57 lines
2.0 KiB
YAML
57 lines
2.0 KiB
YAML
## Authorizations
|
|
# Uncomment out the merging for each environment that you'd like to include.
|
|
# You can also just copy and paste the tree (do not include the "authorizations") to each
|
|
# environment if you need something different per environment.
|
|
authorizations: &AUTHORIZATIONS
|
|
allow_unauthenticated_bind: false
|
|
# group_base: ou=groups,dc=test,dc=com
|
|
## Requires config.ldap_check_group_membership in devise.rb be true
|
|
# Can have multiple values, must match all to be authorized
|
|
# required_groups:
|
|
# If only a group name is given, membership will be checked against "uniqueMember"
|
|
# - cn=admins,ou=groups,dc=test,dc=com
|
|
# - cn=users,ou=groups,dc=test,dc=com
|
|
# If an array is given, the first element will be the attribute to check against, the second the group name
|
|
# - ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"]
|
|
## Requires config.ldap_check_attributes in devise.rb to be true
|
|
## Can have multiple attributes and values, must match all to be authorized
|
|
# require_attribute:
|
|
# objectClass: inetOrgPerson
|
|
# authorizationRole: postsAdmin
|
|
## Requires config.ldap_check_attributes_presence in devise.rb to be true
|
|
## Can have multiple attributes set to true or false to check presence, all must match all to be authorized
|
|
require_attribute_presence:
|
|
mail: true
|
|
|
|
## Environment
|
|
|
|
development:
|
|
host: 192.168.56.5
|
|
port: 389
|
|
attribute: cn
|
|
base: ou=kosmos.org,cn=users,dc=kosmos,dc=org
|
|
admin_user: "cn=Directory Manager"
|
|
admin_password: localpass
|
|
# ssl: false
|
|
# <<: *AUTHORIZATIONS
|
|
|
|
test:
|
|
host: localhost
|
|
port: 3389
|
|
attribute: cn
|
|
base: ou=kosmos.org,cn=users,dc=kosmos,dc=org
|
|
admin_user: "cn=Directory Manager"
|
|
admin_password: adminpass
|
|
# ssl: false
|
|
# <<: *AUTHORIZATIONS
|
|
|
|
production:
|
|
host: ldap.kosmos.org
|
|
port: 636
|
|
attribute: cn
|
|
base: ou=kosmos.org,cn=users,dc=kosmos,dc=org
|
|
admin_user: <%= Rails.application.credentials.ldap[:username] rescue nil %>
|
|
admin_password: <%= Rails.application.credentials.ldap[:password] rescue nil %>
|
|
ssl: simple_tls
|
|
# <<: *AUTHORIZATIONS
|