Is there any service that will speak LDAP but just respond with the local UNIX users?

Right now I have good management for local UNIX users but every service wants to do its own auth. This means that it is a pain of remembering different passwords, configuring passwords on setting up a new service and whatnot.

I noticed that a lot of services support LDAP auth, but I don’t want to make my UNIX user accounts depend on LDAP for simplicity. So I was wondering if there was some sort of shim that will talk the LDAP protocol but just do authentication against the regular user database (PAM).

The closest I have seen is the services.openldap.declarativeContents NixOS option which I can probably use by transforming my regular UNIX settings into an LDAP config at build time, but I was wondering if there was anything simpler.

(Related note: I really wish that services would let you specify the user via HTTP header, then I could just manage auth at the reverse-proxy without worrying about bugs in the service)

  • kevincox@lemmy.mlOP
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    I do use a reverse proxy but for various reasons you can’t just block off some apps. For example if you want to play Jellyfin on a Chromecast or similar, or PhotoPrism if you want to use sharing links. Unfortunately these systems are designed around the built-in auth and you can’t just slap a proxy in front.

    I do use nginx with basic with in front of services where I can. I trust nginx much more than 10 different services with varying quality levels. But unfortunately not all services play well.

    • Shimitar@feddit.it
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Never found a service that don’t work with nginx reverse proxy.

      My jelly fin does.

      Don’t run photoprims tough…

      • kevincox@lemmy.mlOP
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        Are you doing auth in the reverse proxy for Jellyfin? Do you use Chromecast or any non-web interface? If so I’m very interested how you got it to work.

        • Shimitar@feddit.it
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          This is my jellyfin nginx setup: https://wiki.gardiol.org/doku.php?id=services:jellyfin#reverse-proxy_configuration

          currently i don’t use any proxy related authentication because i need to find the time to work with the plugins in Jellyfin. I don’t have any chromecast, but i do regularly use the Android Jellyfin app just fine.

          I expect, using the OIDC plugin in jellyfin, that Jellyfin will still manage the login via Authelia itself, so i do not expect much changes in NGINX config (except, maybe, adding the endpoints).

          • kevincox@lemmy.mlOP
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            2 months ago

            Ah ok. You aren’t doing auth. I don’t understand how this is relevant.