|
|
@@ -429,41 +429,43 @@ services:
|
|
|
# Note: Do not add single quotes '' to variables. Having spaces still works without quotes where required.
|
|
|
#
|
|
|
# The default authentication method used if a user does not exist to create and authenticate. Can be set as ldap.
|
|
|
- - DEFAULT_AUTHENTICATION_METHOD=ldap
|
|
|
+ #- DEFAULT_AUTHENTICATION_METHOD=ldap
|
|
|
#
|
|
|
# Enable or not the connection by the LDAP
|
|
|
- - LDAP_ENABLE=true
|
|
|
+ #- LDAP_ENABLE=true
|
|
|
#
|
|
|
# The port of the LDAP server
|
|
|
- - LDAP_PORT=636
|
|
|
+ #- LDAP_PORT=389
|
|
|
#
|
|
|
# The host server for the LDAP server
|
|
|
- - LDAP_HOST=win100a002.verband.creditreform.de
|
|
|
-
|
|
|
+ #- LDAP_HOST=localhost
|
|
|
+ #
|
|
|
+ # set to true, if you want to connect with Active Directory by Simple Authentication
|
|
|
- LDAP_AD_SIMPLE_AUTH=true
|
|
|
+ #
|
|
|
+ # set to true, if the login user is used for binding
|
|
|
- LDAP_USER_AUTHENTICATION=true
|
|
|
#
|
|
|
# The base DN for the LDAP Tree
|
|
|
- - LDAP_BASEDN=OU=Benutzer,dc=verband,dc=creditreform,dc=de
|
|
|
- #- LDAP_BASEDN=dc=verband,dc=creditreform,dc=de
|
|
|
+ #- LDAP_BASEDN=ou=user,dc=example,dc=org
|
|
|
#
|
|
|
# Fallback on the default authentication method
|
|
|
- - LDAP_LOGIN_FALLBACK=true
|
|
|
+ #- LDAP_LOGIN_FALLBACK=false
|
|
|
#
|
|
|
# Reconnect to the server if the connection is lost
|
|
|
- - LDAP_RECONNECT=true
|
|
|
+ #- LDAP_RECONNECT=true
|
|
|
#
|
|
|
# Overall timeout, in milliseconds
|
|
|
- - LDAP_TIMEOUT=10000
|
|
|
+ #- LDAP_TIMEOUT=10000
|
|
|
#
|
|
|
# Specifies the timeout for idle LDAP connections in milliseconds
|
|
|
- - LDAP_IDLE_TIMEOUT=10000
|
|
|
+ #- LDAP_IDLE_TIMEOUT=10000
|
|
|
#
|
|
|
# Connection timeout, in milliseconds
|
|
|
- - LDAP_CONNECT_TIMEOUT=10000
|
|
|
+ #- LDAP_CONNECT_TIMEOUT=10000
|
|
|
#
|
|
|
# If the LDAP needs a user account to search
|
|
|
- - LDAP_AUTHENTIFICATION=true
|
|
|
+ #- LDAP_AUTHENTIFICATION=true
|
|
|
#
|
|
|
# The search user DN - You need quotes when you have spaces in parameters
|
|
|
# 2 examples:
|
|
|
@@ -471,24 +473,25 @@ services:
|
|
|
#- LDAP_AUTHENTIFICATION_USERDN=CN=wekan_adm,OU=serviceaccounts,OU=admin,OU=prod,DC=mydomain,DC=com
|
|
|
#
|
|
|
# The password for the search user
|
|
|
- #- LDAP_AUTHENTIFICATION_PASSWORD=
|
|
|
+ #- LDAP_AUTHENTIFICATION_PASSWORD=pwd
|
|
|
#
|
|
|
# Enable logs for the module
|
|
|
- - LDAP_LOG_ENABLED=true
|
|
|
- - INTERNAL_LOG_LEVEL=DEBUG
|
|
|
+ #- LDAP_LOG_ENABLED=true
|
|
|
#
|
|
|
# If the sync of the users should be done in the background
|
|
|
- - LDAP_BACKGROUND_SYNC=false
|
|
|
+ #- LDAP_BACKGROUND_SYNC=false
|
|
|
#
|
|
|
- # At which interval does the background task sync in milliseconds
|
|
|
- - LDAP_BACKGROUND_SYNC_INTERVAL=2000
|
|
|
+ # At which interval does the background task sync.
|
|
|
+ # The format must be as specified in:
|
|
|
+ # https://bunkat.github.io/later/parsers.html#text
|
|
|
+ #- LDAP_BACKGROUND_SYNC_INTERVAL='every 1 hour'
|
|
|
#
|
|
|
- - LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true
|
|
|
+ #- LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false
|
|
|
#
|
|
|
- - LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true
|
|
|
+ #- LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false
|
|
|
#
|
|
|
- # If using LDAPS: LDAP_ENCRYPTION=ssl / none
|
|
|
- - LDAP_ENCRYPTION=ssl
|
|
|
+ # If using LDAPS: LDAP_ENCRYPTION=ssl
|
|
|
+ #- LDAP_ENCRYPTION=false
|
|
|
#
|
|
|
# The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file.
|
|
|
#- LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+G2FIdAgIC...-----END CERTIFICATE-----
|
|
|
@@ -503,83 +506,86 @@ services:
|
|
|
#- LDAP_USER_AUTHENTICATION_FIELD=uid
|
|
|
#
|
|
|
# Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
|
|
|
- - LDAP_USER_SEARCH_FILTER=(objectClass=user)
|
|
|
+ #- LDAP_USER_SEARCH_FILTER=
|
|
|
#
|
|
|
# base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree)
|
|
|
- - LDAP_USER_SEARCH_SCOPE=one
|
|
|
+ #- LDAP_USER_SEARCH_SCOPE=one
|
|
|
#
|
|
|
# Which field is used to find the user, like uid / sAMAccountName
|
|
|
- - LDAP_USER_SEARCH_FIELD=sAMAccountName
|
|
|
+ #- LDAP_USER_SEARCH_FIELD=sAMAccountName
|
|
|
#
|
|
|
# Used for pagination (0=unlimited)
|
|
|
- - LDAP_SEARCH_PAGE_SIZE=0
|
|
|
+ #- LDAP_SEARCH_PAGE_SIZE=0
|
|
|
#
|
|
|
# The limit number of entries (0=unlimited)
|
|
|
- - LDAP_SEARCH_SIZE_LIMIT=0
|
|
|
+ #- LDAP_SEARCH_SIZE_LIMIT=0
|
|
|
#
|
|
|
- # Enable group filtering
|
|
|
- - LDAP_GROUP_FILTER_ENABLE=false
|
|
|
+ # Enable group filtering. Note the authenticated ldap user must be able to query all relevant group data with own login data from ldap.
|
|
|
+ #- LDAP_GROUP_FILTER_ENABLE=false
|
|
|
#
|
|
|
# The object class for filtering. Example: group
|
|
|
- # - LDAP_GROUP_FILTER_OBJECTCLASS=person
|
|
|
+ #- LDAP_GROUP_FILTER_OBJECTCLASS=
|
|
|
#
|
|
|
- # - LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=cn
|
|
|
+ # The attribute of a group identifying it. Example: cn
|
|
|
+ #- LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=
|
|
|
#
|
|
|
- # - LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=
|
|
|
+ # The attribute inside a group object listing its members. Example: member
|
|
|
+ #- LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=
|
|
|
#
|
|
|
# The format of the value of LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE. Example: 'dn' if the users dn is saved as value into the attribute.
|
|
|
#- LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=
|
|
|
#
|
|
|
- # - LDAP_GROUP_FILTER_GROUP_NAME=
|
|
|
+ # The group name (id) that matches all users.
|
|
|
+ #- LDAP_GROUP_FILTER_GROUP_NAME=
|
|
|
#
|
|
|
# LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier). Example: guid
|
|
|
- # - LDAP_UNIQUE_IDENTIFIER_FIELD=
|
|
|
+ #- LDAP_UNIQUE_IDENTIFIER_FIELD=
|
|
|
#
|
|
|
# LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8
|
|
|
#- LDAP_UTF8_NAMES_SLUGIFY=true
|
|
|
#
|
|
|
# LDAP_USERNAME_FIELD : Which field contains the ldap username. username / sAMAccountName
|
|
|
- - LDAP_USERNAME_FIELD=sAMAccountName
|
|
|
+ #- LDAP_USERNAME_FIELD=sAMAccountName
|
|
|
#
|
|
|
# LDAP_FULLNAME_FIELD : Which field contains the ldap fullname. fullname / sAMAccountName
|
|
|
- - LDAP_FULLNAME_FIELD=cn
|
|
|
+ #- LDAP_FULLNAME_FIELD=fullname
|
|
|
#
|
|
|
- - LDAP_MERGE_EXISTING_USERS=true
|
|
|
+ #- LDAP_MERGE_EXISTING_USERS=false
|
|
|
#
|
|
|
# Allow existing account matching by e-mail address when username does not match
|
|
|
- - LDAP_EMAIL_MATCH_ENABLE=true
|
|
|
+ #- LDAP_EMAIL_MATCH_ENABLE=true
|
|
|
#
|
|
|
# LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match
|
|
|
- - LDAP_EMAIL_MATCH_REQUIRE=false
|
|
|
+ #- LDAP_EMAIL_MATCH_REQUIRE=true
|
|
|
#
|
|
|
# LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching
|
|
|
- - LDAP_EMAIL_MATCH_VERIFIED=false
|
|
|
+ #- LDAP_EMAIL_MATCH_VERIFIED=true
|
|
|
#
|
|
|
# LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address
|
|
|
- - LDAP_EMAIL_FIELD=mail
|
|
|
+ #- LDAP_EMAIL_FIELD=mail
|
|
|
#-----------------------------------------------------------------
|
|
|
- - LDAP_SYNC_USER_DATA=true
|
|
|
+ #- LDAP_SYNC_USER_DATA=false
|
|
|
#
|
|
|
- - LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"}
|
|
|
+ #- LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"}
|
|
|
#
|
|
|
#- LDAP_SYNC_GROUP_ROLES=
|
|
|
#
|
|
|
# The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
|
|
|
# example :
|
|
|
- - LDAP_DEFAULT_DOMAIN=verband.creditreform.de
|
|
|
+ #- LDAP_DEFAULT_DOMAIN=mydomain.com
|
|
|
#
|
|
|
# Enable/Disable syncing of admin status based on ldap groups:
|
|
|
- - LDAP_SYNC_ADMIN_STATUS=false
|
|
|
+ #- LDAP_SYNC_ADMIN_STATUS=true
|
|
|
#
|
|
|
# Comma separated list of admin group names to sync.
|
|
|
#- LDAP_SYNC_ADMIN_GROUPS=group1,group2
|
|
|
#---------------------------------------------------------------------
|
|
|
# Login to LDAP automatically with HTTP header.
|
|
|
# In below example for siteminder, at right side of = is header name.
|
|
|
- #- HEADER_LOGIN_ID=BNPPUID
|
|
|
- #- HEADER_LOGIN_FIRSTNAME=BNPPFIRSTNAME
|
|
|
- #- HEADER_LOGIN_LASTNAME=BNPPLASTNAME
|
|
|
- #- HEADER_LOGIN_EMAIL=BNPPEMAILADDRESS
|
|
|
+ #- HEADER_LOGIN_ID=HEADERUID
|
|
|
+ #- HEADER_LOGIN_FIRSTNAME=HEADERFIRSTNAME
|
|
|
+ #- HEADER_LOGIN_LASTNAME=HEADERLASTNAME
|
|
|
+ #- HEADER_LOGIN_EMAIL=HEADEREMAILADDRESS
|
|
|
#---------------------------------------------------------------------
|
|
|
# ==== LOGOUT TIMER, probably does not work yet ====
|
|
|
# LOGOUT_WITH_TIMER : Enables or not the option logout with timer
|
Stefan Maaßen