From af4987180154806f5a8974a94073f3ff6654fc06 Mon Sep 17 00:00:00 2001 From: Austin Eschweiler <8880292+Eschguy@users.noreply.github.com> Date: Thu, 27 Jul 2023 11:12:36 -0500 Subject: [PATCH] example_configs: Add tandoor recipes --- example_configs/tandoor_recipes.md | 37 ++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 example_configs/tandoor_recipes.md diff --git a/example_configs/tandoor_recipes.md b/example_configs/tandoor_recipes.md new file mode 100644 index 0000000..28af9ef --- /dev/null +++ b/example_configs/tandoor_recipes.md @@ -0,0 +1,37 @@ +# Tandoor Recipes LDAP configuration + +## LDAP settings are defined by environmental variables as defined in [Tandoor's documentation](https://docs.tandoor.dev/features/authentication/#ldap) + +### #Required# +It is recommended to have a read-only account to bind to +``` +LDAP_AUTH=1 +AUTH_LDAP_SERVER_URI=ldap://lldap:3890/ +AUTH_LDAP_BIND_DN=uid=ro_admin,ou=people,DC=example,DC=com +AUTH_LDAP_BIND_PASSWORD=CHANGEME +AUTH_LDAP_USER_SEARCH_BASE_DN=ou=people,DC=example,DC=com +``` + +### #Optional# + +By default it authenticates everybody identified by the search base DN, this allows you to pull certain users from the ```tandoor_users``` group +``` +AUTH_LDAP_USER_SEARCH_FILTER_STR=(&(&(objectclass=person)(memberOf=cn=tandoor_users,ou=groups,dc=example,dc=com))(uid=%(user)s)) +``` + +Map Tandoor user fields with their LLDAP counterparts +``` +AUTH_LDAP_USER_ATTR_MAP={'first_name': 'givenName', 'last_name': 'sn', 'email': 'mail'} +``` + +Set whether or not to always update user fields at login and how many seconds for a timeout +``` +AUTH_LDAP_ALWAYS_UPDATE_USER=1 +AUTH_LDAP_CACHE_TIMEOUT=3600 +``` + +If you use secure LDAP +``` +AUTH_LDAP_START_TLS=1 +AUTH_LDAP_TLS_CACERTFILE=/etc/ssl/certs/own-ca.pem +```