docker.recipes

LLDAP

intermediate

Lightweight LDAP server with web UI.

Overview

LLDAP (Light LDAP) is a modern, lightweight LDAP server implementation written in Rust that prioritizes simplicity and security over feature completeness. Unlike traditional LDAP servers like OpenLDAP or Active Directory, LLDAP focuses on providing essential directory services with a user-friendly web interface, making LDAP authentication accessible to smaller organizations and homelab environments. The project emerged from the need for a simpler alternative to complex enterprise LDAP solutions, offering just the core functionality most applications require for user authentication and group management. This Docker deployment creates a complete authentication directory service with both LDAP protocol access on port 3890 and a modern React-based web management interface on port 17170. LLDAP implements a simplified LDAP schema that supports user accounts, groups, and basic attributes while maintaining compatibility with applications expecting standard LDAP directory structures. The container includes SQLite as the backend database, JWT-based session management for the web UI, and bcrypt password hashing for security. This stack is ideal for small to medium organizations, homelab enthusiasts, and developers who need centralized authentication without the complexity of enterprise LDAP solutions. System administrators managing multiple self-hosted applications will find LLDAP particularly valuable for implementing single sign-on across services like Nextcloud, Grafana, GitLab, and other LDAP-compatible applications. The web interface makes user management accessible to non-technical staff, while the lightweight resource footprint makes it suitable for deployment on modest hardware or cloud instances.

Key Features

  • Web-based user and group management interface with modern React frontend eliminating command-line LDAP administration
  • SQLite backend database requiring no external database setup or maintenance overhead
  • JWT-based web session authentication with configurable secret keys for secure admin access
  • Simplified LDAP schema supporting essential attributes while maintaining compatibility with common applications
  • bcrypt password hashing with configurable rounds for secure credential storage
  • Built-in LDAP protocol server supporting both anonymous and authenticated bind operations
  • Group membership management with nested group support for complex organizational structures
  • Configurable base DN structure allowing integration with existing domain naming conventions

Common Use Cases

  • 1Homelab authentication server for self-hosted applications like Nextcloud, Jellyfin, and Bookstack
  • 2Small business centralized user management replacing individual application user databases
  • 3Development environment LDAP testing without deploying full Active Directory infrastructure
  • 4Startup authentication backend before scaling to enterprise directory services
  • 5Educational institution student and faculty directory for campus applications
  • 6Non-profit organization volunteer and staff management system with role-based access
  • 7Containerized authentication service for Kubernetes clusters requiring LDAP integration

Prerequisites

  • Minimum 512MB RAM allocation for SQLite database operations and web interface serving
  • Available ports 3890 (LDAP) and 17170 (web UI) not conflicting with existing services
  • Strong JWT secret key and admin password defined in environment variables
  • Understanding of LDAP distinguished name (DN) structure for proper base DN configuration
  • Basic knowledge of LDAP bind operations for integrating client applications
  • Docker volume permissions allowing UID/GID 1000 write access to persistent data directory

For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms

docker-compose.yml

docker-compose.yml
1services: 
2  lldap: 
3    image: lldap/lldap:stable
4    container_name: lldap
5    restart: unless-stopped
6    environment: 
7      UID: 1000
8      GID: 1000
9      TZ: UTC
10      LLDAP_JWT_SECRET: ${JWT_SECRET}
11      LLDAP_LDAP_USER_PASS: ${ADMIN_PASSWORD}
12      LLDAP_LDAP_BASE_DN: dc=example,dc=com
13    volumes: 
14      - lldap_data:/data
15    ports: 
16      - "3890:3890"
17      - "17170:17170"
18
19volumes: 
20  lldap_data:

.env Template

.env
1JWT_SECRET=generate-random-secret
2ADMIN_PASSWORD=changeme

Usage Notes

  1. 1Docs: https://github.com/lldap/lldap
  2. 2Web UI at http://localhost:17170 - login as admin
  3. 3LDAP server on port 3890 for application integrations
  4. 4Lightweight alternative to OpenLDAP - simpler to configure
  5. 5Change LLDAP_LDAP_BASE_DN to match your domain (dc=yourdomain,dc=com)
  6. 6Bind DN format: uid=admin,ou=people,dc=example,dc=com

Quick Start

terminal
1# 1. Create the compose file
2cat > docker-compose.yml << 'EOF'
3services:
4  lldap:
5    image: lldap/lldap:stable
6    container_name: lldap
7    restart: unless-stopped
8    environment:
9      UID: 1000
10      GID: 1000
11      TZ: UTC
12      LLDAP_JWT_SECRET: ${JWT_SECRET}
13      LLDAP_LDAP_USER_PASS: ${ADMIN_PASSWORD}
14      LLDAP_LDAP_BASE_DN: dc=example,dc=com
15    volumes:
16      - lldap_data:/data
17    ports:
18      - "3890:3890"
19      - "17170:17170"
20
21volumes:
22  lldap_data:
23EOF
24
25# 2. Create the .env file
26cat > .env << 'EOF'
27JWT_SECRET=generate-random-secret
28ADMIN_PASSWORD=changeme
29EOF
30
31# 3. Start the services
32docker compose up -d
33
34# 4. View logs
35docker compose logs -f

One-Liner

Run this command to download and set up the recipe in one step:

terminal
1curl -fsSL https://docker.recipes/api/recipes/lldap/run | bash

Troubleshooting

  • Login failed for admin user: Verify LLDAP_LDAP_USER_PASS environment variable matches attempted password and container has restarted after changes
  • Applications cannot bind to LDAP server: Check that base DN format matches LLDAP_LDAP_BASE_DN and use full bind DN format uid=username,ou=people,dc=example,dc=com
  • Web interface shows 'Invalid JWT token': Generate new LLDAP_JWT_SECRET value, update environment variable, and restart container to refresh authentication
  • Permission denied writing to /data volume: Ensure Docker volume or bind mount allows write access for UID 1000 or adjust container UID/GID environment variables
  • LDAP queries return no results: Verify client applications use correct base DN structure and that users exist in ou=people organizational unit
  • Container fails to start with database errors: Remove lldap_data volume to reset SQLite database or check available disk space for database growth

Community Notes

Loading...
Loading notes...

Download Recipe Kit

Get all files in a ready-to-deploy package

Includes docker-compose.yml, .env template, README, and license

Components

lldap

Tags

#lldap#ldap#authentication#directory

Category

Security & Networking

Related Recipes

Ad Space