Integrate with Calibre-Web
Support level: Community
What is Calibre-Web?
Calibre-Web is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database.
Preparation
The following placeholders are used in this guide:
calibreweb.companyis the FQDN of the Calibre-Web installation.authentik.companyis the FQDN of the authentik installation.ldap.companyis the FQDN of the authentik LDAP outpost.
This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.
Calibre-Web must be installed with its optional LDAP dependencies. If Use LDAP Authentication is not available as a login type, install the Calibre-Web LDAP dependencies and restart Calibre-Web before continuing.
authentik configuration
To support the integration of Calibre-Web with authentik, you need to create an LDAP application/provider pair, an LDAP outpost, a service account with LDAP search permissions, and a group containing the users to import into Calibre-Web.
Create an application and provider in authentik
-
Log in to authentik as an administrator and open the authentik Admin interface.
-
Navigate to Applications > Applications and click New Application to open the application wizard.
- Application: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- Choose a Provider type: select LDAP Provider as the provider type.
- Configure the Provider: provide a name (or accept the auto-provided name), the bind flow to use for this provider, and note the Base DN because it will be required later.
- Configure Bindings (optional): you can create a binding (policy, group, or user) to manage the listing and access to applications on a user's Application Dashboard page.
-
Click Submit to save the new application and provider.
Create an LDAP outpost
Calibre-Web connects to authentik through an LDAP outpost.
- Navigate to Applications > Outposts and click New Outpost.
- Configure the outpost:
- Name: provide a descriptive name.
- Type: select LDAP.
- Integration: select the integration that matches your deployment method.
- Applications: select the Calibre-Web LDAP application.
- Click Create.
Expose the LDAP outpost as ldap.company so Calibre-Web can reach it.
Create a service account in authentik
Create a dedicated service account for Calibre-Web LDAP searches.
- Navigate to Directory > Users and click New User.
- Set Username to a descriptive value, such as
ldapservice, then click Create. - Click the newly created service account.
- Under Recovery, click Set password, provide a secure password, and click Update password. Copy this password because it will be required later.
For the default authentik LDAP Base DN, this service account's DN is cn=<service_account_username>,ou=users,dc=ldap,dc=goauthentik,dc=io.
Grant LDAP search permissions
Calibre-Web needs the service account to search the LDAP directory when importing users.
- Navigate to Directory > Roles and click Create.
- Provide a name, such as
LDAP search, and click Create. - Click the new role and open the Users tab.
- Click Add existing user, select the service account, and click Assign.
- Navigate to Applications > Providers and click the Calibre-Web LDAP provider.
- Open the Permissions tab and click Assign Object Permissions.
- Select the role, enable Search full LDAP directory, and click Assign.
Create an LDAP import group
Create a group that contains the users to import into Calibre-Web.
- Navigate to Directory > Groups and click Create.
- Provide a name, such as
Calibre-Web, and click Create. - Click the newly created group and open the Users tab.
- Click Add existing user.
- Select the users that should be imported into Calibre-Web and click Add.
Note the group name because it will be required later.
Calibre-Web configuration
- Log in to Calibre-Web as an administrator.
- Navigate to Admin > Edit Basic Configuration, open Feature Configuration, and configure the following settings:
- Login Type:
Use LDAP Authentication - LDAP Server Host Name or IP Address:
ldap.company - LDAP Administrator Username:
cn=<service_account_username>,ou=users,dc=ldap,dc=goauthentik,dc=io - LDAP Administrator Password: enter the service account password from authentik.
- LDAP Distinguished Name (DN):
dc=ldap,dc=goauthentik,dc=io - LDAP User Object Filter:
(&(objectclass=user)(cn=%s)) - LDAP Group Object Filter:
(&(objectclass=group)(cn=%s)) - LDAP Group Name: enter the authentik LDAP import group name, for example
Calibre-Web. - LDAP Group Members Field:
member
- Login Type:
- Click Save.
If you changed the LDAP provider Base DN in authentik, replace dc=ldap,dc=goauthentik,dc=io in the Calibre-Web settings with your configured Base DN.
After saving the LDAP settings, import users from authentik:
- Navigate to Admin and click Import LDAP Users.
- After the users are imported, click Edit Users and give each imported user the appropriate Calibre-Web permissions.
Configuration verification
To confirm that authentik is properly configured with Calibre-Web, open Calibre-Web and log in as an imported user using their authentik credentials.