mirror of
https://github.com/kakwa/ldapcherry
synced 2024-11-22 01:14:21 +01:00
187 lines
4.8 KiB
INI
187 lines
4.8 KiB
INI
# global parameters
|
|
[global]
|
|
|
|
# listing interface
|
|
server.socket_host = '127.0.0.1'
|
|
# port
|
|
server.socket_port = 8080
|
|
# number of threads
|
|
server.thread_pool = 8
|
|
#don't show traceback on error
|
|
request.show_tracebacks = False
|
|
|
|
# log configuration
|
|
# /!\ you can't have multiple log handlers
|
|
#####################################
|
|
# configuration to log in files #
|
|
#####################################
|
|
## logger 'file' for access log
|
|
#log.access_handler = 'file'
|
|
## logger syslog for error and ldapcherry log
|
|
#log.error_handler = 'file'
|
|
## access log file
|
|
#log.access_file = '/tmp/ldapcherry_access.log'
|
|
## error and ldapcherry log file
|
|
#log.error_file = '/tmp/ldapcherry_error.log'
|
|
|
|
#####################################
|
|
# configuration to log in syslog #
|
|
#####################################
|
|
# logger syslog for access log
|
|
#log.access_handler = 'syslog'
|
|
## logger syslog for error and ldapcherry log
|
|
log.error_handler = 'syslog'
|
|
|
|
#####################################
|
|
# configuration to not log at all #
|
|
#####################################
|
|
# logger none for access log
|
|
log.access_handler = 'none'
|
|
# logger none for error and ldapcherry log
|
|
#log.error_handler = 'none'
|
|
|
|
# log level
|
|
log.level = 'info'
|
|
|
|
# session configuration
|
|
# activate session
|
|
tools.sessions.on = True
|
|
# session timeout
|
|
tools.sessions.timeout = 7200
|
|
# file session storage(to use if multiple processes,
|
|
# default is in RAM and per process)
|
|
#tools.sessions.storage_type = "file"
|
|
# session
|
|
#tools.sessions.storage_path = "/var/lib/ldapcherry/sessions"
|
|
|
|
[attributes]
|
|
|
|
# file discribing form content
|
|
attributes.file = './tests/cfg/attributes_adldap.yml'
|
|
|
|
[roles]
|
|
|
|
# file listing roles
|
|
roles.file = './tests/cfg/roles_adldap.yml'
|
|
|
|
[search]
|
|
|
|
# minimum lenght for search forms
|
|
min.lenght = 0
|
|
|
|
[backends]
|
|
|
|
#####################################
|
|
# configuration of ldap backend #
|
|
#####################################
|
|
|
|
# name of the module
|
|
ldap.module = 'ldapcherry.backend.backendLdap'
|
|
# display name of the ldap
|
|
ldap.display_name = 'My Ldap Directory'
|
|
|
|
# uri of the ldap directory
|
|
ldap.uri = 'ldap://ldap.ldapcherry.org:390'
|
|
# ca to use for ssl/tls connexion
|
|
#ldap.ca = '/etc/dnscherry/TEST-cacert.pem'
|
|
# use start tls
|
|
#ldap.starttls = 'off'
|
|
# check server certificate (for tls)
|
|
#ldap.checkcert = 'off'
|
|
# bind dn to the ldap
|
|
ldap.binddn = 'cn=dnscherry,dc=example,dc=org'
|
|
# password of the bind dn
|
|
ldap.password = 'password'
|
|
# timeout of ldap connexion (in second)
|
|
ldap.timeout = 1
|
|
|
|
# groups dn
|
|
ldap.groupdn = 'ou=group,dc=example,dc=org'
|
|
# users dn
|
|
ldap.userdn = 'ou=people,dc=example,dc=org'
|
|
# ldapsearch filter to get a user
|
|
ldap.user_filter_tmpl = '(uid=%(username)s)'
|
|
# ldapsearch filter to get groups of a user
|
|
ldap.group_filter_tmpl = '(member=uid=%(username)s,ou=People,dc=example,dc=org)'
|
|
# filter to search users
|
|
ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))'
|
|
|
|
# ldap group attributes and how to fill them
|
|
ldap.group_attr.member = "%(dn)s"
|
|
#ldap.group_attr.memberUid = "%(uid)s"
|
|
# object classes of a user entry
|
|
ldap.objectclasses = 'top, person, posixAccount, inetOrgPerson'
|
|
# dn entry attribute for an ldap user
|
|
ldap.dn_user_attr = 'uid'
|
|
|
|
#####################################
|
|
# configuration of ad backend #
|
|
#####################################
|
|
|
|
## Name of the backend
|
|
ad.module = 'ldapcherry.backend.backendAD'
|
|
# display name of the ldap
|
|
ad.display_name = 'My Active Directory'
|
|
# ad domain
|
|
ad.domain = 'DC.LDAPCHERRY.ORG'
|
|
# ad login
|
|
ad.login = 'administrator'
|
|
# ad password
|
|
ad.password = 'qwertyP455'
|
|
# ad uri
|
|
ad.uri = 'ldaps://ad.ldapcherry.org'
|
|
|
|
# ca to use for ssl/tls connexion
|
|
#ad.ca = '/etc/dnscherry/TEST-cacert.pem'
|
|
# use start tls
|
|
ad.starttls = 'off'
|
|
# check server certificate (for tls)
|
|
ad.checkcert = 'off'
|
|
|
|
[ppolicy]
|
|
|
|
# password policy module
|
|
ppolicy.module = 'ldapcherry.ppolicy.simple'
|
|
|
|
# parameters of the module
|
|
min_length = 8
|
|
min_upper = 1
|
|
min_digit = 1
|
|
|
|
# authentification parameters
|
|
[auth]
|
|
|
|
# Auth mode
|
|
# * and: user must authenticate on all backends
|
|
# * or: user must authenticate on one of the backend
|
|
# * none: disable authentification
|
|
# * custom: custom authentification module (need auth.module param)
|
|
auth.mode = 'or'
|
|
|
|
# custom auth module to load
|
|
#auth.module = 'ldapcherry.auth.modNone'
|
|
|
|
# resources parameters
|
|
[resources]
|
|
# templates directory
|
|
templates.dir = './resources/templates/'
|
|
|
|
[/static]
|
|
# enable serving static file through ldapcherry
|
|
# set to False if files served directly by an
|
|
# http server for better performance
|
|
tools.staticdir.on = True
|
|
# static resources directory (js, css, images...)
|
|
tools.staticdir.dir = './resources/static/'
|
|
|
|
## custom javascript files
|
|
#[/custom]
|
|
#
|
|
## enable serving static file through ldapcherry
|
|
## set to False if files served directly by an
|
|
## http server for better performance
|
|
#tools.staticdir.on = True
|
|
|
|
## path to directory containing js files
|
|
## use it to add custom auto-fill functions
|