mirror of
https://github.com/lldap/lldap.git
synced 2024-11-25 17:13:25 +00:00
51 lines
2.2 KiB
YAML
51 lines
2.2 KiB
YAML
###############################################################
|
|
# Authelia configuration #
|
|
###############################################################
|
|
|
|
# This is just the LDAP part of the Authelia configuration!
|
|
|
|
|
|
authentication_backend:
|
|
# Password reset through authelia works normally.
|
|
password_reset:
|
|
disable: false
|
|
# How often authelia should check if there is an user update in LDAP
|
|
refresh_interval: 1m
|
|
ldap:
|
|
implementation: custom
|
|
# Pattern is ldap://HOSTNAME-OR-IP:PORT
|
|
# Normal ldap port is 389, standard in LLDAP is 3890
|
|
address: ldap://lldap:3890
|
|
# The dial timeout for LDAP.
|
|
timeout: 5s
|
|
# Use StartTLS with the LDAP connection, TLS not supported right now
|
|
start_tls: false
|
|
#tls:
|
|
# skip_verify: false
|
|
# minimum_version: TLS1.2
|
|
# Set base dn, like dc=google,dc.com
|
|
base_dn: dc=example,dc=com
|
|
# You need to set this to ou=people, because all users are stored in this ou!
|
|
additional_users_dn: ou=people
|
|
# To allow sign in both with username and email, one can use a filter like
|
|
# (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
|
|
users_filter: "(&({username_attribute}={input})(objectClass=person))"
|
|
# Set this to ou=groups, because all groups are stored in this ou
|
|
additional_groups_dn: ou=groups
|
|
# The groups are not displayed in the UI, but this filter works.
|
|
groups_filter: "(member={dn})"
|
|
# The attribute holding the name of the group.
|
|
attributes:
|
|
display_name: displayName
|
|
username: uid
|
|
group_name: cn
|
|
mail: mail
|
|
# distinguished_name: distinguishedName
|
|
# member_of: memberOf
|
|
|
|
# The username and password of the bind user.
|
|
# "bind_user" should be the username you created for authentication with the "lldap_strict_readonly" permission. It is not recommended to use an actual admin account here.
|
|
# If you are configuring Authelia to change user passwords, then the account used here needs the "lldap_password_manager" permission instead.
|
|
user: uid=bind_user,ou=people,dc=example,dc=com
|
|
# Password can also be set using a secret: https://www.authelia.com/docs/configuration/secrets.html
|
|
password: 'REPLACE_ME'
|