New Function

[mcordes92]

Hello, I would like to throw a new function into the ring.

LDAP integration

I would also be happy to offer myself as a test person here, as we already have a functioning LDAP structure.

If there is interest, we can also discuss it in a conversation.

Best regards

Marvin

[eduardogsilva]

Thank you for the suggestion.

Please clarify what you are trying to achieve.
Is it for peers or for user authentication?

Can you detail a bit more about your integration request?

Cheers!

[mcordes92]

It would be nice if it were possible for both peer provision and user administration.

In my opinion, I would assign a group to a user in LDAP and as soon as he has this group, a peer is automatically created.

It would also be nice if the user then logs into wireguard_webadmin so that he can only see his peers and then download the QR code or the file, for example, but he should not be able to make any changes to the peer.

It would also be nice if I could assign values ​​to an LDAP group so that I can say, for example, that group 1 can access a certain IP range and group 2 can access another.

[eduardogsilva]

Hello @mcordes92 sorry for taking so long to answer you.

I don't believe that a direct LDAP integration would be very popular feature, so at this moment, it won't be implemented, but I can give you a suggestion:

First, let's break this on 3 features:

• webif User authentication
• webif User permissions for some hosts only
• wg peer provisioning

webif User authentication

I already built an external authentication api for connection with my other project "routerfleet". Maybe I should make the endpoint name more generic and document it. (It's documented only at routerfleet project)
You could use this implementation as base for authenticating ldap users to the webif.
As an example: you will create a php, python or any other language, that would authenticate your user against your ldap, after it's authenticated, you would create the user session on wireguard_webadmin.

you can use the launch_wireguard_webadmin view as an example.

https://github.com/eduardogsilva/routerfleet/blob/main/integration_manager/views.py#L20

if the user does not exist, it will be created with the default user level informed. the options are:
(0, 'Do not create users'),
(10, 'Debugging Analyst'),
(20, 'View Only User'),
(30, 'Peer Manager'),
(40, 'Manager'),
(50, 'Administrator')

To create the routerfleet key, open your main wireguard_webadmin container and run: cat /proc/sys/kernel/random/uuid > /etc/wireguard/routerfleet_key

I'm sorry, this feature should be a lot better documented.

webif User permissions for some hosts only
It will be implemented soon #29

wg peer provisioning
Not planned at this moment, I would need some more information on use case.

I'm on the last steps of releasing my hotspot management system, if things go as planned, I will come back to this project soon. I just need to finish other big thing first.

Cheers!

[eduardogsilva]

If you want to display information elsewhere, you can use the API to query peer information.

#15

[mcordes92]

I don't know if I can do that right away. Maybe we could talk about it when you get back to the project.