mirror of
https://github.com/kakwa/ldapcherry
synced 2024-12-01 21:45:51 +01:00
177 lines
4.8 KiB
INI
177 lines
4.8 KiB
INI
# global parameters
|
|
[global]
|
|
|
|
# listing interface
|
|
server.socket_host = '127.0.0.1'
|
|
# port
|
|
server.socket_port = 8080
|
|
# number of threads
|
|
server.thread_pool = 8
|
|
#don't show traceback on error
|
|
request.show_tracebacks = False
|
|
|
|
# log configuration
|
|
# /!\ you can't have multiple log handlers
|
|
#####################################
|
|
# configuration to log in files #
|
|
#####################################
|
|
## logger 'file' for access log
|
|
#log.access_handler = 'file'
|
|
## logger syslog for error and dnscherry log
|
|
#log.error_handler = 'file'
|
|
## access log file
|
|
#log.access_file = '/tmp/dnscherry_access.log'
|
|
## error and dnscherry log file
|
|
#log.error_file = '/tmp/dnscherry_error.log'
|
|
|
|
#####################################
|
|
# configuration to log in syslog #
|
|
#####################################
|
|
# logger syslog for access log
|
|
#log.access_handler = 'syslog'
|
|
## logger syslog for error and dnscherry log
|
|
log.error_handler = 'syslog'
|
|
|
|
#####################################
|
|
# configuration to not log at all #
|
|
#####################################
|
|
# logger none for access log
|
|
log.access_handler = 'none'
|
|
# logger none for error and dnscherry log
|
|
#log.error_handler = 'none'
|
|
|
|
# log level
|
|
log.level = 'info'
|
|
|
|
|
|
#####################################
|
|
# Form configuration #
|
|
#####################################
|
|
# redirect to zone page after adding/deleting a record
|
|
# if 'on', redirects to zone page
|
|
# if 'off', stays on a summary page
|
|
form.add.redirect = 'on'
|
|
form.del.redirect = 'on'
|
|
|
|
# session configuration
|
|
# activate session
|
|
tools.sessions.on = True
|
|
# session timeout
|
|
tools.sessions.timeout = 10
|
|
# file session storage(to use if multiple processes,
|
|
# default is in RAM and per process)
|
|
#tools.sessions.storage_type = "file"
|
|
# session
|
|
#tools.sessions.storage_path = "/var/lib/dnscherry/sessions"
|
|
|
|
# zones to manage
|
|
[dns.zones]
|
|
|
|
# Supported algorithms
|
|
# * hmac-md5
|
|
# * hmac-sha1
|
|
# * hmac-sha224
|
|
# * hmac-sha256
|
|
# * hmac-sha384
|
|
# * hmac-sha512
|
|
|
|
#####################################
|
|
# parameters for zone "example.com" #
|
|
#####################################
|
|
# dns server ip
|
|
ip.example.com = '127.0.0.1'
|
|
# hmac algorithm
|
|
algorithm.example.com = 'hmac-md5'
|
|
# hmac key
|
|
key.example.com = 'ujeGPu0NCU1TO9fQKiiuXg=='
|
|
|
|
######################################
|
|
# parameters for zone "example2.org" #
|
|
######################################
|
|
# dns server ip
|
|
ip.example2.org = '127.0.0.1'
|
|
# hmac algorithm
|
|
algorithm.example2.org = 'hmac-sha512'
|
|
# hmac key
|
|
key.example2.org = 'ujeGPu0NCU1TO9fQKiiuXg=='
|
|
|
|
# other dns parameters
|
|
[dns]
|
|
# the default selected zone
|
|
default.zone = 'example.com'
|
|
# record types to display
|
|
type.displayed = 'A, AAAA, CNAME, MX'
|
|
# record types available for new records
|
|
type.written = 'A, AAAA, CNAME, MX'
|
|
# default ttl for new records
|
|
default.ttl = '3600'
|
|
|
|
# resources parameters
|
|
[resources]
|
|
# templates directory
|
|
template_dir = '/usr/share/dnscherry/templates/'
|
|
|
|
# authentification parameters
|
|
[auth]
|
|
|
|
######################################
|
|
# parameters for auth module 'none' #
|
|
######################################
|
|
# this module disable authentification
|
|
# (if you use other means of authentification)
|
|
|
|
# auth module to load
|
|
auth.module = 'dnscherry.auth.modNone'
|
|
# optional http header handling.
|
|
# useful if username is transmitted by header
|
|
# (permits nominative logs).
|
|
# if activated, this header presence
|
|
# in each request is mandatory.
|
|
#auth.none.user_header_name = 'AUTH_USER'
|
|
|
|
#######################################
|
|
## parameters for auth module 'ldap' #
|
|
#######################################
|
|
# This module is used for ldap authentification
|
|
|
|
## name of the auth module
|
|
#auth.module = 'dnscherry.auth.modLdap'
|
|
## base dn where to search user
|
|
#auth.ldap.userdn = 'ou=People,dc=example,dc=org'
|
|
## ldap login filter
|
|
#auth.ldap.user.filter.tmpl = '(uid=%(login)s)'
|
|
## base dn for group
|
|
## (if empty, all user in userdn can access dnscherry)
|
|
#auth.ldap.groupdn = 'cn=itpeople,ou=Groups,dc=example,dc=org'
|
|
## ldap group filter
|
|
#auth.ldap.group.filter.tmpl = '(member=%(userdn)s)'
|
|
## bind dn
|
|
#auth.ldap.binddn = 'cn=dnscherry,dc=example,dc=org'
|
|
## bind password
|
|
#auth.ldap.bindpassword = 'password'
|
|
## ldap uri
|
|
#auth.ldap.uri = 'ldaps://ldap.dnscherry.org'
|
|
## ldap CA file (use for ssl/tls)
|
|
#auth.ldap.ca = '/etc/dnscherry/TEST-cacert.pem'
|
|
## enable starttls (default off)
|
|
##auth.ldap.starttls = 'on'
|
|
## check certificat (default on)
|
|
##auth.ldap.checkcert = 'off'
|
|
|
|
##########################################
|
|
# parameters for auth module 'htpasswd' #
|
|
##########################################
|
|
# This module is used for htpasswd file
|
|
# user database
|
|
#
|
|
# name of the auth module
|
|
#auth.module = 'dnscherry.auth.modHtpasswd'
|
|
# path to htpasswd file
|
|
#auth.htpasswd.file = '/etc/dnscherry/users.db'
|
|
|
|
# enable cherrypy static handling
|
|
# to comment if static content are handled otherwise
|
|
[/static]
|
|
tools.staticdir.on = True
|
|
tools.staticdir.dir = '/usr/share/dnscherry/static/'
|