From f3e2f8c52d46550148edc2ecbc7493d83d2227d6 Mon Sep 17 00:00:00 2001 From: jakob42 Date: Mon, 11 Dec 2023 10:53:53 +0100 Subject: [PATCH] example_configs: Add Kasm configuration example --- README.md | 1 + example_configs/kasm.md | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 example_configs/kasm.md diff --git a/README.md b/README.md index 650da22..6dcec51 100644 --- a/README.md +++ b/README.md @@ -316,6 +316,7 @@ folder for help with: - [Jellyfin](example_configs/jellyfin.md) - [Jenkins](example_configs/jenkins.md) - [Jitsi Meet](example_configs/jitsi_meet.conf) +- [Kasm](example_configs/kasm.md) - [KeyCloak](example_configs/keycloak.md) - [LibreNMS](example_configs/librenms.md) - [Mastodon](example_configs/mastodon.env.example) diff --git a/example_configs/kasm.md b/example_configs/kasm.md new file mode 100644 index 0000000..0dea0c1 --- /dev/null +++ b/example_configs/kasm.md @@ -0,0 +1,19 @@ +# Configuration for Kasm + +In Kasm, go to *Admin* -> *Authentication* -> *LDAP* and add a configuration. +- *Name*: whatever you like +- *Url* is your lldap host (or IP) and port, e.g. `ldap://lldap.example.com:3890` +- *Search Base* is is your base dn, e.g `dc=example,dc=com` +- *Search Filter* is `(&(objectClass=person)(uid={0})(memberof=cn=kasm,ou=groups,dc=example,dc=com))`. Replace `cn=kasm,ou=groups,dc=example,dc=com` with the dn to the group necessary to login to Kasm. +- *Group Membership Filter* `(&(objectClass=groupOfUniqueNames)(member={0}))` +- *Email attribute* `mail` +- *Service Account DN* a lldap user, preferably not a admin but a member of the group `lldap_strict readonly`. Mine is called `cn=query,ou=people,dc=example,dc=com` +- *Service Account Password*: querys password +- Activate *Search Subtree*, *Auto Create App User* and *Enabled* +- under *Attribute Mapping* you can map the following: + - *Email* -> `mail` + - *First Name* -> `givenname` + - *Last Name* -> `sn` +- If you want to map groups from your lldap to Kasm, edit the group, scroll to *SSO Group Mappings* and add a new SSO mapping: + - select your lldap as provider + - *Group Attributes* is the full DN of your group, e.g. `cn=kasm_moreaccess,ou=groups,dc=example,dc=com`