summary refs log tree commit diff
path: root/develop/print.html
diff options
context:
space:
mode:
Diffstat (limited to 'develop/print.html')
-rw-r--r--develop/print.html33
1 files changed, 33 insertions, 0 deletions
diff --git a/develop/print.html b/develop/print.html

index 6efc5133c8..0c535ea056 100644
--- a/develop/print.html
+++ b/develop/print.html
@@ -6442,6 +6442,39 @@ to install Dex.</p>
         localpart_template: &quot;{{ user.preferred_username }}}&quot;
         display_name_template: &quot;{{ user.preferred_username|capitalize }}&quot; # TO BE FILLED: If your users have names in Authentik and you want those in Synapse, this should be replaced with user.name|capitalize.
 </code></pre>
+<h3 id="lemonldap"><a class="header" href="#lemonldap">LemonLDAP</a></h3>
+<p><a href="https://lemonldap-ng.org/">LemonLDAP::NG</a> is an open-source IdP solution.</p>
+<ol>
+<li>Create an OpenID Connect Relying Parties in LemonLDAP::NG</li>
+<li>The parameters are:</li>
+</ol>
+<ul>
+<li>Client ID under the basic menu of the new Relying Parties (<code>Options &gt; Basic &gt; Client ID</code>)</li>
+<li>Client secret (<code>Options &gt; Basic &gt; Client secret</code>)</li>
+<li>JWT Algorithm: RS256 within the security menu of the new Relying Parties
+(<code>Options &gt; Security &gt; ID Token signature algorithm</code> and <code>Options &gt; Security &gt; Access Token signature algorithm</code>)</li>
+<li>Scopes: OpenID, Email and Profile</li>
+<li>Allowed redirection addresses for login (<code>Options &gt; Basic &gt; Allowed redirection addresses for login</code> ) :
+<code>[synapse public baseurl]/_synapse/client/oidc/callback</code></li>
+</ul>
+<p>Synapse config:</p>
+<pre><code class="language-yaml">oidc_providers:
+  - idp_id: lemonldap
+    idp_name: lemonldap
+    discover: true
+    issuer: &quot;https://auth.example.org/&quot; # TO BE FILLED: replace with your domain
+    client_id: &quot;your client id&quot; # TO BE FILLED
+    client_secret: &quot;your client secret&quot; # TO BE FILLED
+    scopes:
+      - &quot;openid&quot;
+      - &quot;profile&quot;
+      - &quot;email&quot;
+    user_mapping_provider:
+      config:
+        localpart_template: &quot;{{ user.preferred_username }}}&quot;
+        # TO BE FILLED: If your users have names in LemonLDAP::NG and you want those in Synapse, this should be replaced with user.name|capitalize or any valid filter.
+        display_name_template: &quot;{{ user.preferred_username|capitalize }}&quot;
+</code></pre>
 <h3 id="github"><a class="header" href="#github">GitHub</a></h3>
 <p><a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">GitHub</a> is a bit special as it is not an OpenID Connect compliant provider, but
 just a regular OAuth2 provider.</p>
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-04-27 04:34:40 +0000