Using OpenLDAP with Home Assistant
You will be able to use the OpenLDAP user authentication/login capabilities to better protect your users' privacy and security
Table of Contents
Home Assistant configures ldap auth via the Command Line Auth Provider. The wiki mentions a script that can be used for LDAP authentication, but it doesn’t work in the container version (it is lacking both ldapsearch
and curl
ldap protocol support). Thankfully OpenLDAP has a graphql API to save the day!
Graphql-based Auth Script
The auth script attempts to authenticate a user against an OpenLDAP server, using credentials provided via username
and password
environment variables. The first argument must be the URL of your OpenLDAP server, accessible from Home Assistant. You can provide an additional optional argument to confine allowed logins to a single group. The script will output the user’s display name as the name
variable, if not empty.
- Copy the auth script to your home assistant instance. In this example, we use
/config/ldap-ha-auth.sh
.- Set the script as executable by running
chmod +x /config/ldap-ha-auth.sh
- Set the script as executable by running
- Add the following to your configuration.yaml in Home assistant:
homeassistant:
auth_providers:
# Ensure you have the homeassistant provider enabled if you want to continue using your existing accounts
- type: homeassistant
- type: command_line
command: /config/ldap-ha-auth.sh
# Only allow users in the 'homeassistant_user' group to login.
# Change to ["https://ldap.example.com"] to allow all users
args: ["https://ldap.example.com", "homeassistant_user"]
meta: true
- Reload your config or restart Home Assistant