Simple script to have LDAP authentication in Home Assistant Docker, using NGINX's ldap-auth container

Overview

Home Assistant LDAP Auth

Simple script to have LDAP authentication in Home Assistant Docker, using NGINX's ldap-auth container.

Usage

  • Deploy NGINX's ldap-auth container
  • Put the script and config file in the Home Assistant config directory
  • Adjust config file to match your environment
  • Configure Home Assistant auth provider
    auth_providers:
        - type: command_line
          name: 'LDAP'
          command: '/usr/local/bin/python3'
          args: ['/config/ldap-auth.py', '/config/ldap-auth.yaml']
          meta: false
  • Restart Home Assistant

Configuration

The following options are available:

Name Description
auth-url URL where the ldap-auth server can be found
ldap-url URL for the LDAP server (scheme://host:port)
ldap-basedn The Base DN to search for users
ldap-binddn The DN to use for binding to the directory (leave empty for anonymous binding)
ldap-bindpass The password for the configured Bind DN
ldap-template Template to find the user in the directory
ldap-starttls Wether to enable TLS encryption on the LDAP connection
ldap-realm The LDAP realm name

See this documentation for more information on possible values and defaults.

Under the hood

The NGINX ldap-auth container is controlled by sending specific headers that are sent with the authentication request. The script will set these headers with the values from the config files. Home Assistant will start the script with the username and password in environment variables, which are used as basic auth credentials to send a request to the auth-url. The ldap-auth container will in its turn verify the credentials at the LDAP server. If the credentials are correct, it will respond with HTTP code 200, otherwise 401. Based on this response code, the script will exit with or without an error so Home Assistant allows the user to enter or not.

Disclaimer

This was written for personal use, to re-enable LDAP authentication in the Home Assistant Docker image, which lacks the Python LDAP module as well as LDAP support in curl. There's hardly any error handling and I am in no way responsible for any security issues caused by the use of this script. Misconfigurations can expose your Home Assistant installation to malicious people.

NGINX does not supply Docker images for their container. Please note that someone else's image from a repository could expose your Home Assistant and/or leak your credentials so I'd recommend you to build your own.

Owner
Erik
Erik
This script allows you to make a onion host instantly.

Installation It only works in Debian based Linux distros. Clone the repo: git clone https://github.com/0xStevenson/Auto-Tor-Host.git Go to the direct

Steven 4 Feb 22, 2022
BF-Hash - A Python Tool to decrypt hashes by brute force

BF-Hash Herramienta para descifrar hashes por fuerza bruta Instalación git clone

5 Apr 09, 2022
一款针对向日葵的识别码和验证码提取工具

Sunflower_get_Password 一款针对向日葵的识别码和验证码提取工具 👮🏻‍♀️ 免责声明 由于传播、利用Sunflower_get_Password工具提供的功能而造成的任何直接或者间接的后果及损失,均由使用者本人负责,本人不为此承担任何责任。 安装环境 本工具使用Python

635 Dec 20, 2022
Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples Above is an adversarial example: the slightly pert

Anish Athalye 838 Dec 18, 2022
A Python Scanner for log4j

log4j-Scanner scanner for log4j cat web-urls.txt | python3 log4j.py ID.burpcollaborator.net web-urls.txt http://127.0.0.1:8080 https://www.google.c

Ihebski 5 Jun 26, 2022
AutoScan 有多个目标时,调用xray+rad进行自动扫描

Usage: 在高级版Xray和rad同目录下运行 python3 X-AutoXray.py xxxx.txt 写的蛮人性化的哦,os,linux,windows通用 生成的xray报告会在当前目录的/result下面 Ctrl+c 打断脚本运行时还可以结算扫描进度,生成已扫描和未扫描的进度文件,

斯文 73 Jan 01, 2023
A hack for writing switch statements with type annotations in Python.

py_annotation_switch A hack for writing switch statements in type annotations for Python. Why should I use this? You most definitely should not use th

6 Oct 17, 2021
A gui application used for network reconnaissance while pentesting

netrecon A gui application used for network reconnaissance while pentesting

Krisna Pranav 4 Sep 03, 2022
This is tools hacking for scan vuln in port web, happy using

Xnuvers007 PortInjection this is tools hacking for scan vuln in port web, happy using view/show python 3.9 solo coder (tangerang) 19 y/o installation

XnuxersXploitXen 6 Dec 24, 2022
PortSwigger Burp Plugin for the Log4j (CVE-2021-44228)

yLog4j This is Y-Sec's @PortSwigger Burp Plugin for the Log4j CVE-2021-44228 vulnerability. The focus of yLog4j is to support mass-scanning of the Log

Y-Security 1 Jan 31, 2022
A blind SQL injection script that uses binary search aka bisection method to dump datas from database.

Blind SQL Injection I wrote this script to solve PortSwigger Web Security Academy's particular Blind SQL injection with conditional responses lab. Bec

Şefik Efe 2 Oct 29, 2022
Getting my gitlab commit history into github

🔰 ᵀᴱᴸᴱᴳᴿᴬᴹ ᴴᴬᶜᴷ ᴮᴼᵀ 🔰 The owner would not be responsible for any kind of bans due to the bot. • ⚡ INSTALLING ⚡ • • 🛠️ Lᴀɴɢᴜᴀɢᴇs Aɴᴅ Tᴏᴏʟs 🔰 • If

Santiago Chiesa 1 Dec 24, 2021
A repository to detect the ARP spoofing in any devices and prevent Man in the Middle(MITM) attack using Python3

arp_spoof_detector A repository to detect the ARP spoofing in any devices and prevent Man in the Middle(MITM) attack using Python3 Usage: git clone ht

Surya Das N 1 Oct 30, 2021
PySharpSphere - Inspired by SharpSphere, just another python version

PySharpSphere Inspired by SharpSphere, just another python version. Installation python3 setup.py install Features Support control both Linux and Wind

Ricter Zheng 191 Dec 22, 2022
WpDisect is a wordpress hacking tool that finds vulnerabilities in wordpress.

wpdisect WpDisect is a wordpress hacking tool that finds misconfigurations in wordpress. Prerequisites You need to download wordpress in the wpdisect

3 Feb 20, 2022
Coerce authentication from Windows hosts via MS-FSRVP (Requires FS-VSS-AGENT service running on host)

VSSTrigger Coerce authentication from Windows hosts via MS-FSRVP (Requires FS-VS

Filip Dragovic 6 Jul 24, 2022
CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE

CVE-2022-1388 CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE. POST /mgmt/tm/util/bash HTTP/1.1 Host: Accept-Encoding: gzip, deflate Accept: */

M4rtin Hsu 81 Dec 12, 2022
Python sandbox runners for executing code in isolation aka snekbox.

Python sandbox runners for executing code in isolation aka snekbox.

Python Discord 164 Dec 20, 2022
Colin O'Flynn's Hacakday talk at Remoticon 2021 support repo.

Hardware Hacking Resources This repo holds some of the examples used in Colin's Hardware Hacking talk at Remoticon 2021. You can see the very sketchy

Colin O'Flynn 19 Sep 12, 2022
Log4j rce test environment and poc

log4jpwn log4j rce test environment See: https://www.lunasec.io/docs/blog/log4j-zero-day/ Experiments to trigger in various software products mentione

Leon Jacobs 307 Dec 24, 2022