Need Help - FreeIPA in a docker container for DNS/LDAP server with Web UI or alternatives

[Marvin_The_Robot]

I need help figuring out my Homelab in a box.

I'm currently running an Asustor NAS with docker for most of my hosting applications.

I'd like to set up Authentik to log into the NAS with a single sign on.

I've figured out that the NAS only supports Web Portal, AD and LDAP logins.
 

So my plan is to have FreeIPA run a DNS server, run the LDAP server and be running a Web UI for easy config/management.

All of the docker-compose yaml's I've been able to find and tinker with don't seem to work for what I need.

Image of the planned set up attached.
So far I have got everything from the Cloudflare, through Nginx, through Authentik to Portainer via Oauth working.

 

I just need a solution for the NAS as it doesn't support Oauth.

 

If someone could point me in the right direction it would be a big help!!

 

Mostly stolen the YAML from here: https://stackoverflow.com/questions/71096130/freeipa-docker-compose-web-ui

 

The latest .yaml I have been trying to get to work is:
 

version: "3.8"
services:  
  freeipa:
    image: freeipa/freeipa-server:centos-8-stream
    hostname: sanctuary
    domainname: serv.sanctuary.local
    container_name: freeipa-dev
    ports:
      - 80:80
      - 443:443
      - 389:389
      - 636:636
      - 88:88
      - 464:464
      - 88:88/udp
      - 464:464/udp
      - 123:123/udp
    dns:
      - 192.168.50.1   #My Router IP
      - 1.1.1.1
      - 1.0.0.1
    restart: unless-stopped
    tty: true
    stdin_open: true
    environment:
      IPA_SERVER_HOSTNAME: serv.sanctuary.local
      IPA_SERVER_IP: 192.168.50.201   #My NAS IP
      TZ: "[My_Location_Here]"
    command:
      - -U
      - --domain=sanctuary.local
      - --realm=sanctuary.local
      - --admin-password=[My_Password0_Here]
      - --http-pin=[My_Password1_Here]
      - --dirsrv-pin=[My_Password2_Here]
      - --ds-password=[My_Password3_Here]
      - --no-dnssec-validation
      - --no-host-dns
      - --setup-dns
      - --auto-forwarders
      - --allow-zone-overlap
      - --unattended
    cap_add:
      - SYS_TIME
      - NET_ADMIN
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
      - /share/Docker/FreeIPASanc/data:/data    #NAS location easily accessible 
      - /share/Docker/FreeIPASanc/logs:/var/logs    #NAS location easily accessible 
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv6.conf.lo.disable_ipv6=0
    security_opt:
      - "seccomp:unconfined"
    labels:
      - dev

[unijab]

Ive never tried it as a container, but I ran it as a VM on CentOS 7

[Marvin_The_Robot]

I managed to get LDAP working following these instructions:

https://medium.com/@philippe_andreas/how-to-customized-ldap-schema-docker-image-for-a-symfony-4-project-df6efc806867

(and figuring out that the ASUSTOR NAS is looking for 'posixAccount' objectClass user accounts.)


Only issue now, is a limitation of the ASUSTOR ADM, where AD/LDAP users can't be made administrators, they can only get access to files and particular apps. Which is not very useful for my case.

So now I just need to find a way to get nginx to fill out and submit login credentials to the ASUSTOR ADM's https login page....

I think this is a project for another day...