From 25ca9fa20fbc68556f10567dc1a19ebc22aa1b7d Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 7 Mar 2019 02:46:44 +0100 Subject: [PATCH] Configure LDAP for Yunohost --- conf/.env | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/conf/.env b/conf/.env index 88c0a52..3a664d8 100644 --- a/conf/.env +++ b/conf/.env @@ -165,7 +165,7 @@ LDAP_BASEDN=dc=yunohost,dc=org # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method # example : LDAP_LOGIN_FALLBACK=true #LDAP_LOGIN_FALLBACK=false -LDAP_LOGIN_FALLBACK=false +LDAP_LOGIN_FALLBACK=true # LDAP_RECONNECT : Reconnect to the server if the connection is lost # example : LDAP_RECONNECT=false @@ -213,7 +213,7 @@ LDAP_BACKGROUND_SYNC=true # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds # example : LDAP_BACKGROUND_SYNC_INTERVAL=12345 #LDAP_BACKGROUND_SYNC_INTERVAL=100 -LDAP_BACKGROUND_SYNC_INTERVAL=600000 +LDAP_BACKGROUND_SYNC_INTERVAL=100 # LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED : # example : LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true @@ -240,7 +240,7 @@ LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed # example : LDAP_USER_SEARCH_FILTER= #LDAP_USER_SEARCH_FILTER= -LDAP_USER_SEARCH_FILTER="" +LDAP_USER_SEARCH_FILTER="(objectclass=posixAccount)" # LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree) # example : LDAP_USER_SEARCH_SCOPE=one @@ -265,7 +265,7 @@ LDAP_SEARCH_SIZE_LIMIT=0 # LDAP_GROUP_FILTER_ENABLE : Enable group filtering # example : LDAP_GROUP_FILTER_ENABLE=true #LDAP_GROUP_FILTER_ENABLE=false -LDAP_GROUP_FILTER_ENABLE=false +LDAP_GROUP_FILTER_ENABLE=true # LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering # example : LDAP_GROUP_FILTER_OBJECTCLASS=group @@ -275,7 +275,7 @@ LDAP_GROUP_FILTER_OBJECTCLASS=posixGroup # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE : # example : #LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE= -LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=gidNumber +LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=cn # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE : # example : @@ -285,12 +285,12 @@ LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=memberUid # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT : # example : #LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT= -LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=dn +LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=uid # LDAP_GROUP_FILTER_GROUP_NAME : -# example : +# example : LDAP_GROUP_FILTER_GROUP_NAME=wekan_user #LDAP_GROUP_FILTER_GROUP_NAME= -LDAP_GROUP_FILTER_GROUP_NAME=cn +LDAP_GROUP_FILTER_GROUP_NAME=sftpusers # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier) # example : LDAP_UNIQUE_IDENTIFIER_FIELD=guid @@ -300,6 +300,7 @@ LDAP_UNIQUE_IDENTIFIER_FIELD=entryUUID # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8 # example : LDAP_UTF8_NAMES_SLUGIFY=false #LDAP_UTF8_NAMES_SLUGIFY=true +LDAP_UTF8_NAMES_SLUGIFY=true # LDAP_USERNAME_FIELD : Which field contains the ldap username # example : LDAP_USERNAME_FIELD=username @@ -324,12 +325,12 @@ LDAP_EMAIL_MATCH_ENABLE=true # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match # example: LDAP_EMAIL_MATCH_REQUIRE=true #LDAP_EMAIL_MATCH_REQUIRE=false -LDAP_EMAIL_MATCH_REQUIRE=true +LDAP_EMAIL_MATCH_REQUIRE=false # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching # example: LDAP_EMAIL_MATCH_VERIFIED=true #LDAP_EMAIL_MATCH_VERIFIED=false -LDAP_EMAIL_MATCH_VERIFIED=true +LDAP_EMAIL_MATCH_VERIFIED=false # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address # example: LDAP_EMAIL_FIELD=mail @@ -349,6 +350,7 @@ LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name"} # LDAP_SYNC_GROUP_ROLES : # example : #LDAP_SYNC_GROUP_ROLES= +LDAP_SYNC_GROUP_ROLES=admins # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP # example : @@ -357,9 +359,11 @@ LDAP_DEFAULT_DOMAIN=yh03.yh.yalh.net # Enable/Disable syncing of admin status based on ldap groups: #LDAP_SYNC_ADMIN_STATUS=true +LDAP_SYNC_ADMIN_STATUS=true # Comma separated list of admin group names to sync. #LDAP_SYNC_ADMIN_GROUPS=group1,group2 +LDAP_SYNC_ADMIN_GROUPS=admins # LOGOUT_WITH_TIMER : Enables or not the option logout with timer # example : LOGOUT_WITH_TIMER=true