Refactor LDAP config
* Move credentials to ENV vars in prod * Use same configs in dev and prod * Make UID attribute and admin DN configurable
This commit is contained in:
parent
d56edb34f1
commit
3d8619532b
GPG Key ID:
37036C356E56CC51
@ -29,8 +29,12 @@
|
|||||||
|
|
||||||
# LDAP_HOST=localhost
|
# LDAP_HOST=localhost
|
||||||
# LDAP_PORT=389
|
# LDAP_PORT=389
|
||||||
|
# LDAP_USE_TLS=false
|
||||||
|
# LDAP_UID_ATTR=cn
|
||||||
|
# LDAP_BASE="ou=kosmos.org,cn=users,dc=kosmos,dc=org"
|
||||||
|
# LDAP_ADMIN_USER="cn=Directory Manager"
|
||||||
# LDAP_ADMIN_PASSWORD=passthebutter
|
# LDAP_ADMIN_PASSWORD=passthebutter
|
||||||
# LDAP_SUFFIX='dc=kosmos,dc=org'
|
# LDAP_SUFFIX="dc=kosmos,dc=org"
|
||||||
|
|
||||||
# REDIS_URL='redis://localhost:6379/1'
|
# REDIS_URL='redis://localhost:6379/1'
|
||||||
|
|
||||||
|
|||||||
@ -1 +1 @@
|
|||||||
pTOEEjM0gYLPEE4tjwB6jgnRc08rIgV0d0IkhpalH35eRaXnSKi9WefNQEC/5eM9UwcR1idtFoXyVfIN9/DVxcO7fZ6iBevSCy3yjk4Rx9oxJmt7jy6TV7QGMVm0HsCCOL0jdaZywhOlCrKPng/0SbPWST4PLPuG5rJeW8mIEXMijiQmOW7BbjQUaG3JOUPEdOBftRsDwGn7Ftrr2poxzw7q/i+RcLbklscjz9VfdfemI7z41i/yMVrsg6RPMG3kPjfPv8G8MCYJe1wX82qQZ9FcyfvIdXUx2T8iN1tDpxCNQTR/uVuvmTqVxHosXn2rOVuXauirRx2+4T8BYR4VSNeN+8nwn30eusRm1e4tXrh+Pu1Fo2xVM8/kuDETQnKI5Of6sxYf0/5eAasfkzDlaoqWd9H/0R8vpCrzJ6AUg4vn01VB0r8mTrKYOdctsM3pfq5bnjPUKLGhF/zwUJEWf8baOQabOiMGdklsHLH0kqjKp+je4g7qsCezGYpMIHUnsohgz01XYzC0KC6ZYef3wa2cGM+jMjfumg==--5w+zgJ6GMYtFOSaY--GK6bjOJXO0CYCR+SkyE2mA==
|
wVGTGBCsJ2bLSXxn/cYKcYyljVARvZGhi2gOQbiJy/r3Ia4gUmurlKFFKF0m6wmUMIlj+W11Mvu4at3c5h9fzODeIJ+EwkbwLcO8KECUyuXwVxVm2sH2TixWRwhyokT+UwS8J5c7lJTgmFAPlZiRQ+YyrqmhyPzq1fEdErk3btsWNPpJpOsdv1YPBCFFN96zMfY8h+Ttr53a9S58h+fwA+ZF5ePVqeIpJshQ+21UjUIKb5qSLEIECsarI/QJDMQwyKcvYiOEPny8nZL/7bE9TxBgC7v6UnsN+ZXVUB36aw7LOPj+21NVIdWjwOgHYRK1H2Co+stS8bDieuqV29iTTL+F8afHm/6yRc7EAtfKJe3nWf4woI+hHw7p7g/6t451F4nv9Nu1Mmt6YvJjzbSIDbf6Q6yfuYyRAv7uZdXrfsezjyhTDNGQ/SgBDpQ7CUzRoruc--0WsH7dH/QP2Hzvya--8eFWc0g5dVAvrPhC5JpO5Q==
|
||||||
@ -45,7 +45,7 @@ Devise.setup do |config|
|
|||||||
# Configure the e-mail address which will be shown in Devise::Mailer,
|
# Configure the e-mail address which will be shown in Devise::Mailer,
|
||||||
# note that it will be overwritten if you use your own mailer class
|
# note that it will be overwritten if you use your own mailer class
|
||||||
# with default "from" parameter.
|
# with default "from" parameter.
|
||||||
config.mailer_sender = 'accounts@kosmos.org'
|
config.mailer_sender = ENV["SMTP_FROM_ADDRESS"] || 'accounts@localhost'
|
||||||
|
|
||||||
# Configure the class responsible to send e-mails.
|
# Configure the class responsible to send e-mails.
|
||||||
# config.mailer = 'Devise::Mailer'
|
# config.mailer = 'Devise::Mailer'
|
||||||
|
|||||||
@ -28,11 +28,11 @@ authorizations: &AUTHORIZATIONS
|
|||||||
development:
|
development:
|
||||||
host: <%= ENV["LDAP_HOST"] || "localhost" %>
|
host: <%= ENV["LDAP_HOST"] || "localhost" %>
|
||||||
port: <%= ENV["LDAP_PORT"] || "389" %>
|
port: <%= ENV["LDAP_PORT"] || "389" %>
|
||||||
attribute: cn
|
|
||||||
base: <%= ENV["LDAP_BASE"] || "ou=kosmos.org,cn=users,dc=kosmos,dc=org" %>
|
|
||||||
admin_user: "cn=Directory Manager"
|
|
||||||
admin_password: <%= ENV["LDAP_ADMIN_PASSWORD"] %>
|
|
||||||
ssl: <%= ENV["LDAP_USE_TLS"] || "false" %>
|
ssl: <%= ENV["LDAP_USE_TLS"] || "false" %>
|
||||||
|
attribute: <%= ENV["LDAP_UID_ATTR"] || "cn" %>
|
||||||
|
base: <%= ENV["LDAP_BASE"] || "ou=kosmos.org,cn=users,dc=kosmos,dc=org" %>
|
||||||
|
admin_user: <%= ENV["LDAP_ADMIN_USER"] || "cn=Directory Manager" %>
|
||||||
|
admin_password: <%= ENV["LDAP_ADMIN_PASSWORD"] %>
|
||||||
# <<: *AUTHORIZATIONS
|
# <<: *AUTHORIZATIONS
|
||||||
|
|
||||||
test:
|
test:
|
||||||
@ -46,11 +46,11 @@ test:
|
|||||||
# <<: *AUTHORIZATIONS
|
# <<: *AUTHORIZATIONS
|
||||||
|
|
||||||
production:
|
production:
|
||||||
host: ldap.kosmos.local
|
host: <%= ENV["LDAP_HOST"] || "localhost" %>
|
||||||
port: 389
|
port: <%= ENV["LDAP_PORT"] || "389" %>
|
||||||
attribute: cn
|
ssl: <%= ENV["LDAP_USE_TLS"] || "false" %>
|
||||||
base: ou=kosmos.org,cn=users,dc=kosmos,dc=org
|
attribute: <%= ENV["LDAP_UID_ATTR"] || "cn" %>
|
||||||
admin_user: <%= Rails.application.credentials.ldap[:username] rescue nil %>
|
base: <%= ENV["LDAP_BASE"] || "ou=kosmos.org,cn=users,dc=kosmos,dc=org" %>
|
||||||
admin_password: <%= Rails.application.credentials.ldap[:password] rescue nil %>
|
admin_user: <%= ENV["LDAP_ADMIN_USER"] || "cn=Directory Manager" %>
|
||||||
# ssl: false
|
admin_password: <%= ENV["LDAP_ADMIN_PASSWORD"] %>
|
||||||
# <<: *AUTHORIZATIONS
|
# <<: *AUTHORIZATIONS
|
||||||
|
|||||||
@ -44,15 +44,14 @@ services:
|
|||||||
LDAP_HOST: ldap
|
LDAP_HOST: ldap
|
||||||
LDAP_PORT: 3389
|
LDAP_PORT: 3389
|
||||||
LDAP_ADMIN_PASSWORD: passthebutter
|
LDAP_ADMIN_PASSWORD: passthebutter
|
||||||
LDAP_USE_TLS: "false"
|
|
||||||
REDIS_URL: redis://redis:6379/0
|
REDIS_URL: redis://redis:6379/0
|
||||||
ACTIVE_STORAGE_PATH: "/akkounts/tmp/attachments"
|
ACTIVE_STORAGE_PATH: /akkounts/tmp/attachments
|
||||||
RS_REDIS_URL: redis://redis:6379/1
|
RS_REDIS_URL: redis://redis:6379/1
|
||||||
RS_STORAGE_URL: "http://localhost:4567"
|
RS_STORAGE_URL: http://localhost:4567
|
||||||
S3_ENABLED: false
|
S3_ENABLED: false
|
||||||
NOSTR_PUBLIC_KEY: bdd76ce2934b2f591f9fad2ebe9da18f20d2921de527494ba00eeaa0a0efadcf
|
NOSTR_PUBLIC_KEY: bdd76ce2934b2f591f9fad2ebe9da18f20d2921de527494ba00eeaa0a0efadcf
|
||||||
NOSTR_PRIVATE_KEY: 7c3ef7e448505f0615137af38569d01807d3b05b5005d5ecf8aaafcd40323cea
|
NOSTR_PRIVATE_KEY: 7c3ef7e448505f0615137af38569d01807d3b05b5005d5ecf8aaafcd40323cea
|
||||||
NOSTR_RELAY_URL: "ws://strfry:7777"
|
NOSTR_RELAY_URL: ws://strfry:7777
|
||||||
depends_on:
|
depends_on:
|
||||||
- ldap
|
- ldap
|
||||||
- redis
|
- redis
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user