canaille-globuzma/oidc_ldap_bridge/conf/config.sample.toml

SECRET_KEY = "change me before you go in production"
NAME = "MyDomain"
# LOGO = "https://path/to/your/organization/logo.png"

# If unset, language is detected
LANGUAGE = "en"

# Path to the RFC8414 metadata file
OAUTH2_METADATA_FILE = "oidc_ldap_bridge/conf/oauth-authorization-server.json"
OIDC_METADATA_FILE = "oidc_ldap_bridge/conf/openid-configuration.json"

[LDAP]
URI = "ldap://ldap"
ROOT_DN = "dc=mydomain,dc=tld"
BIND_DN = "cn=admin,dc=mydomain,dc=tld"
BIND_PW = "admin"

# Filter to match users on sign in. Supports a variable
# {login}. For sigin against uid or mail use:
# USER_FILTER = "(|(uid={login})(mail={login}))"
USER_FILTER = "(|(uid={login})(cn={login}))"

# Filter to match admin users. If your server has memberof
# you can filter against group membership
ADMIN_FILTER = "cn=Jane Doe"

[JWT]
PUBLIC_KEY = "oidc_ldap_bridge/conf/public.pem"
PRIVATE_KEY = "oidc_ldap_bridge/conf/private.pem"
KTY = "RSA"
ALG = "RS256"
EXP = 3600

[JWT.MAPPING]
# Mapping between JWT fields and LDAP attributes from your
# User objectClass.
SUB = "uid"
NAME = "cn"
PHONE_NUMBER = "telephoneNumber"
# EXAMPLE OF MAPPING FOR inetOrgPerson
#     PHONE_NUMBER = "telephoneNumber"
#     EMAIL = "mail"
#     GIVEN_NAME = "givenName"
#     PREFERRED_USERNAME = "displayName"
#     FAMILIY_NAME = "
#     LOCALE = "preferredLanguage"
#     PICTURE = "photo"
#     ADDRESS = "postalAddress"
Configuration file 2020-08-17 09:05:01 +00:00			`SECRET_KEY = "change me before you go in production"`
Full authorization_code flow 2020-08-17 16:49:05 +00:00			`NAME = "MyDomain"`
Use fomanticui frontend 2020-08-17 09:53:30 +00:00			`# LOGO = "https://path/to/your/organization/logo.png"`
Configuration file 2020-08-17 09:05:01 +00:00
i18n 2020-08-17 09:38:25 +00:00			`# If unset, language is detected`
Moved from 'website' to 'web' 2020-08-17 09:56:03 +00:00			`LANGUAGE = "en"`
i18n 2020-08-17 09:38:25 +00:00
Server metadata file 2020-08-25 09:15:38 +00:00			`# Path to the RFC8414 metadata file`
Packaging 2020-08-31 09:23:50 +00:00			`OAUTH2_METADATA_FILE = "oidc_ldap_bridge/conf/oauth-authorization-server.json"`
			`OIDC_METADATA_FILE = "oidc_ldap_bridge/conf/openid-configuration.json"`
Server metadata file 2020-08-25 09:15:38 +00:00
Configuration file 2020-08-17 09:05:01 +00:00			`[LDAP]`
tests workflow 2020-08-18 15:39:34 +00:00			`URI = "ldap://ldap"`
			`ROOT_DN = "dc=mydomain,dc=tld"`
			`BIND_DN = "cn=admin,dc=mydomain,dc=tld"`
Configuration file 2020-08-17 09:05:01 +00:00			`BIND_PW = "admin"`
Admin login 2020-08-19 14:20:57 +00:00
Alternate login filters 2020-08-20 08:45:33 +00:00			`# Filter to match users on sign in. Supports a variable`
			`# {login}. For sigin against uid or mail use:`
			`# USER_FILTER = "(\|(uid={login})(mail={login}))"`
Better user objectClasses 2020-08-19 14:56:04 +00:00			`USER_FILTER = "(\|(uid={login})(cn={login}))"`
Alternate login filters 2020-08-20 08:45:33 +00:00
			`# Filter to match admin users. If your server has memberof`
			`# you can filter against group membership`
Admin login 2020-08-19 14:20:57 +00:00			`ADMIN_FILTER = "cn=Jane Doe"`
Claims are configurable 2020-08-24 08:03:48 +00:00
			`[JWT]`
Packaging 2020-08-31 09:23:50 +00:00			`PUBLIC_KEY = "oidc_ldap_bridge/conf/public.pem"`
			`PRIVATE_KEY = "oidc_ldap_bridge/conf/private.pem"`
Use private/public keys to sign JWTs 2020-08-28 14:07:39 +00:00			`KTY = "RSA"`
			`ALG = "RS256"`
Claims are configurable 2020-08-24 08:03:48 +00:00			`EXP = 3600`
Only commit changed fields 2020-08-24 09:28:15 +00:00
			`[JWT.MAPPING]`
TODO.md 2020-08-26 10:03:06 +00:00			`# Mapping between JWT fields and LDAP attributes from your`
			`# User objectClass.`
Only commit changed fields 2020-08-24 09:28:15 +00:00			`SUB = "uid"`
			`NAME = "cn"`
			`PHONE_NUMBER = "telephoneNumber"`
Claims are configurable 2020-08-24 08:03:48 +00:00			`# EXAMPLE OF MAPPING FOR inetOrgPerson`
			`# PHONE_NUMBER = "telephoneNumber"`
			`# EMAIL = "mail"`
			`# GIVEN_NAME = "givenName"`
			`# PREFERRED_USERNAME = "displayName"`
			`# FAMILIY_NAME = "`
			`# LOCALE = "preferredLanguage"`
			`# PICTURE = "photo"`
			`# ADDRESS = "postalAddress"`