Simple script to have LDAP authentication in Home Assistant Docker, using NGINX's ldap-auth container

Overview

Home Assistant LDAP Auth

Simple script to have LDAP authentication in Home Assistant Docker, using NGINX's ldap-auth container.

Usage

  • Deploy NGINX's ldap-auth container
  • Put the script and config file in the Home Assistant config directory
  • Adjust config file to match your environment
  • Configure Home Assistant auth provider
    auth_providers:
        - type: command_line
          name: 'LDAP'
          command: '/usr/local/bin/python3'
          args: ['/config/ldap-auth.py', '/config/ldap-auth.yaml']
          meta: false
  • Restart Home Assistant

Configuration

The following options are available:

Name Description
auth-url URL where the ldap-auth server can be found
ldap-url URL for the LDAP server (scheme://host:port)
ldap-basedn The Base DN to search for users
ldap-binddn The DN to use for binding to the directory (leave empty for anonymous binding)
ldap-bindpass The password for the configured Bind DN
ldap-template Template to find the user in the directory
ldap-starttls Wether to enable TLS encryption on the LDAP connection
ldap-realm The LDAP realm name

See this documentation for more information on possible values and defaults.

Under the hood

The NGINX ldap-auth container is controlled by sending specific headers that are sent with the authentication request. The script will set these headers with the values from the config files. Home Assistant will start the script with the username and password in environment variables, which are used as basic auth credentials to send a request to the auth-url. The ldap-auth container will in its turn verify the credentials at the LDAP server. If the credentials are correct, it will respond with HTTP code 200, otherwise 401. Based on this response code, the script will exit with or without an error so Home Assistant allows the user to enter or not.

Disclaimer

This was written for personal use, to re-enable LDAP authentication in the Home Assistant Docker image, which lacks the Python LDAP module as well as LDAP support in curl. There's hardly any error handling and I am in no way responsible for any security issues caused by the use of this script. Misconfigurations can expose your Home Assistant installation to malicious people.

NGINX does not supply Docker images for their container. Please note that someone else's image from a repository could expose your Home Assistant and/or leak your credentials so I'd recommend you to build your own.

Owner
Erik
Erik
Ini membuat tema berbasis bendera Indonesia with Python + Linux.py

tema Ubah Tema Termux Menjadi Linux Ubah Font Termux Jadi Linux dibuat oleh wahyudioputra INSTALL pkg update && pkg upgrade pkg install python pkg ins

wahyudioputra 2 Nov 30, 2021
Log4j vuln fuzz/scan with python

Log4jFuzz log4j vuln fuzz/scan USE // it's use localhost udp server to check target vuln. python3 log4jFuzz.py [option] optional arguments: -u URL,

VVzv 3 Dec 22, 2021
Simple script to have LDAP authentication in Home Assistant Docker, using NGINX's ldap-auth container

Home Assistant LDAP Auth Simple script to have LDAP authentication in Home Assistant Docker, using NGINX's ldap-auth container. Usage Deploy NGINX's l

Erik 1 Sep 21, 2022
Python & JavaScript Obfuscator made in Python 3.

Python Code Obfuscator A script that converts code into full on random numerical expressions. Simple Scripts: Python Mode... Input: Function that deco

rzx. 1 Dec 29, 2021
IP Denial of Service Vulnerability ")A proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability ")

CVE-2021-24086 This is a proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability "), a NULL dereference in tcpip.sys patc

Carry 1 Nov 25, 2021
VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read

vcenter_fileread_exploit VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read Usage python3 vCenter_fileread.py http(s)://ip Referen

Ashish Kunwar 4 Sep 23, 2022
This program is a WiFi cracker, you can test many passwords for a desired wifi to find the wifi password!

WiFi_Cracker About the Program: This program is a WiFi cracker! Just run code and select a desired wifi to start cracking 💣 Note: you can use this pa

Sina.f 13 Dec 08, 2022
An open-source post-exploitation framework for students, researchers and developers.

Questions? Join the Discord support server Disclaimer: This project should be used for authorized testing or educational purposes only. BYOB is an ope

dvm 8.1k Dec 31, 2022
♻️ Password Generator (PSG) 📚 This plugin is made for more familiarity with Python, but can also be used to create passwords

About Tool This plugin is made for more familiarity with Python, but can also be used to create passwords.

STgazing 2 Jul 23, 2022
How to exploit a double free vulnerability in 2021. 'Use-After-Free for Dummies'

This bug doesn’t exist on x86: Exploiting an ARM-only race condition How to exploit a double free and get a shell. "Use-After-Free for dummies" In thi

Stephen Tong 1.2k Dec 25, 2022
Attack SQL Server through gopher protocol

Attack SQL Server through gopher protocol

hack2fun 17 Nov 30, 2022
OSINT Cybersecurity Tools

OSINT Cybersecurity Tools Welcome to the World of OSINT: An ongoing collection of awesome tools and frameworks, best security software practices, libr

Paul Veillard, P. Eng 7 Jul 01, 2022
Yet another web fuzzer

yafuzz Yet another web fuzzer Usage This script can run in two modes of operation. Supplying a wordlist -W argument will initiate a multithreaded fuzz

FooBallZ 5 Feb 02, 2022
M.E.A.T. - Mobile Evidence Acquisition Toolkit

M.E.A.T. - Mobile Evidence Acquisition Toolkit Meet M.E.A.T! From Jack Farley - BlackStone Discovery This toolkit aims to help forensicators perform d

1 Nov 11, 2021
Tool ini berfungsi untuk membuat virus secara instan

vbug (ID) Tool ini berfungsi untuk membuat virus secara instan. Dengan begitu pengguna vbug maker dapat menggunakannya dengan mudah dan cepat. Di dala

OneTXz 3 Jun 05, 2022
A token logger for discord + steals Brave/Chrome passwords and usernames

Backdoor Machine - ❗ For educational purposes only ❗ A program made in python for stealing passwords and usernames from Google Chrome/Brave and tokenl

36 Jul 18, 2021
AttractionFinder - 2022 State Qualified FBLA Attraction Finder Application

Attraction Finder Developers: Riyon Praveen, Aaron Bijoy, & Yash Vora How It Wor

$ky 2 Feb 09, 2022
Just your basic port scanner - with multiprocessing capabilities & further nmap enumeration.

Just-Your-Basic-Port-Scanner Just your basic port scanner - with multiprocessing capabilities & further nmap enumeration. Use at your own discretion,

Edward Zhou 0 Nov 06, 2021
Python script that sends CVE-2021-44228 log4j payload requests to url list

scan4log4j Python script that sends CVE-2021-44228 log4j payload requests to url list [VERY BETA] using Supply your url list to urls.txt Put your payl

elyesa 5 Nov 09, 2022