-
Hi All, I do not feel confident in exposing the main lldap site, as this is the backbone in my auth flow, using authelia with oauth etc. I do however need my users being able to access the reset password feature. The lldap is currently on availabe for the admins. I initially tried blocking all of lldap-ish.domain.tdl except lldap-ish.domain.tdl/reset-password, howvever several recourses are loaded from the root /. After going through the loaded resources, I have exposed below, without any auth. (Snip from Authelia config)
I cannot however figure out if this is safe. I do not like exposing ANY of lldap, however as I need to, I like a second opinion on what to expose. I wish to obviously expose as little as possible, however the reset password functionality is quire essential. Thanks in advance. /Benjamin |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 5 replies
-
Hey! It should be fairly safe to expose LLDAP to the internet. Now, I understand that this is not much reassurance if you're cautious. I see a few ways to only expose the necessary functionality:
|
Beta Was this translation helpful? Give feedback.
Hey! It should be fairly safe to expose LLDAP to the internet. Now, I understand that this is not much reassurance if you're cautious.
I see a few ways to only expose the necessary functionality: