Dex OIDC provider backend for DNS3L
docker pull ghcr.io/dns3l/auth
| variable | note | default |
|---|---|---|
| ENVIRONMENT | production or other deployments |
|
| DEX_URL | published Dex endpoint | http://localhost:5556/auth |
| DNS3L_URL | published DNS3L endpoint | http://localhost:3000 |
| HELP_URL | provide help regarding auth | https://github.com/dns3l/dns3l |
| DNS3L_USER | local account(s) UID | certbot |
| DNS3L_USERNAME | local account username | CertBOT |
| DNS3L_USERMAIL | local account e-mail | [email protected] |
| DNS3L_PASS | local account(s) password | random |
| DNS3L_CLI_SECRET | CLI shared secret | random |
| LDAP_CONNECTOR_NAME | UI display name | LDAP |
| LDAP_CONNECTOR_HOST | AD/LDAP server | localhost:636 |
| LDAP_CONNECTOR_PROMPT | UI prompt | LDAP Username |
| LDAP_TLS_VERIFY | enforce TLS validation | no |
| LDAP_STARTTLS | use STARTTLS |
no |
| LDAP_BindDN | DN to bind | |
| LDAP_BindPW | password for bind DN | |
| LDAP_USER_BASE | ldap connector | ou=users,dc=localhost |
| LDAP_USER_FILTER | ldap connector | (objectClass=*) |
| LDAP_GROUP_BASE | ldap connector | ou=groups,dc=localhost |
| LDAP_GROUP_FILTER | ldap connector | (objectClass=*) |
| LDAP_USER_ID_ATTR | ldap connector | DN |
| LDAP_USER_UID_ATTR | ldap connector | sAMAccountName |
| LDAP_USER_MAIL_ATTR | ldap connector | mail |
| LDAP_USER_NAME_ATTR | ldap connector | displayName |
| LDAP_GROUP_NAME_ATTR | ldap connector | cn |
| LDAP_GROUP_USER_ATTR | ldap connector | DN |
| LDAP_GROUP_MEMBER_ATTR | ldap connector | member |
If ENVIRONMENT is production and LDAP_BindDN, LDAP_BindPW are set the LDAP connector is configured only.
Mount a custom dex config to /etc/dex.conf.yml if environment based template seems not sufficient.