canaille-globuzma/demo/conf/canaille-ldap.toml

SECRET_KEY = "change me before you go in production"
DEBUG = true

[CANAILLE]
LOGO = "/static/img/canaille-head.webp"
FAVICON = "/static/img/canaille-c.webp"
EMAIL_CONFIRMATION = false
ENABLE_REGISTRATION = true
ADMIN_EMAIL = "admin@mydomain.tld"

[CANAILLE.LOGGING]
version = 1
formatters.default.format = "[%(asctime)s] %(levelname)s in %(module)s: %(message)s"
root = {level = "DEBUG", handlers = ["canaille"]}
loggers = {watchdog = {level = "WARNING"}, passlib = {level = "WARNING"}}

[CANAILLE.LOGGING.handlers.canaille]
class = "logging.StreamHandler"
stream = "ext://sys.stdout"
formatter = "default"

[CANAILLE_LDAP]
URI = "ldap://127.0.0.1:5389"
ROOT_DN = "dc=mydomain,dc=tld"
BIND_DN = "cn=admin,dc=mydomain,dc=tld"
BIND_PW = "admin"
TIMEOUT = 10
USER_BASE = "ou=users,dc=mydomain,dc=tld"
GROUP_BASE = "ou=groups,dc=mydomain,dc=tld"
USER_CLASS = ["inetOrgPerson", "oathHOTPToken"]

[CANAILLE.ACL.DEFAULT]
PERMISSIONS = ["edit_self", "use_oidc"]
READ = [
    "user_name",
    "groups",
    "lock_date",
]
WRITE = [
    "photo",
    "given_name",
    "family_name",
    "display_name",
    "password",
    "phone_numbers",
    "emails",
    "profile_url",
    "formatted_address",
    "street",
    "postal_code",
    "locality",
    "region",
    "preferred_language",
    "employee_number",
    "department",
    "title",
    "organization",
]

[CANAILLE.ACL.ADMIN]
FILTER = {groups = "admins"}
PERMISSIONS = [
    "manage_users",
    "manage_groups",
    "manage_oidc",
    "delete_account",
    "impersonate_users",
]
WRITE = [
    "groups",
    "lock_date",
]

[CANAILLE.ACL.HALF_ADMIN]
FILTER = {groups = "moderators"}
PERMISSIONS = ["manage_users", "manage_groups", "delete_account"]
WRITE = ["groups"]

[CANAILLE_OIDC]
DYNAMIC_CLIENT_REGISTRATION_OPEN = true
DYNAMIC_CLIENT_REGISTRATION_TOKENS = [
    "xxxxxxx-yyyyyyy-zzzzzz",
]