2021-06-30 14:54:33 +00:00
|
|
|
## Default configuration for Docker.
|
2021-10-20 07:12:41 +00:00
|
|
|
## All the values can be overridden through environment variables, prefixed
|
|
|
|
## with "LLDAP_". For instance, "ldap_port" can be overridden with the
|
|
|
|
## "LLDAP_LDAP_PORT" variable.
|
2021-06-30 14:54:33 +00:00
|
|
|
|
|
|
|
## The port on which to have the LDAP server.
|
|
|
|
#ldap_port = 3890
|
|
|
|
|
|
|
|
## The port on which to have the HTTP server, for user login and
|
|
|
|
## administration.
|
|
|
|
#http_port = 17170
|
|
|
|
|
2021-11-21 17:30:24 +00:00
|
|
|
## The public URL of the server, for password reset links.
|
|
|
|
#http_url = "http://localhost"
|
|
|
|
|
2021-06-30 14:54:33 +00:00
|
|
|
## Random secret for JWT signature.
|
|
|
|
## This secret should be random, and should be shared with application
|
|
|
|
## servers that need to consume the JWTs.
|
|
|
|
## Changing this secret will invalidate all user sessions and require
|
|
|
|
## them to re-login.
|
2021-10-20 07:12:41 +00:00
|
|
|
## You should probably set it through the LLDAP_JWT_SECRET environment
|
2021-06-30 14:54:33 +00:00
|
|
|
## variable from a secret ".env" file.
|
2021-11-25 19:09:58 +00:00
|
|
|
## This can also be set from a file's contents by specifying the file path
|
|
|
|
## in the LLDAP_JWT_SECRET_FILE environment variable
|
2021-06-30 14:54:33 +00:00
|
|
|
## You can generate it with (on linux):
|
|
|
|
## LC_ALL=C tr -dc 'A-Za-z0-9!"#%&'\''()*+,-./:;<=>?@[\]^_{|}~' </dev/urandom | head -c 32; echo ''
|
|
|
|
#jwt_secret = "REPLACE_WITH_RANDOM"
|
|
|
|
|
|
|
|
## Base DN for LDAP.
|
|
|
|
## This is usually your domain name, and is used as a
|
|
|
|
## namespace for your users. The choice is arbitrary, but will be needed
|
|
|
|
## to configure the LDAP integration with other services.
|
|
|
|
## The sample value is for "example.com", but you can extend it with as
|
|
|
|
## many "dc" as you want, and you don't actually need to own the domain
|
|
|
|
## name.
|
|
|
|
#ldap_base_dn = "dc=example,dc=com"
|
|
|
|
|
|
|
|
## Admin username.
|
|
|
|
## For the LDAP interface, a value of "admin" here will create the LDAP
|
2021-10-20 13:22:42 +00:00
|
|
|
## user "cn=admin,ou=people,dc=example,dc=com" (with the base DN above).
|
2021-06-30 14:54:33 +00:00
|
|
|
## For the administration interface, this is the username.
|
|
|
|
#ldap_user_dn = "admin"
|
|
|
|
|
|
|
|
## Admin password.
|
|
|
|
## Password for the admin account, both for the LDAP bind and for the
|
2021-10-23 16:01:35 +00:00
|
|
|
## administration interface. It is only used when initially creating
|
|
|
|
## the admin user.
|
2021-10-07 16:20:50 +00:00
|
|
|
## It should be minimum 8 characters long.
|
2021-10-20 07:12:41 +00:00
|
|
|
## You can set it with the LLDAP_LDAP_USER_PASS environment variable.
|
2021-11-25 19:09:58 +00:00
|
|
|
## This can also be set from a file's contents by specifying the file path
|
|
|
|
## in the LLDAP_USER_PASS_FILE environment variable
|
2021-10-23 16:01:35 +00:00
|
|
|
## Note: you can create another admin user for user administration, this
|
2021-06-30 14:54:33 +00:00
|
|
|
## is just the default one.
|
|
|
|
#ldap_user_pass = "REPLACE_WITH_PASSWORD"
|
|
|
|
|
|
|
|
## Database URL.
|
|
|
|
## This encodes the type of database (SQlite, Mysql and so
|
|
|
|
## on), the path, the user, password, and sometimes the mode (when
|
|
|
|
## relevant).
|
|
|
|
## Note: Currently, only SQlite is supported. SQlite should come with
|
|
|
|
## "?mode=rwc" to create the DB if not present.
|
|
|
|
## Example URLs:
|
|
|
|
## - "postgres://postgres-user:password@postgres-server/my-database"
|
|
|
|
## - "mysql://mysql-user:password@mysql-server/my-database"
|
|
|
|
##
|
|
|
|
## This can be overridden with the DATABASE_URL env variable.
|
|
|
|
database_url = "sqlite:///data/users.db?mode=rwc"
|
|
|
|
|
|
|
|
## Private key file.
|
|
|
|
## Contains the secret private key used to store the passwords safely.
|
|
|
|
## Note that even with a database dump and the private key, an attacker
|
|
|
|
## would still have to perform an (expensive) brute force attack to find
|
|
|
|
## each password.
|
|
|
|
## Randomly generated on first run if it doesn't exist.
|
|
|
|
key_file = "/data/private_key"
|
2021-11-03 08:09:19 +00:00
|
|
|
|
|
|
|
## Options to configure SMTP parameters, to send password reset emails.
|
|
|
|
## To set these options from environment variables, use the following format
|
|
|
|
## (example with "password"): LLDAP_SMTP_OPTIONS__PASSWORD
|
|
|
|
#[smtp_options]
|
|
|
|
## Whether to enabled password reset via email, from LLDAP.
|
|
|
|
#enable_password_reset=true
|
|
|
|
## The SMTP server.
|
|
|
|
#server="smtp.gmail.com"
|
|
|
|
## The SMTP port.
|
|
|
|
#port=587
|
|
|
|
## Whether to connect with TLS.
|
|
|
|
#tls_required=true
|
|
|
|
## The SMTP user, usually your email address.
|
|
|
|
#user="sender@gmail.com"
|
|
|
|
## The SMTP password.
|
|
|
|
#password="password"
|
|
|
|
## The header field, optional: how the sender appears in the email. The first
|
|
|
|
## is a free-form name, followed by an email between <>.
|
|
|
|
#from="LLDAP Admin <sender@gmail.com>"
|
|
|
|
## Same for reply-to, optional.
|
|
|
|
#reply_to="Do not reply <noreply@localhost>"
|