mirror of
https://github.com/kakwa/ldapcherry
synced 2024-11-21 17:04:21 +01:00
update documentation
This commit is contained in:
parent
96acda7aa6
commit
5ee8a74040
@ -47,53 +47,55 @@ Configuration
|
|||||||
|
|
||||||
The ldap backend exposes the following parameters:
|
The ldap backend exposes the following parameters:
|
||||||
|
|
||||||
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+
|
+--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
|
||||||
| Parameter | Section | Description | Values | Comment |
|
| Parameter | Section | Description | Values | Comment |
|
||||||
+==========================+==========+====================================+==========================+============================================+
|
+==========================+==========+====================================+==========================+================================================+
|
||||||
| uri | backends | The ldap uri to access | ldap uri | * use ldap:// for clear/starttls |
|
| uri | backends | The ldap uri to access | ldap uri | * use ldap:// for clear/starttls |
|
||||||
| | | | | * use ldaps:// for ssl |
|
| | | | | * use ldaps:// for ssl |
|
||||||
| | | | | * custom port: ldap://<host>:<port> |
|
| | | | | * custom port: ldap://<host>:<port> |
|
||||||
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+
|
+--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
|
||||||
| ca | backends | Path to the CA file | file path | optional |
|
| ca | backends | Path to the CA file | file path | optional |
|
||||||
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+
|
+--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
|
||||||
| starttls | backends | Use starttls | 'on' or 'off' | optional |
|
| starttls | backends | Use starttls | 'on' or 'off' | optional |
|
||||||
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+
|
+--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
|
||||||
| checkcert | backends | Check the server certificat | 'on' or 'off' | optional |
|
| checkcert | backends | Check the server certificat | 'on' or 'off' | optional |
|
||||||
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+
|
+--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
|
||||||
| binddn | backends | The bind dn to use | ldap dn | This dn must have read/write permissions |
|
| binddn | backends | The bind dn to use | ldap dn | This dn must have read/write permissions |
|
||||||
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+
|
+--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
|
||||||
| password | backends | The password of the bind dn | password | |
|
| password | backends | The password of the bind dn | password | |
|
||||||
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+
|
+--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
|
||||||
| timeout | backends | Ldap connexion timeout | integer (second) | |
|
| timeout | backends | Ldap connexion timeout | integer (second) | |
|
||||||
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+
|
+--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
|
||||||
| password | backends | The password of the bind dn | password | |
|
| password | backends | The password of the bind dn | password | |
|
||||||
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+
|
+--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
|
||||||
| groupdn | backends | The ldap dn where groups are | ldap dn | |
|
| groupdn | backends | The ldap dn where groups are | ldap dn | |
|
||||||
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+
|
+--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
|
||||||
| userdn | backends | The ldap dn where users are | ldap dn | |
|
| userdn | backends | The ldap dn where users are | ldap dn | |
|
||||||
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+
|
+--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
|
||||||
| user_filter_tmpl | backends | The search filter template | ldap search filter | The user identifier is passed through |
|
| user_filter_tmpl | backends | The search filter template | ldap search filter | The user identifier is passed through |
|
||||||
| | | to recover a given user | template | the **username** variable (*%(username)s*) |
|
| | | to recover a given user | template | the **username** variable (*%(username)s*) |
|
||||||
| | | | | |
|
| | | | | |
|
||||||
| | | | | **username** is the attribute marked by |
|
| | | | | **username** is the content of the |
|
||||||
| | | | | **key: True** in the **attribute.yml** file|
|
| | | | | the attribute marked by '**key: Truee**' |
|
||||||
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+
|
| | | | | in the **attributes.yml** file |
|
||||||
| group_filter_tmpl | backends | The search filter template to | ldap search filter | The following variables are usable: |
|
+--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
|
||||||
| | | recover the groups of a given user | template | |
|
| group_filter_tmpl | backends | The search filter template to | ldap search filter | The following variables are usable: |
|
||||||
| | | recover the groups of a given user | template | * **username**: the user's key attribute |
|
| | | recover the groups of a given user | template | |
|
||||||
| | | | | * **userdn**: the user's ldap dn |
|
| | | recover the groups of a given user | template | * **username**: the user's key attribute |
|
||||||
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+
|
| | | | | * **userdn**: the user's ldap dn |
|
||||||
| group_attr.<member attr> | backends | Member attribute template value | template | * <member attr> is the member attribute |
|
+--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
|
||||||
| | | | | in groups dn entries |
|
| group_attr.<member attr> | backends | Member attribute template value | template | * <member attr> is the member attribute |
|
||||||
| | | | | * every user attributes are exposed |
|
| | | | | in groups dn entries |
|
||||||
| | | | | in the template |
|
| | | | | * every user attributes are exposed |
|
||||||
| | | | | * multiple <memver attr> attributes |
|
| | | | | in the template |
|
||||||
| | | | | can be set |
|
| | | | | * multiple <memver attr> attributes |
|
||||||
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+
|
| | | | | can be set (ex: group_attr.member |
|
||||||
| objectclasses | backends | list of object classes for users | comma separated list | |
|
| | | | | (ex: group_attr.member, group_attr.usermemb) |
|
||||||
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+
|
+--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
|
||||||
| dn_user_attr | backends | attribute used in users dn | dn attribute | |
|
| objectclasses | backends | list of object classes for users | comma separated list | |
|
||||||
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+
|
+--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
|
||||||
|
| dn_user_attr | backends | attribute used in users dn | dn attribute | |
|
||||||
|
+--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
|
||||||
|
|
||||||
|
|
||||||
Example
|
Example
|
||||||
@ -101,46 +103,58 @@ Example
|
|||||||
|
|
||||||
.. sourcecode:: ini
|
.. sourcecode:: ini
|
||||||
|
|
||||||
[backends]
|
[backends]
|
||||||
|
|
||||||
# name of the module
|
#####################################
|
||||||
ldap.module = 'ldapcherry.backend.backendLdap'
|
# configuration of ldap backend #
|
||||||
# display name of the ldap
|
#####################################
|
||||||
ldap.display_name = 'My Ldap Directory'
|
|
||||||
|
# name of the module
|
||||||
# uri of the ldap directory
|
ldap.module = 'ldapcherry.backend.backendLdap'
|
||||||
ldap.uri = 'ldap://ldap.ldapcherry.org'
|
# display name of the ldap
|
||||||
# ca to use for ssl/tls connexion
|
ldap.display_name = 'My Ldap Directory'
|
||||||
#ldap.ca = '/etc/dnscherry/TEST-cacert.pem'
|
|
||||||
# use start tls
|
# uri of the ldap directory
|
||||||
#ldap.starttls = 'off'
|
ldap.uri = 'ldap://ldap.ldapcherry.org'
|
||||||
# check server certificate (for tls)
|
# ca to use for ssl/tls connexion
|
||||||
#ldap.checkcert = 'off'
|
#ldap.ca = '/etc/dnscherry/TEST-cacert.pem'
|
||||||
# bind dn to the ldap
|
# use start tls
|
||||||
ldap.binddn = 'cn=dnscherry,dc=example,dc=org'
|
#ldap.starttls = 'off'
|
||||||
# password of the bind dn
|
# check server certificate (for tls)
|
||||||
ldap.password = 'password'
|
#ldap.checkcert = 'off'
|
||||||
# timeout of ldap connexion (in second)
|
# bind dn to the ldap
|
||||||
ldap.timeout = 1
|
ldap.binddn = 'cn=dnscherry,dc=example,dc=org'
|
||||||
|
# password of the bind dn
|
||||||
# groups dn
|
ldap.password = 'password'
|
||||||
ldap.groupdn = 'ou=group,dc=example,dc=org'
|
# timeout of ldap connexion (in second)
|
||||||
# users dn
|
ldap.timeout = 1
|
||||||
ldap.userdn = 'ou=people,dc=example,dc=org'
|
|
||||||
# ldapsearch filter to get a user
|
# groups dn
|
||||||
ldap.user_filter_tmpl = '(uid=%(username)s)'
|
ldap.groupdn = 'ou=group,dc=example,dc=org'
|
||||||
# ldapsearch filter to get groups of a user
|
# users dn
|
||||||
ldap.group_filter_tmpl = '(member=uid=%(username)s,ou=People,dc=example,dc=org)'
|
ldap.userdn = 'ou=people,dc=example,dc=org'
|
||||||
# filter to search users
|
|
||||||
ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))'
|
# ldapsearch filter to get one specific user
|
||||||
|
# %(username)s is content of the attribute marked 'key: True' in the attributes.file config file
|
||||||
# ldap group attributes and how to fill them
|
ldap.user_filter_tmpl = '(uid=%(username)s)'
|
||||||
ldap.group_attr.member = "%(dn)s"
|
# ldapsearch filter to get groups of a user
|
||||||
#ldap.group_attr.memberUid = "%(uid)s"
|
# %(username)s is content of the attribute marked 'key: True' in the attributes.file config file
|
||||||
# object classes of a user entry
|
ldap.group_filter_tmpl = '(member=uid=%(username)s,ou=People,dc=example,dc=org)'
|
||||||
ldap.objectclasses = 'top, person, posixAccount, inetOrgPerson'
|
# filter to search users
|
||||||
# dn entry attribute for an ldap user
|
# %(searchstring)s is the content passed through the search box
|
||||||
ldap.dn_user_attr = 'uid'
|
ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))'
|
||||||
|
|
||||||
|
# ldap group attributes and how to fill them
|
||||||
|
# 'member' is the name of the attribute
|
||||||
|
# for the template, any of the user's ldap attributes can be user
|
||||||
|
ldap.group_attr.member = "%(dn)s"
|
||||||
|
# same with memverUid and the uid user's attribute
|
||||||
|
#ldap.group_attr.memberUid = "%(uid)s"
|
||||||
|
|
||||||
|
# object classes of a user entry
|
||||||
|
ldap.objectclasses = 'top, person, posixAccount, inetOrgPerson'
|
||||||
|
# dn entry attribute for an ldap user
|
||||||
|
ldap.dn_user_attr = 'uid'
|
||||||
|
|
||||||
|
|
||||||
Active Directory Backend
|
Active Directory Backend
|
||||||
|
Loading…
Reference in New Issue
Block a user