Râu Cao
3d8619532b
* Move credentials to ENV vars in prod * Use same configs in dev and prod * Make UID attribute and admin DN configurable
57 lines
2.3 KiB
YAML
57 lines
2.3 KiB
YAML
## Authorizations
|
|
# Uncomment out the merging for each environment that you'd like to include.
|
|
# You can also just copy and paste the tree (do not include the "authorizations") to each
|
|
# environment if you need something different per environment.
|
|
authorizations: &AUTHORIZATIONS
|
|
allow_unauthenticated_bind: false
|
|
# group_base: ou=groups,dc=test,dc=com
|
|
## Requires config.ldap_check_group_membership in devise.rb be true
|
|
# Can have multiple values, must match all to be authorized
|
|
# required_groups:
|
|
# If only a group name is given, membership will be checked against "uniqueMember"
|
|
# - cn=admins,ou=groups,dc=test,dc=com
|
|
# - cn=users,ou=groups,dc=test,dc=com
|
|
# If an array is given, the first element will be the attribute to check against, the second the group name
|
|
# - ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"]
|
|
## Requires config.ldap_check_attributes in devise.rb to be true
|
|
## Can have multiple attributes and values, must match all to be authorized
|
|
# require_attribute:
|
|
# objectClass: inetOrgPerson
|
|
# authorizationRole: postsAdmin
|
|
## Requires config.ldap_check_attributes_presence in devise.rb to be true
|
|
## Can have multiple attributes set to true or false to check presence, all must match all to be authorized
|
|
require_attribute_presence:
|
|
mail: true
|
|
|
|
## Environment
|
|
|
|
development:
|
|
host: <%= ENV["LDAP_HOST"] || "localhost" %>
|
|
port: <%= ENV["LDAP_PORT"] || "389" %>
|
|
ssl: <%= ENV["LDAP_USE_TLS"] || "false" %>
|
|
attribute: <%= ENV["LDAP_UID_ATTR"] || "cn" %>
|
|
base: <%= ENV["LDAP_BASE"] || "ou=kosmos.org,cn=users,dc=kosmos,dc=org" %>
|
|
admin_user: <%= ENV["LDAP_ADMIN_USER"] || "cn=Directory Manager" %>
|
|
admin_password: <%= ENV["LDAP_ADMIN_PASSWORD"] %>
|
|
# <<: *AUTHORIZATIONS
|
|
|
|
test:
|
|
host: localhost
|
|
port: 3389
|
|
attribute: cn
|
|
base: ou=kosmos.org,cn=users,dc=kosmos,dc=org
|
|
admin_user: "cn=Directory Manager"
|
|
admin_password: adminpass
|
|
# ssl: false
|
|
# <<: *AUTHORIZATIONS
|
|
|
|
production:
|
|
host: <%= ENV["LDAP_HOST"] || "localhost" %>
|
|
port: <%= ENV["LDAP_PORT"] || "389" %>
|
|
ssl: <%= ENV["LDAP_USE_TLS"] || "false" %>
|
|
attribute: <%= ENV["LDAP_UID_ATTR"] || "cn" %>
|
|
base: <%= ENV["LDAP_BASE"] || "ou=kosmos.org,cn=users,dc=kosmos,dc=org" %>
|
|
admin_user: <%= ENV["LDAP_ADMIN_USER"] || "cn=Directory Manager" %>
|
|
admin_password: <%= ENV["LDAP_ADMIN_PASSWORD"] %>
|
|
# <<: *AUTHORIZATIONS
|