forked from milux/ctldap
-
Notifications
You must be signed in to change notification settings - Fork 2
/
ctldap.example.config
60 lines (53 loc) · 3.02 KB
/
ctldap.example.config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
; Add debug infos to log
debug=false
; This is required for clients using lowercase DNs, e.g. ownCloud/nextCloud
dn_lower_case=true
; This is required for clients that need lowercase email addresses, e.g. Seafile
email_lower_case=true
; LDAP admin user, can be a "virtual" root user or a ChurchTools user name (virtual root is recommended!)
ldap_user=root
; The static password to be used for the ldap_user if it is NOT a CT account, or the account password of the chosen user otherwise
; If you did not use install.sh, choose a LONG SECURE RANDOM password from a password generator like KeePass!
ldap_password=XXXXXXXXXXXXXXXXXXXX
; If set to true, treat ldap_password as a bcrypt hash and compare against it
;ldap_password_bcrypt=true
; LDAP server ip to listen on, change it to 0.0.0.0 when external access required
; When you use the iptables_port setting, the port forwarding is stil installed on the eth0 card
ldap_ip=127.0.0.1
; LDAP server port
ldap_port=1389
; The ctldap.sh service script will try to read this and setup an iptables NAT rule on interface eth0 from iptables_port to ldap_port if it is set
iptables_port=389
; LDAP base DN o=xxx, e.g. churchtools
ldap_base_dn=churchtools
; The URI pointing to the root of your ChurchTools installation
ct_uri=https://mysite.church.tools/
; This user credentials are used to authenticate against ChurchTools for API access
; The user must be granted "churchcore:administer persons" and "churchdb:view" rights for the wrapper to work properly!
; IMPORTANT: It is strongly recommended to use a LONG SECURE RANDOM password from a generator like KeePass for this user!
api_user=XXXXXXXXXXXXXXXXXXXX
api_password=XXXXXXXXXXXXXXXXXXXX
; This controls (in milliseconds) how old the user/group data can be until it is fetched from ChurchTools again
cache_lifetime=10000
; To use SSL/TLS, provide file names for x509 certificate and key here
; Use this command to create a private key and a certificate:
; openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365
; Use this command to remove the encryption password:
; openssl rsa -in key.pem -out newkey.pem && mv newkey.pem key.pem
; ldap_cert_filename=cert.pem
; ldap_key_filename=key.pem
; Define the sites here. For each site please enter one section.
; The section title has to be in the format sites.<ldap_base_dn>, e.g. "sites.foobar",
; where foobar is the organisation, as in the instance foobar.church.tools .
; ldap_password_bcrypt is optional, if not specified, the default value will be taken from the config above
; dn_lower_case is optional, if not specified, the default value will be taken from the config above
; email_lower_case is optional, if not specified, the default value will be taken from the config above
; If ldap_base_dn is set above, the setting above are treated as an additional site.
;[sites.XXXXXXXXXXXXXXXXXXXX]
;ldap_password=XXXXXXXXXXXXXXXXXXXX
;ldap_password_bcrypt=true
;ct_uri=https://XXXXXXXXXXXXXXXXXXXX.church.tools/
;api_user=XXXXXXXXXXXXXXXXXXXX
;api_password=XXXXXXXXXXXXXXXXXXXX
;dn_lower_case=true
;email_lower_case=true