As you may know, my website runs on Grav - A flatfile CMS, I run it this way for a number of reasons, but the biggest one is debloat - I dont need any fancy-pants element editors, I just need a simple place to dump text which gets displayed on the web. Grav does this for me, and even has an admin plugin, which is nice. However, what I don't find nice is having multiple passwords, and this is why I run my own FreeIPA (more specifically CentOS Identity Management) server.

Grav has 3 main ways it can login, Local (a bunch of YAML file on disk for accounts), OAuth2 (that fancy Signin with Google/GitHub/Microsoft button you see around) and LDAP. The 2 ways I could have gone are OAuth2, using a service such as Keycloak to connect in with FreeIPA, and LDAP. I choose LDAP because FreeIPA already runs such a server.

What is LDAP anyways?

LDAP (Lightweight Directory Access Protocol) is a protocol which allows access to a directory of many things, but is usually used for providing access to users, printers and other network items you would see in an enterprise. Lets take for example Microsoft, If you wanted to find Bill Gate's email internally, you could do a lookup with LDAP and look him up by name, and be able to see a little profile about him, and every other Microsoft employee. LDAP also provides access to network resources with Active Directory/Windows, but thats out of this scope.

Linking Grav to LDAP

Now that we have an understanding on what LDAP is, lets get integrating!

First up we are going to need to create 2 groups within FreeIPA