mirror of
https://github.com/YunoHost-Apps/kimai2_ynh.git
synced 2024-09-03 19:26:26 +02:00
* fix
* fix
* Update install
* Update _common.sh
* Update upgrade
* Update upgrade
* Update upgrade
* Update upgrade
* Update upgrade
* Update _common.sh
* Revert "Update _common.sh"
This reverts commit 26b1b8c618
.
* Update upgrade
* Update .env
* Update _common.sh
* Update nginx.conf
* Update manifest.json
* Update install
* Update upgrade
* Update .env
* Update check_process
* Update upgrade
* Update upgrade
* Update upgrade
* Update scripts/install
Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org>
* Update scripts/upgrade
Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org>
* Fix upgrading (#80)
* Auto-update README
* Update local.yaml
Remove duplicate security block
* Update upgrade
Doing a hard cache flush for major upgrade
* Update upgrade
Fix syntax
* Update upgrade
Use ynh_secure_remove
* Update upgrade
Remove local.yaml for major version upgrade
* Update upgrade
No loading from cache for major upgrade
* Update upgrade
Do full replace for setup sources when major upgrade
* Update upgrade
Fix full_replace arg
* Update upgrade
cleaning
* Update upgrade
Remove obsolete source_id
---------
Co-authored-by: yunohost-bot <yunohost@yunohost.org>
---------
Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org>
Co-authored-by: CodeShakingSheep <19874562+CodeShakingSheep@users.noreply.github.com>
Co-authored-by: yunohost-bot <yunohost@yunohost.org>
156 lines
7.7 KiB
YAML
156 lines
7.7 KiB
YAML
kimai:
|
|
user:
|
|
registration: __REGISTRATION__
|
|
ldap:
|
|
activate: true
|
|
# more infos about the connection params can be found at:
|
|
# https://docs.laminas.dev/laminas-ldap/api/
|
|
connection:
|
|
# The default hostname of the LDAP server (mandatory setting).
|
|
# You can connect to multiple servers by setting their URLs like this:
|
|
# host: "ldap://ldap.example.local ldap://ldap2.example.local"
|
|
# host: "ldaps://ldap.example.local ldaps://ldap2.example.local"
|
|
host: "ldap://127.0.0.1"
|
|
|
|
# Default port for your LDAP port server
|
|
# default: 389
|
|
port: 389
|
|
|
|
# Whether or not the LDAP client should use SSL encrypted transport.
|
|
# The useSsl and useStartTls options are mutually exclusive.
|
|
# default: false
|
|
#useSsl: false
|
|
|
|
# Enable TLS negotiation (should be favoured over useSsl).
|
|
# The useSsl and useStartTls options are mutually exclusive.
|
|
# default: false
|
|
#useStartTls: false
|
|
|
|
# The default credentials username (your service account). Some servers
|
|
# require that this is given in DN form.
|
|
# It must be given in DN form if the LDAP server requires
|
|
# a DN to bind and binding should be possible with simple usernames.
|
|
# default: empty
|
|
#username:
|
|
|
|
# Password for the username (service-account) above
|
|
# default: empty
|
|
#password:
|
|
|
|
# LDAP search filter to find the user (%s will be replaced by the username).
|
|
# Should be set, to be compatible with your object structure.
|
|
# You don not need to set this filter, unless you have a very special setup
|
|
# or use Microsofts Active directory.
|
|
#
|
|
# Defaults:
|
|
# - if bindRequiresDn is false: (&(objectClass=user)(sAMAccountName=%s))
|
|
# - if bindRequiresDn is true: (&%filter%(uid=%s))
|
|
# - %filter% = empty
|
|
# accountFilterFormat = (&(usernameAttribute=%s))
|
|
# - %filter% = (&(objectClass=posixAccount))
|
|
# accountFilterFormat = (&(objectClass=posixAccount))(&(usernameAttribute=%s))
|
|
#
|
|
# %filter% is the "filter" configuration defined below in the "user" section
|
|
#accountFilterFormat: (&(objectClass=inetOrgPerson)(uid=%s))
|
|
|
|
# If true, this instructs Kimai to retrieve the DN for the account,
|
|
# used to bind if the username is not already in DN form.
|
|
# default: true
|
|
#bindRequiresDn: true
|
|
|
|
# If set to true, this option indicates to the LDAP client that
|
|
# referrals should be followed, default: false
|
|
#optReferrals: false
|
|
|
|
# for the next options please refer to:
|
|
# https://docs.laminas.dev/laminas-ldap/api/
|
|
#allowEmptyPassword: false
|
|
#tryUsernameSplit:
|
|
#networkTimeout:
|
|
#accountCanonicalForm: 3
|
|
#accountDomainName: HOST
|
|
#accountDomainNameShort: HOST
|
|
|
|
user:
|
|
# baseDn to query for users (mandatory setting).
|
|
baseDn: "ou=users, dc=yunohost, dc=org"
|
|
|
|
# Field used to match the login username in your LDAP.
|
|
# If "bindRequiresDn: false" is set, the username is used in "bind".
|
|
# Otherwise a search is executed to find the users "dn" by finding the user
|
|
# via this attribute with his "baseDn" and the "filter" below.
|
|
# default: uid
|
|
usernameAttribute: "uid"
|
|
|
|
# LDAP search base filter to find the user / the users DN.
|
|
# Do NOT include the rule (&(usernameAttribute=%s)), it will be appended
|
|
# automatically. The result of the search filter must return 1 result only.
|
|
# default: empty (results in (&(uid=%s)) with default usernameAttribute)
|
|
filter: "(&(objectClass=inetOrgPerson))"
|
|
|
|
# LDAP search base filter to find the user attributes.
|
|
# This is used for a slightly different query than the one above, which is
|
|
# used to query the users DN only.
|
|
# AD users might have too many results (Exchange activesync devices
|
|
# attributes) and therefor an incompatible result structure if not changed.
|
|
# See https://github.com/kevinpapst/kimai2/issues/875
|
|
# default: (objectClass=*)
|
|
#attributesFilter: (objectClass=Person)
|
|
|
|
# Configure the mapping between LDAP attributes and user entity
|
|
# The ldap_attr must be given in lowercase!
|
|
attributes:
|
|
# The following 2 rules are automatically prepended and can be overwritten.
|
|
# Username is set to the value of the configured "usernameAttribute" field
|
|
- { ldap_attr: "uid", user_method: setUsername }
|
|
# Only applied if you don't configure a mapping for setEmail()
|
|
- { ldap_attr: "mail", user_method: setEmail }
|
|
# An example which will set the display name in Kimai from the
|
|
# value of the "common name" field in your LDAP
|
|
- { ldap_attr: "cn", user_method: setAlias }
|
|
|
|
# You can comment the following section, if you don't want to manage
|
|
# user roles in Kimai via LDAP groups. If you want to use the group
|
|
# sync, you have to set at least the "role.baseDn" config.
|
|
# default: deactivated as "role.baseDn" is empty by default
|
|
role:
|
|
# baseDn to query for groups, MUST be set to activate the "group import"
|
|
# default: empty (deactivated)
|
|
baseDn: "ou=permission, dc=yunohost, dc=org"
|
|
|
|
# Filter to query user groups, all results will be matched against
|
|
# the configured "groups" mapping below.
|
|
# The full search filter will ALWAYS be generated like this:
|
|
# (&%filter(userDnAttribute=valueOfUsernameAttribute))
|
|
# The following example rule will be expanded to (for user "foo"):
|
|
# (&(&(objectClass=groupOfNames))(member=foo))
|
|
# default: empty
|
|
filter: "(&(objectClass=posixGroup)(cn=__APP__*))"
|
|
|
|
# The following field is taken from the LDAP user entry and its
|
|
# value is used in the filter above as "valueOfUsernameAttribute".
|
|
# The attribute must be given in lowercase!
|
|
# The example below uses "posix group style memberUid".
|
|
# default: dn
|
|
usernameAttribute: "dn"
|
|
|
|
# Field that holds the group name, which will be used to map the
|
|
# LDAP groups with Kimai roles (see groups mapping below).
|
|
# default: cn
|
|
nameAttribute: "cn"
|
|
|
|
# Field that holds the users dn in your LDAP group definition.
|
|
# Value of this configuration is used in the filter (see above).
|
|
# default: member
|
|
userDnAttribute: "inheritPermission"
|
|
|
|
# Convert LDAP group name (nameAttribute) to Kimai role
|
|
# You will very likely have to define mappings, unless your groups
|
|
# are called "teamlead", "admin" or "super_admin"
|
|
groups:
|
|
# - { ldap_value: group1, role: ROLE_TEAMLEAD }
|
|
# - { ldap_value: kimai_admin, role: ROLE_ADMIN }
|
|
- { ldap_value: "__APP__.teamlead", role: ROLE_TEAMLEAD }
|
|
- { ldap_value: "__APP__.admin", role: ROLE_ADMIN }
|
|
- { ldap_value: "__APP__.super_admin", role: ROLE_SUPER_ADMIN }
|
|
|