# global parameters [global] # listing interface server.socket_host = '127.0.0.1' # port server.socket_port = 8080 # number of threads server.thread_pool = 8 #don't show traceback on error request.show_tracebacks = False # log configuration # /!\ you can't have multiple log handlers ##################################### # configuration to log in files # ##################################### ## logger 'file' for access log #log.access_handler = 'file' ## logger syslog for error and ldapcherry log #log.error_handler = 'file' ## access log file #log.access_file = '/tmp/ldapcherry_access.log' ## error and ldapcherry log file #log.error_file = '/tmp/ldapcherry_error.log' ##################################### # configuration to log in syslog # ##################################### # logger syslog for access log #log.access_handler = 'syslog' ## logger syslog for error and ldapcherry log log.error_handler = 'syslog' ##################################### # configuration to not log at all # ##################################### # logger none for access log log.access_handler = 'none' # logger none for error and ldapcherry log #log.error_handler = 'none' # log level log.level = 'info' # session configuration # activate session tools.sessions.on = True # session timeout tools.sessions.timeout = 10 # file session storage(to use if multiple processes, # default is in RAM and per process) #tools.sessions.storage_type = "file" # session #tools.sessions.storage_path = "/var/lib/ldapcherry/sessions" [attributes] # file discribing form content attributes.file = '/etc/ldapcherry/attributes.yml' [roles] # file listing roles roles.file = '/etc/ldapcherry/roles.yml' [backends] ##################################### # configuration of ldap backend # ##################################### # name of the module ldap.module = 'ldapcherry.backend.backendLdap' # display name of the ldap ldap.display_name = 'My Ldap Directory' # uri of the ldap directory ldap.uri = 'ldap://ldap.ldapcherry.org' # ca to use for ssl/tls connexion #ldap.ca = '/etc/dnscherry/TEST-cacert.pem' # use start tls #ldap.starttls = 'off' # check server certificate (for tls) #ldap.checkcert = 'off' # bind dn to the ldap ldap.binddn = 'cn=dnscherry,dc=example,dc=org' # password of the bind dn ldap.password = 'password' # timeout of ldap connexion (in second) ldap.timeout = 1 # groups dn ldap.groupdn = 'ou=group,dc=example,dc=org' # users dn ldap.userdn = 'ou=people,dc=example,dc=org' # ldapsearch filter to get a user ldap.user_filter_tmpl = '(uid=%(username)s)' # ldapsearch filter to get groups of a user ldap.group_filter_tmpl = '(member=uid=%(username)s,ou=People,dc=example,dc=org)' # filter to search users ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))' # ldap group attributes and how to fill them ldap.group_attr.member = "%(dn)s" #ldap.group_attr.memberUid = "%(uid)s" # object classes of a user entry ldap.objectclasses = 'top, person, posixAccount, inetOrgPerson' # dn entry attribute for an ldap user ldap.dn_user_attr = 'uid' ##################################### # configuration of ad backend # ##################################### ## Name of the backend #ad.module = 'ldapcherry.backend.backendAD' ## display name of the ldap #ad.display_name = 'My Active Directory' ## ad domain #ad.domain = 'dc.ldapcherry.org' ## ad login #ad.login = 'administrator' ## ad password #ad.password = 'qwertyP455' ## ad uri #ad.uri = 'ldap://ldap.ldapcherry.org' ## ca to use for ssl/tls connexion #ad.ca = '/etc/dnscherry/TEST-cacert.pem' ## use start tls #ad.starttls = 'off' ## check server certificate (for tls) #ad.checkcert = 'off' ##################################### # configuration of demo backend # ##################################### ## Name of the backend #demo.module = 'ldapcherry.backend.backendDemo' ## Display name of the Backend #demo.display_name = 'Demo Backend' ## Groups of admin user #demo.admin.groups = 'DnsAdmins' ## Groups of basic user #demo.basic.groups = 'Test 2, Test 1' ## Password attribute name #demo.pwd_attr = 'userPassword' ## Attribute to use for the search #demo.search_attributes = 'cn, sn, givenName, uid' ## Login of default admin user #demo.admin.user = 'admin' ## Password of default admin user #demo.admin.password = 'admin' ## Login of default basic user #demo.basic.user = 'user' ## Password of default basic user #demo.basic.password = 'user' [ppolicy] # password policy module ppolicy.module = 'ldapcherry.ppolicy.simple' # parameters of the module min_length = 8 min_upper = 1 min_digit = 1 # authentification parameters [auth] # Auth mode # * and: user must authenticate on all backends # * or: user must authenticate on one of the backend # * none: disable authentification # * custom: custom authentification module (need auth.module param) auth.mode = 'or' # custom auth module to load #auth.module = 'ldapcherry.auth.modNone' # resources parameters [resources] # templates directory templates.dir = '/usr/share/ldapcherry/templates/' [/static] # enable serving static file through ldapcherry # set to False if files served directly by an # http server for better performance tools.staticdir.on = True # static resources directory (js, css, images...) tools.staticdir.dir = '/usr/share/ldapcherry/static/' ## custom javascript files #[/custom] # ## enable serving static file through ldapcherry ## set to False if files served directly by an ## http server for better performance #tools.staticdir.on = True ## path to directory containing js files ## use it to add custom auto-fill functions #tools.staticdir.dir = '/etc/ldapcherry/custom_js/'