" }},dc=jumpcloud,dc=com",
+          "--ldap-bind-dn=uid={{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "JUMPCLOUD_BINDDN_USER")) }}{{ includeTemplate "secrets/JUMPCLOUD_BINDDN_USER" | decrypt | trim }}{{ else }}{{ env "JUMPCLOUD_BINDDN_USER" }},ou=Users,o={{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "JUMPCLOUD_ORG_ID")) }}{{ includeTemplate "secrets/JUMPCLOUD_ORG_ID" | decrypt | trim }}{{ else }}{{ env "JUMPCLOUD_ORG_ID" }},dc=jumpcloud,dc=com",
+          "--ldap-password={{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "JUMPCLOUD_BINDDN_PASSWORD")) }}{{ includeTemplate "secrets/JUMPCLOUD_BINDDN_PASSWORD" | decrypt | trim }}{{ else }}{{ env "JUMPCLOUD_BINDDN_PASSWORD" }}",
+          "--ldap-search-query=(objectClass=inetOrgPerson)"
+        ],
+        "auto_mtls": true
+      }
+    ]
+  }
diff --git a/software.yml b/software.yml
@@ -8401,6 +8401,8 @@ softwarePackages:
   sftpgo:
     _bin: sftpgo
     _desc: Fully featured and highly configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support - S3, Google Cloud Storage, Azure Blob
+    _deps:
+      - sftpgo-plugin-auth
     _docs: null
     _github: https://github.com/drakkan/sftpgo
     _home: null
@@ -8413,6 +8415,14 @@ softwarePackages:
     github: github.com/drakkan/sftpgo
     pkg: sftpgo
     yay: sftpgo-bin
+  sftpgo-plugin-auth:
+    _bin: sftpgo-plugin-auth
+    _desc: A plugin for SFTPGo to enable LDAP/Active Directory authentication
+    _docs: null
+    _github: https://github.com/sftpgo/sftpgo-plugin-auth
+    _home: null
+    _name: sftpgo-plugin-auth
+    github: github.com/sftpgo/sftpgo-plugin-auth
   share:
     _bin: share
     _desc: Quickly share files from your command line