globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

Configuration comments

Browse source
This commit is contained in:
Éloi Rivard 2020-08-31 14:09:28 +02:00
parent 0fa6689c13
commit b096d4aff2
1 changed files with 21 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
oidc_ldap_bridge/conf/config.sample.toml
View file

@ -1,11 +1,17 @@
# The flask secret key for cookies. You MUST change this.
SECRET_KEY = "change me before you go in production" SECRET_KEY = "change me before you go in production"
# Your organization name.
NAME = "MyDomain" NAME = "MyDomain"
# You can display a logo to be recognized on login screens
# LOGO = "https://path/to/your/organization/logo.png" # LOGO = "https://path/to/your/organization/logo.png"
# If unset, language is detected # If unset, language is detected
LANGUAGE = "en" # LANGUAGE = "en"
# Path to the RFC8414 metadata file # Path to the RFC8414 metadata file. You should update those files
# with your production URLs.
OAUTH2_METADATA_FILE = "oidc_ldap_bridge/conf/oauth-authorization-server.json" OAUTH2_METADATA_FILE = "oidc_ldap_bridge/conf/oauth-authorization-server.json"
OIDC_METADATA_FILE = "oidc_ldap_bridge/conf/openid-configuration.json" OIDC_METADATA_FILE = "oidc_ldap_bridge/conf/openid-configuration.json"
@ -16,7 +22,7 @@ BIND_DN = "cn=admin,dc=mydomain,dc=tld"
BIND_PW = "admin" BIND_PW = "admin"
# Filter to match users on sign in. Supports a variable # Filter to match users on sign in. Supports a variable
# {login}. For sigin against uid or mail use: # {login}. For sigin against either uid or mail use:
# USER_FILTER = "(|(uid={login})(mail={login}))" # USER_FILTER = "(|(uid={login})(mail={login}))"
USER_FILTER = "(|(uid={login})(cn={login}))" USER_FILTER = "(|(uid={login})(cn={login}))"
@ -25,6 +31,9 @@ USER_FILTER = "(|(uid={login})(cn={login}))"
# ADMIN_FILTER = "uid=admin" # ADMIN_FILTER = "uid=admin"
ADMIN_FILTER = "memberof=cn=admins,ou=groups,dc=mydomain,dc=tld" ADMIN_FILTER = "memberof=cn=admins,ou=groups,dc=mydomain,dc=tld"
# The jwt configuration. You can generate a RSA keypair with:
# ssh-keygen -t rsa -b 4096 -m PEM -f private.pem
# openssl rsa -in private.pem -pubout -outform PEM -out public.pem
[JWT] [JWT]
PUBLIC_KEY = "oidc_ldap_bridge/conf/public.pem" PUBLIC_KEY = "oidc_ldap_bridge/conf/public.pem"
PRIVATE_KEY = "oidc_ldap_bridge/conf/private.pem" PRIVATE_KEY = "oidc_ldap_bridge/conf/private.pem"
@ -38,12 +47,12 @@ EXP = 3600
SUB = "uid" SUB = "uid"
NAME = "cn" NAME = "cn"
PHONE_NUMBER = "telephoneNumber" PHONE_NUMBER = "telephoneNumber"
# EXAMPLE OF MAPPING FOR inetOrgPerson # An example of mapping for inetOrgPerson:
# PHONE_NUMBER = "telephoneNumber" # PHONE_NUMBER = "telephoneNumber"
# EMAIL = "mail" # EMAIL = "mail"
# GIVEN_NAME = "givenName" # GIVEN_NAME = "givenName"
# PREFERRED_USERNAME = "displayName" # PREFERRED_USERNAME = "displayName"
# FAMILIY_NAME = " # FAMILIY_NAME = "
# LOCALE = "preferredLanguage" # LOCALE = "preferredLanguage"
# PICTURE = "photo" # PICTURE = "photo"
# ADDRESS = "postalAddress" # ADDRESS = "postalAddress"