mirror of https://github.com/kanidm/kanidm.git synced 2025-02-24 04:57:00 +01:00

1481 2024 access control rework (#2366 )

Rework default access controls to better separate roles and access profiles.

2023-12-17 23:10:13 +00:00

1.9 KiB

Raw Blame History

Evaluation Quickstart

This section will guide you through a quick setup of Kanidm for evaluation. It's recommended that for a production deployment you follow the steps in the installation chapter instead as there are a number of security considerations you should be aware of for production deployments.

Requirements

docker or podman
x86_64 cpu supporting x86_64_v2 OR aarch64 cpu supporting neon

Get the software

docker pull kanidm/server:latest

Configure the container

docker volume create kanidmd
docker create --name kanidmd \
  -p 443:8443 \
  -p 636:3636 \
  -v kanidmd:/data \
  kanidm/server:latest

Configure the server

Create server.toml

{{#rustdoc_include ../../examples/server_container.toml}}

Add configuration to container

docker cp server.toml kanidmd:/data/server.toml

Generate evaluation certificates

docker run --rm -i -t -v kanidmd:/data \
  kanidm/server:latest \
  kanidmd cert-generate

Start Kanidmd Container

docker start kanidmd

Recover the Admin Role Passwords

The admin account is used to configure Kanidm itself.

docker exec -i -t kanidmd \
  kanidmd recover-account admin

The idm_admin account is used to manage persons and groups.

docker exec -i -t kanidmd \
  kanidmd recover-account idm_admin

Setup the client configuration

# ~/.config/kanidm

uri = "https://localhost:443"
verify_ca = false

kanidm login --name idm_admin

Create an account for yourself

kanidm person create <your username> <Your Displayname>

Setup your account credentials

kanidm person credential create-reset-token <your username>

Then follow the presented steps.

What next?

You can now follow the steps in the administration section

1.9 KiB Raw Blame History