1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/wekan_ynh.git synced 2024-09-03 20:36:09 +02:00
wekan_ynh/conf/.env

513 lines
20 KiB
Bash
Raw Permalink Normal View History

2020-02-15 20:13:42 +01:00
# Based on start-wekan.sh
#---------------------------------------------
2019-03-06 05:05:49 +01:00
# The Node Environnement
NODE_ENV=production
2022-05-18 19:24:27 +02:00
# Writable path for temporary saving attachments during migration to Meteor-Files
# Create directory wekan-uploads
2023-03-23 08:54:45 +01:00
WRITABLE_PATH=__INSTALL_DIR__
2022-05-18 19:24:27 +02:00
# The path to NODEJS
2020-06-15 03:40:49 +02:00
__YNH_NODE_LOAD_PATH__
2020-02-15 20:13:42 +01:00
#---------------------------------------------
2019-10-03 21:42:08 +02:00
# Debug OIDC OAuth2 etc.
2019-03-06 05:05:49 +01:00
#DEBUG=true
2020-02-15 20:13:42 +01:00
#---------------------------------------------
# URL of the mongodb
2021-02-26 00:16:24 +01:00
MONGO_URL='mongodb://127.0.0.1:27017/__DB_NAME__'
2020-02-15 20:13:42 +01:00
#---------------------------------------------
2019-10-03 21:42:08 +02:00
# ROOT_URL EXAMPLES FOR WEBSERVERS: https://github.com/wekan/wekan/wiki/Settings
# Production: https://example.com/wekan
2020-02-15 20:13:42 +01:00
# Local: http://localhost:2000
2019-10-03 21:42:08 +02:00
# ipaddress=$(ifdata -pa eth0)
2021-02-26 00:16:24 +01:00
ROOT_URL='https://__DOMAIN____PATH__'
2020-02-15 20:13:42 +01:00
#---------------------------------------------
2019-10-03 21:42:08 +02:00
# Working email IS NOT REQUIRED to use Wekan.
# https://github.com/wekan/wekan/wiki/Adding-users
# https://github.com/wekan/wekan/wiki/Troubleshooting-Mail
# https://github.com/wekan/wekan-mongodb/blob/master/docker-compose.yml
2023-11-14 11:46:46 +01:00
MAIL_URL='smtp://__APP__:__MAIL_PWD__@__MAIN_DOMAIN__:25/'
MAIL_FROM='Wekan Support <__APP__@__DOMAIN__>'
2022-01-14 23:12:42 +01:00
# Currently MAIL_SERVICE is not in use.
#MAIL_SERVICE=Outlook365
2023-11-14 11:46:46 +01:00
#MAIL_SERVICE_USER=__APP__
#MAIL_SERVICE_PASSWORD=__MAIL_PWD__
2020-02-15 20:13:42 +01:00
#---------------------------------------------
#KADIRA_OPTIONS_ENDPOINT=http://127.0.0.1:11011
#---------------------------------------------
# This is local port where Wekan Node.js runs, same as below on Caddyfile settings.
2019-03-06 04:15:18 +01:00
PORT=__PORT__
2020-02-15 20:13:42 +01:00
#---------------------------------------------
2022-01-14 23:12:42 +01:00
# ==== NUMBER OF SEARCH RESULTS PER PAGE BY DEFAULT ====
#RESULTS_PER_PAGE=20
#---------------------------------------------
# Wekan Board works when WITH_API=true.
# If you disable Wekan API with false, Board does not work.
2019-03-06 05:05:49 +01:00
WITH_API='true'
2019-10-03 21:42:08 +02:00
#---------------------------------------------------------------
# ==== PASSWORD BRUTE FORCE PROTECTION ====
# https://atmospherejs.com/lucasantoniassi/accounts-lockout
# Defaults below. Uncomment to change. wekan/server/accounts-lockout.js
#ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3
#ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60
#ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15
#ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3
#ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60
#ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15
#---------------------------------------------------------------
2022-01-14 23:12:42 +01:00
# ==== ACCOUNT OPTIONS ====
# https://docs.meteor.com/api/accounts-multi.html#AccountsCommon-config
# Defaults below. Uncomment to change. wekan/server/accounts-common.js
# - ACCOUNTS_COMMON_LOGIN_EXPIRATION_IN_DAYS=90
#---------------------------------------------------------------
2019-10-03 21:42:08 +02:00
# ==== RICH TEXT EDITOR IN CARD COMMENTS ====
# https://github.com/wekan/wekan/pull/2560
RICHER_CARD_COMMENT_EDITOR=true
#---------------------------------------------------------------
# ==== CARD OPENED, SEND WEBHOOK MESSAGE ====
CARD_OPENED_WEBHOOK_ENABLED=false
#---------------------------------------------------------------
# ==== Allow to shrink attached/pasted image ====
# https://github.com/wekan/wekan/pull/2544
#MAX_IMAGE_PIXEL=1024
#IMAGE_COMPRESS_RATIO=80
#---------------------------------------------------------------
2020-04-14 21:29:34 +02:00
# ==== NOTIFICATION TRAY AFTER READ DAYS BEFORE REMOVE =====
# Number of days after a notification is read before we remove it.
# Default: 2
#- NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE=2
#---------------------------------------------------------------
2019-10-03 21:42:08 +02:00
# ==== BIGEVENTS DUE ETC NOTIFICATIONS =====
# https://github.com/wekan/wekan/pull/2541
# Introduced a system env var BIGEVENTS_PATTERN default as "NONE",
# so any activityType matches the pattern, system will send out
# notifications to all board members no matter they are watching
# or tracking the board or not. Owner of the wekan server can
# disable the feature by setting this variable to "NONE" or
# change the pattern to any valid regex. i.e. '|' delimited
# activityType names.
2022-01-14 23:12:42 +01:00
# a) Example
2019-10-03 21:42:08 +02:00
#BIGEVENTS_PATTERN=due
# b) All
#BIGEVENTS_PATTERN=received|start|due|end
# c) Disabled
BIGEVENTS_PATTERN=NONE
#---------------------------------------------------------------
2022-01-14 23:12:42 +01:00
# ==== EMAIL DUE DATE NOTIFICATION =====
2019-10-03 21:42:08 +02:00
# https://github.com/wekan/wekan/pull/2536
# System timelines will be showing any user modification for
# dueat startat endat receivedat, also notification to
# the watchers and if any card is due, about due or past due.
2022-01-14 23:12:42 +01:00
#
# Notify due days, default is None.
2019-10-03 21:42:08 +02:00
#NOTIFY_DUE_DAYS_BEFORE_AND_AFTER=2,0
# it will notify user 2 days before due day and on the due day
2022-01-14 23:12:42 +01:00
#
2019-10-03 21:42:08 +02:00
# Notify due at hour of day. Default every morning at 8am. Can be 0-23.
# If env variable has parsing error, use default. Notification sent to watchers.
2022-01-14 23:12:42 +01:00
#NOTIFY_DUE_AT_HOUR_OF_DAY=8
2020-02-15 20:13:42 +01:00
#-----------------------------------------------------------------
2019-10-03 21:42:08 +02:00
# ==== EMAIL NOTIFICATION TIMEOUT, ms =====
# Defaut: 30000 ms = 30s
#EMAIL_NOTIFICATION_TIMEOUT=30000
2020-02-15 20:13:42 +01:00
#-----------------------------------------------------------------
2019-03-06 05:05:49 +01:00
# CORS: Set Access-Control-Allow-Origin header. Example: *
#CORS=*
2019-10-03 21:42:08 +02:00
# To enable the Set Access-Control-Allow-Headers header. "Authorization,Content-Type" is required for cross-origin use of the API.
#CORS_ALLOW_HEADERS=Authorization,Content-Type
# To enable the Set Access-Control-Expose-Headers header. This is not needed for typical CORS situations. Example: *
#CORS_EXPOSE_HEADERS=*
2020-02-15 20:13:42 +01:00
#---------------------------------------------
2019-10-03 21:42:08 +02:00
# Optional: Integration with Matomo https://matomo.org that is installed to your server
# The address of the server where Matomo is hosted:
# MATOMO_ADDRESS=https://example.com/matomo
2019-03-06 05:05:49 +01:00
#MATOMO_ADDRESS=
2019-10-03 21:42:08 +02:00
# The value of the site ID given in Matomo server for Wekan
2019-03-06 05:05:49 +01:00
# Example: MATOMO_SITE_ID=123456789
#MATOMO_SITE_ID=''
2019-10-03 21:42:08 +02:00
# The option do not track which enables users to not be tracked by matomo"
# Example: MATOMO_DO_NOT_TRACK=false
2019-03-06 05:05:49 +01:00
#MATOMO_DO_NOT_TRACK=true
2019-10-03 21:42:08 +02:00
# The option that allows matomo to retrieve the username:
2019-03-06 05:05:49 +01:00
# Example: MATOMO_WITH_USERNAME=true
#MATOMO_WITH_USERNAME='false'
2022-01-14 23:12:42 +01:00
#---------------------------------------------
2019-03-06 05:05:49 +01:00
# Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside.
# Setting this to false is not recommended, it also disables all other browser policy protections
# and allows all iframing etc. See wekan/server/policy.js
# Default value: true
BROWSER_POLICY_ENABLED=true
# When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside.
# Example: TRUSTED_URL=http://example.com
TRUSTED_URL=''
# What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId .
# Example: WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
WEBHOOKS_ATTRIBUTES=''
2020-02-15 20:13:42 +01:00
#---------------------------------------------
2021-02-26 00:16:24 +01:00
# OAUTH2 ORACLE on premise identity manager OIM
#ORACLE_OIM_ENABLED=true
#---------------------------------------------
2019-03-06 05:05:49 +01:00
# ==== OAUTH2 AZURE ====
# https://github.com/wekan/wekan/wiki/Azure
# 1) Register the application with Azure. Make sure you capture
# the application ID as well as generate a secret key.
# 2) Configure the environment variables. This differs slightly
# by installation type, but make sure you have the following:
#OAUTH2_ENABLED=true
2022-01-14 23:12:42 +01:00
#
2021-02-26 00:16:24 +01:00
# Optional OAuth2 CA Cert, see https://github.com/wekan/wekan/issues/3299
#OAUTH2_CA_CERT=ABCD1234
2022-01-14 23:12:42 +01:00
#
2021-02-26 00:16:24 +01:00
# Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting.
#OAUTH2_ADFS_ENABLED=false
2022-01-14 23:12:42 +01:00
#
2020-02-15 20:13:42 +01:00
# OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
2019-10-03 21:42:08 +02:00
# OAuth2 login style: popup or redirect.
#OAUTH2_LOGIN_STYLE=redirect
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# Application GUID captured during app registration:
#OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# Secret key generated during app registration:
#OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
#OAUTH2_SERVER_URL=https://login.microsoftonline.com/
#OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize
#OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo
#OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# The claim name you want to map to the unique ID field:
#OAUTH2_ID_MAP=email
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# The claim name you want to map to the username field:
#OAUTH2_USERNAME_MAP=email
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# The claim name you want to map to the full name field:
#OAUTH2_FULLNAME_MAP=name
2022-01-14 23:12:42 +01:00
#
2020-02-15 20:13:42 +01:00
# The claim name you want to map to the email field:
2019-03-06 05:05:49 +01:00
#OAUTH2_EMAIL_MAP=email
2020-02-15 20:13:42 +01:00
#-----------------------------------------------------------------
2019-03-06 05:05:49 +01:00
# ==== OAUTH2 KEYCLOAK ====
# https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED
#OAUTH2_ENABLED=true
2019-10-03 21:42:08 +02:00
# OAuth2 login style: popup or redirect.
#OAUTH2_LOGIN_STYLE=redirect
2019-03-06 05:05:49 +01:00
#OAUTH2_CLIENT_ID=<Keycloak create Client ID>
#OAUTH2_SERVER_URL=<Keycloak server name>/auth
#OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
#OAUTH2_USERINFO_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/userinfo
#OAUTH2_TOKEN_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/token
#OAUTH2_SECRET=<keycloak client secret>
2020-02-15 20:13:42 +01:00
#-----------------------------------------------------------------
2019-03-06 05:05:49 +01:00
# ==== OAUTH2 DOORKEEPER ====
2019-10-03 21:42:08 +02:00
# OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
2019-03-06 05:05:49 +01:00
# https://github.com/wekan/wekan/issues/1874
# https://github.com/wekan/wekan/wiki/OAuth2
# Enable the OAuth2 connection
#OAUTH2_ENABLED=true
2022-01-14 23:12:42 +01:00
#
2019-10-03 21:42:08 +02:00
# OAuth2 login style: popup or redirect.
#OAUTH2_LOGIN_STYLE=redirect
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# OAuth2 Client ID.
#OAUTH2_CLIENT_ID=abcde12345
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# OAuth2 Secret.
#OAUTH2_SECRET=54321abcde
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# OAuth2 Server URL.
#OAUTH2_SERVER_URL=https://chat.example.com
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# OAuth2 Authorization Endpoint.
#OAUTH2_AUTH_ENDPOINT=/oauth/authorize
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# OAuth2 Userinfo Endpoint.
#OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# OAuth2 Token Endpoint.
#OAUTH2_TOKEN_ENDPOINT=/oauth/token
2022-01-14 23:12:42 +01:00
#
2020-02-15 20:13:42 +01:00
# OAUTH2 ID Token Whitelist Fields.
#OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
2022-01-14 23:12:42 +01:00
#
2020-02-15 20:13:42 +01:00
# OAUTH2 Request Permissions.
#OAUTH2_REQUEST_PERMISSIONS='openid profile email'
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# OAuth2 ID Mapping
#OAUTH2_ID_MAP=
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# OAuth2 Username Mapping
#OAUTH2_USERNAME_MAP=
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# OAuth2 Fullname Mapping
#OAUTH2_FULLNAME_MAP=
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# OAuth2 Email Mapping
#OAUTH2_EMAIL_MAP=
2020-02-15 20:13:42 +01:00
#---------------------------------------------
2019-03-06 05:05:49 +01:00
# LDAP_ENABLE : Enable or not the connection by the LDAP
# example : LDAP_ENABLE=true
#LDAP_ENABLE=false
2019-03-07 00:49:05 +01:00
LDAP_ENABLE=true
2019-03-06 05:05:49 +01:00
# LDAP_PORT : The port of the LDAP server
# example : LDAP_PORT=389
#LDAP_PORT=389
2019-03-07 00:49:05 +01:00
LDAP_PORT=389
2019-03-06 05:05:49 +01:00
# LDAP_HOST : The host server for the LDAP server
# example : LDAP_HOST=localhost
#LDAP_HOST=
2019-03-07 00:49:05 +01:00
LDAP_HOST=localhost
2022-01-14 23:12:42 +01:00
#
#-----------------------------------------------------------------
# ==== LDAP AD Simple Auth ====
#
# Set to true, if you want to connect with Active Directory by Simple Authentication.
# When using AD Simple Auth, LDAP_BASEDN is not needed.
#
# Example:
#LDAP_AD_SIMPLE_AUTH=true
#
# === LDAP User Authentication ===
#
# a) Option to login to the LDAP server with the user's own username and password, instead of
# an administrator key. Default: false (use administrator key).
#
# b) When using AD Simple Auth, set to true, when login user is used for binding,
# and LDAP_BASEDN is not needed.
#
# Example:
#LDAP_USER_AUTHENTICATION=true
#
# Which field is used to find the user for the user authentication. Default: uid.
#LDAP_USER_AUTHENTICATION_FIELD=uid
#
# === LDAP Default Domain ===
#
# a) In case AD SimpleAuth is configured, the default domain is appended to the given
# loginname for creating the correct username for the bind request to AD.
#
# b) The default domain of the ldap it is used to create email if the field is not map
# correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
#
# Example :
#LDAP_DEFAULT_DOMAIN=mydomain.com
#
#-----------------------------------------------------------------
# ==== LDAP BASEDN Auth ====
#
2019-03-06 05:05:49 +01:00
# LDAP_BASEDN : The base DN for the LDAP Tree
# example : LDAP_BASEDN=ou=user,dc=example,dc=org
#LDAP_BASEDN=
2019-03-07 00:49:05 +01:00
LDAP_BASEDN=dc=yunohost,dc=org
2022-01-14 23:12:42 +01:00
#---------------------------------------------
2019-03-06 05:05:49 +01:00
# LDAP_LOGIN_FALLBACK : Fallback on the default authentication method
# example : LDAP_LOGIN_FALLBACK=true
#LDAP_LOGIN_FALLBACK=false
2019-03-07 02:46:44 +01:00
LDAP_LOGIN_FALLBACK=true
2019-03-06 05:05:49 +01:00
# LDAP_RECONNECT : Reconnect to the server if the connection is lost
# example : LDAP_RECONNECT=false
#LDAP_RECONNECT=true
2019-03-07 00:49:05 +01:00
LDAP_RECONNECT=true
2019-03-06 05:05:49 +01:00
# LDAP_TIMEOUT : Overall timeout, in milliseconds
# example : LDAP_TIMEOUT=12345
#LDAP_TIMEOUT=10000
2019-03-07 00:49:05 +01:00
LDAP_TIMEOUT=10000
2019-03-06 05:05:49 +01:00
# LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds
# example : LDAP_IDLE_TIMEOUT=12345
#LDAP_IDLE_TIMEOUT=10000
2019-03-07 00:49:05 +01:00
LDAP_IDLE_TIMEOUT=10000
2019-03-06 05:05:49 +01:00
# LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds
# example : LDAP_CONNECT_TIMEOUT=12345
#LDAP_CONNECT_TIMEOUT=10000
2019-03-07 00:49:05 +01:00
LDAP_CONNECT_TIMEOUT=10000
2019-03-06 05:05:49 +01:00
# LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search
# example : LDAP_AUTHENTIFICATION=true
#LDAP_AUTHENTIFICATION=false
2019-03-07 00:49:05 +01:00
LDAP_AUTHENTIFICATION=false
2019-03-06 05:05:49 +01:00
# LDAP_AUTHENTIFICATION_USERDN : The search user DN
# example : LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org
2020-02-15 20:13:42 +01:00
#----------------------------------------------------------------------------
# The search user DN - You need quotes when you have spaces in parameters
# 2 examples:
#LDAP_AUTHENTIFICATION_USERDN="CN=ldap admin,CN=users,DC=domainmatter,DC=lan"
#LDAP_AUTHENTIFICATION_USERDN="CN=wekan_adm,OU=serviceaccounts,OU=admin,OU=prod,DC=mydomain,DC=com"
#---------------------------------------------------------------------------
2019-03-06 05:05:49 +01:00
# LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user
# example : AUTHENTIFICATION_PASSWORD=admin
#LDAP_AUTHENTIFICATION_PASSWORD=
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# LDAP_LOG_ENABLED : Enable logs for the module
# example : LDAP_LOG_ENABLED=true
#LDAP_LOG_ENABLED=false
2019-03-07 00:49:05 +01:00
LDAP_LOG_ENABLED=true
2019-03-06 05:05:49 +01:00
# LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background
# example : LDAP_BACKGROUND_SYNC=true
#LDAP_BACKGROUND_SYNC=false
2019-03-07 00:49:05 +01:00
LDAP_BACKGROUND_SYNC=true
2019-03-06 05:05:49 +01:00
# LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds
2019-10-03 21:42:08 +02:00
# At which interval does the background task sync in milliseconds.
# Leave this unset, so it uses default, and does not crash.
# https://github.com/wekan/wekan/issues/2354#issuecomment-515305722
2020-02-15 20:13:42 +01:00
LDAP_BACKGROUND_SYNC_INTERVAL=''
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED :
# example : LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true
#LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false
2019-03-07 00:49:05 +01:00
LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true
2019-03-06 05:05:49 +01:00
# LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS :
# example : LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true
#LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false
2019-03-07 00:49:05 +01:00
LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true
2019-03-06 05:05:49 +01:00
# LDAP_ENCRYPTION : If using LDAPS
# example : LDAP_ENCRYPTION=ssl
#LDAP_ENCRYPTION=false
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file.
# example : LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE-----
#LDAP_CA_CERT=
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate
# example : LDAP_REJECT_UNAUTHORIZED=true
#LDAP_REJECT_UNAUTHORIZED=false
2022-01-14 23:12:42 +01:00
#
2019-03-06 05:05:49 +01:00
# LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
# example : LDAP_USER_SEARCH_FILTER=
#LDAP_USER_SEARCH_FILTER=
2019-03-07 02:46:44 +01:00
LDAP_USER_SEARCH_FILTER="(objectclass=posixAccount)"
2019-03-06 05:05:49 +01:00
# LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree)
# example : LDAP_USER_SEARCH_SCOPE=one
#LDAP_USER_SEARCH_SCOPE=
2019-03-07 00:49:05 +01:00
LDAP_USER_SEARCH_SCOPE=sub
2019-03-06 05:05:49 +01:00
# LDAP_USER_SEARCH_FIELD : Which field is used to find the user
# example : LDAP_USER_SEARCH_FIELD=uid
#LDAP_USER_SEARCH_FIELD=
2022-01-05 22:24:11 +01:00
LDAP_USER_SEARCH_FIELD=uid,mail
2019-03-06 05:05:49 +01:00
# LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited)
# example : LDAP_SEARCH_PAGE_SIZE=12345
#LDAP_SEARCH_PAGE_SIZE=0
2019-03-07 00:49:05 +01:00
LDAP_SEARCH_PAGE_SIZE=0
2019-03-06 05:05:49 +01:00
# LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited)
# example : LDAP_SEARCH_SIZE_LIMIT=12345
#LDAP_SEARCH_SIZE_LIMIT=0
2019-03-07 00:49:05 +01:00
LDAP_SEARCH_SIZE_LIMIT=0
2019-03-06 05:05:49 +01:00
# LDAP_GROUP_FILTER_ENABLE : Enable group filtering
# example : LDAP_GROUP_FILTER_ENABLE=true
#LDAP_GROUP_FILTER_ENABLE=false
2019-03-07 02:46:44 +01:00
LDAP_GROUP_FILTER_ENABLE=true
2019-03-06 05:05:49 +01:00
# LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering
# example : LDAP_GROUP_FILTER_OBJECTCLASS=group
#LDAP_GROUP_FILTER_OBJECTCLASS=
2019-03-07 00:49:05 +01:00
LDAP_GROUP_FILTER_OBJECTCLASS=posixGroup
2019-03-06 05:05:49 +01:00
# LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE :
# example :
#LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=
2019-03-07 02:46:44 +01:00
LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=cn
2019-03-06 05:05:49 +01:00
# LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE :
# example :
#LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=
2019-03-07 00:49:05 +01:00
LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=memberUid
2019-03-06 05:05:49 +01:00
# LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT :
# example :
#LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=
2019-03-07 02:46:44 +01:00
LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=uid
2019-03-06 05:05:49 +01:00
# LDAP_GROUP_FILTER_GROUP_NAME :
2019-03-07 02:46:44 +01:00
# example : LDAP_GROUP_FILTER_GROUP_NAME=wekan_user
2019-03-06 05:05:49 +01:00
#LDAP_GROUP_FILTER_GROUP_NAME=
2020-04-01 16:30:41 +02:00
LDAP_GROUP_FILTER_GROUP_NAME=__APP__.main
2019-03-06 05:05:49 +01:00
# LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier)
# example : LDAP_UNIQUE_IDENTIFIER_FIELD=guid
#LDAP_UNIQUE_IDENTIFIER_FIELD=
2019-03-07 00:49:05 +01:00
LDAP_UNIQUE_IDENTIFIER_FIELD=entryUUID
2019-03-06 05:05:49 +01:00
# LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8
# example : LDAP_UTF8_NAMES_SLUGIFY=false
#LDAP_UTF8_NAMES_SLUGIFY=true
2019-03-07 02:46:44 +01:00
LDAP_UTF8_NAMES_SLUGIFY=true
2019-03-06 05:05:49 +01:00
# LDAP_USERNAME_FIELD : Which field contains the ldap username
# example : LDAP_USERNAME_FIELD=username
#LDAP_USERNAME_FIELD=
2019-03-07 00:49:05 +01:00
LDAP_USERNAME_FIELD=uid
2019-03-06 05:05:49 +01:00
# LDAP_FULLNAME_FIELD : Which field contains the ldap fullname
# example : LDAP_FULLNAME_FIELD=fullname
#LDAP_FULLNAME_FIELD=
2019-03-07 00:49:05 +01:00
LDAP_FULLNAME_FIELD=cn
2019-03-06 05:05:49 +01:00
# LDAP_MERGE_EXISTING_USERS :
# example : LDAP_MERGE_EXISTING_USERS=true
#LDAP_MERGE_EXISTING_USERS=false
2019-03-07 00:49:05 +01:00
LDAP_MERGE_EXISTING_USERS=true
2019-03-06 05:05:49 +01:00
# LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match
# example: LDAP_EMAIL_MATCH_ENABLE=true
#LDAP_EMAIL_MATCH_ENABLE=false
2019-03-07 00:49:05 +01:00
LDAP_EMAIL_MATCH_ENABLE=true
2019-03-06 05:05:49 +01:00
# LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match
# example: LDAP_EMAIL_MATCH_REQUIRE=true
#LDAP_EMAIL_MATCH_REQUIRE=false
2019-03-07 02:46:44 +01:00
LDAP_EMAIL_MATCH_REQUIRE=false
2019-03-06 05:05:49 +01:00
# LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching
# example: LDAP_EMAIL_MATCH_VERIFIED=true
#LDAP_EMAIL_MATCH_VERIFIED=false
2019-03-07 02:46:44 +01:00
LDAP_EMAIL_MATCH_VERIFIED=false
2019-03-06 05:05:49 +01:00
# LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address
# example: LDAP_EMAIL_FIELD=mail
#LDAP_EMAIL_FIELD=
2019-03-07 00:49:05 +01:00
LDAP_EMAIL_FIELD=mail
2019-03-06 05:05:49 +01:00
# LDAP_SYNC_USER_DATA :
# example : LDAP_SYNC_USER_DATA=true
#LDAP_SYNC_USER_DATA=false
2019-03-07 00:49:05 +01:00
LDAP_SYNC_USER_DATA=true
2019-03-06 05:05:49 +01:00
# LDAP_SYNC_USER_DATA_FIELDMAP :
# example : LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"}
#LDAP_SYNC_USER_DATA_FIELDMAP=
2019-03-07 01:42:22 +01:00
LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name"}
2019-03-06 05:05:49 +01:00
# LDAP_SYNC_GROUP_ROLES :
# example :
#LDAP_SYNC_GROUP_ROLES=
2020-04-01 16:30:41 +02:00
LDAP_SYNC_GROUP_ROLES=__APP__.admin
2019-03-06 05:05:49 +01:00
# Enable/Disable syncing of admin status based on ldap groups:
#LDAP_SYNC_ADMIN_STATUS=true
2019-03-07 02:46:44 +01:00
LDAP_SYNC_ADMIN_STATUS=true
2020-02-15 20:13:42 +01:00
# Comma separated list of admin group names to sync.
2019-03-06 05:05:49 +01:00
#LDAP_SYNC_ADMIN_GROUPS=group1,group2
2020-04-01 16:30:41 +02:00
LDAP_SYNC_ADMIN_GROUPS=__APP__.admin
2020-02-15 20:13:42 +01:00
#---------------------------------------------------------------------
2019-10-03 21:42:08 +02:00
# Login to LDAP automatically with HTTP header.
# In below example for siteminder, at right side of = is header name.
#HEADER_LOGIN_ID=HEADERUID
#HEADER_LOGIN_FIRSTNAME=HEADERFIRSTNAME
#HEADER_LOGIN_LASTNAME=HEADERLASTNAME
#HEADER_LOGIN_EMAIL=HEADEREMAILADDRESS
2020-02-15 20:13:42 +01:00
#---------------------------------------------------------------------
2019-03-06 05:05:49 +01:00
# LOGOUT_WITH_TIMER : Enables or not the option logout with timer
# example : LOGOUT_WITH_TIMER=true
#LOGOUT_WITH_TIMER=
# LOGOUT_IN : The number of days
# example : LOGOUT_IN=1
#LOGOUT_IN=
#LOGOUT_ON_HOURS=
# LOGOUT_ON_MINUTES : The number of minutes
# example : LOGOUT_ON_MINUTES=55
2020-02-15 20:13:42 +01:00
#LOGOUT_ON_MINUTES=
2020-05-29 18:54:49 +02:00
#---------------------------------------------------------------------
2022-01-14 23:12:42 +01:00
# PASSWORD_LOGIN_ENABLED : Enable or not the password login form.
2021-02-26 00:16:24 +01:00
#PASSWORD_LOGIN_ENABLED=true
#---------------------------------------------------------------------
#CAS_ENABLED=true
#CAS_BASE_URL=https://cas.example.com/cas
#CAS_LOGIN_URL=https://cas.example.com/login
#CAS_VALIDATE_URL=https://cas.example.com/cas/p3/serviceValidate
#---------------------------------------------------------------------
#SAML_ENABLED=true
#SAML_PROVIDER=
#SAML_ENTRYPOINT=
#SAML_ISSUER=
#SAML_CERT=
#SAML_IDPSLO_REDIRECTURL=
#SAML_PRIVATE_KEYFILE=
#SAML_PUBLIC_CERTFILE=
#SAML_IDENTIFIER_FORMAT=
#SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE=
#SAML_ATTRIBUTES=
#---------------------------------------------------------------------
2022-01-14 23:12:42 +01:00
# Wait spinner to use
#WAIT_SPINNER=Bounce
#---------------------------------------------------------------------