/[soft]/identity/CatDap/branches/live/catdap.yml
ViewVC logotype

Contents of /identity/CatDap/branches/live/catdap.yml

Parent Directory Parent Directory | Revision Log Revision Log

Revision 563 - (show annotations) (download)
Wed Feb 16 22:02:11 2011 UTC (13 years, 2 months ago) by buchan
File size: 5328 byte(s) 
Merge changes from trunk rev 245:562:
-r245 | misc | 2011-01-07 03:39:40 +0200 (Fri, 07 Jan 2011) | 1 line
 more compact code
-r248 | rda | 2011-01-08 01:15:42 +0200 (Sat, 08 Jan 2011) | 1 line
 commit spec file from Maarten Vanraes
-r249 | rda | 2011-01-08 01:20:14 +0200 (Sat, 08 Jan 2011) | 1 line
 commit implement forgot_password patch from Maarten Vanraes
-r250 | rda | 2011-01-08 01:20:38 +0200 (Sat, 08 Jan 2011) | 1 line
 update footer links
-r251 | dmorgan | 2011-01-08 02:00:32 +0200 (Sat, 08 Jan 2011) | 2 lines
 FIx wording
-r335 | buchan | 2011-01-22 10:52:05 +0200 (Sat, 22 Jan 2011) | 2 lines
 Dont detach when checking ldap error code,, we want to continue to set a template
-r336 | buchan | 2011-01-22 11:38:25 +0200 (Sat, 22 Jan 2011) | 3 lines
Fix greeting in password reset key mail, by sending cn to stash
Also add some more error error checking on the search
-r337 | buchan | 2011-01-22 15:55:56 +0200 (Sat, 22 Jan 2011) | 4 lines
 Add a means to filter out users who arent allowed to reset passwords with only
 email verification (by default users who don't match (!(objectclass=posixAccount))
 Fix email template to use configurable project url
-r558 | buchan | 2011-02-16 00:33:01 +0200 (Wed, 16 Feb 2011) | 2 lines
 Allow spaces in names
-r559 | buchan | 2011-02-16 01:01:21 +0200 (Wed, 16 Feb 2011) | 2 lines
 Fix display of non-ascii characters (may need some work in admin for multi-valued 
 attributes)
-r560 | buchan | 2011-02-16 01:45:07 +0200 (Wed, 16 Feb 2011) | 2 lines
 String updates
-r561 | buchan | 2011-02-16 15:33:29 +0200 (Wed, 16 Feb 2011) | 4 lines
 Add error pages for user self-editing buttons, and correctly collect ldap errors
 Respect Controller::User::editable_attrs in user editing page
 Add preferredLanguage to editable_attrs
-r562 | buchan | 2011-02-16 17:05:33 +0200 (Wed, 16 Feb 2011) | 3 lines
 Fix displaying of groups with spaces in the name
 Fix non-ascii user details in 'promote' page
1 # This is the default configuration for CatDap. You should not need to
2 # modify it, unless you actually want to fix some default behaviour
3 # that is configured below
4 #
5 # For site-specific configuration, copy this file (catdap.yml) to
6 # have a _local suffix (catdap_local.yml) and make your changes there.
7 # Note that you only need to keep configuration sections that differ,
8 # the rest will be inherited
9
10 name: CatDap
11 default_view: Web
12
13 organisation: Mageia
14 project_url: http://www.mageia.org/
15 apptitle: Mageia Identity Management
16 emailfrom: noreply@mageia.org
17
18 Model::Proxy:
19 base: ou=People,dc=mageia,dc=org
20 dn: cn=catdap,ou=System Accounts,dc=mageia,dc=org
21 password: FIXME
22 host: ldap.mageia.org
23 start_tls: 1
24 options:
25 inet6: 1
26
27 # dn and password should not be required here, we rebind with credentials
28 # from the authenticated user using Model::LDAP::FromAuthentication
29 Model::User:
30 base: dc=mageia,dc=org
31 host: ldap.mageia.org
32 start_tls: 1
33
34 register:
35 login_blacklist:
36 - apache
37
38 forgot_password:
39 secret:
40 path: '/tmp/'
41 prefix: 'catdap-forgot_password-'
42 timeout: 259200
43 allow_filter: '(!(objectClass=posixAccount))'
44
45 authentication:
46 default_realm: ldap
47 realms:
48 ldap:
49 credential:
50 class: Password
51 password_field: password
52 password_type: self_check
53 store:
54 class: LDAP
55 ldap_server: 'ldap.mageia.org'
56 ldap_server_options:
57 inet6: 1
58 start_tls: 1
59 binddn: cn=catdap,ou=System Accounts,dc=mageia,dc=org
60 bindpw: FIXME
61 user_basedn: "ou=people,dc=mageia,dc=org"
62 user_filter: '(&(objectClass=inetOrgPerson)(uid=%s))'
63 user_scope: 'one'
64 user_field: 'uid'
65 email_filter: '(&(objectClass=inetOrgPerson)(|(mail=%s)(mailAlternateAddress=%s)))'
66 use_roles: 1
67 role_basedn: 'dc=mageia,dc=org'
68 role_scope: 'sub'
69 role_field: 'cn'
70 role_value: 'dn'
71 role_filter: '(member=%s)'
72 role_search_as_user: 1
73
74 Controller::User:
75 # Attributes that the user can edit. Attributes present but not listed here
76 # will be show (if not in skip_attrs), but the form will not allow editing.
77 # Note that the actual access contols should be implemented on the LDAP side,
78 # that is where they belong, or you are being inconsistent if users have other
79 # means to access LDAP
80 editable_attrs:
81 - cn
82 - sn
83 - givenName
84 - mail
85 - mobile
86 - roomNumber
87 - secretary
88 - mailForwardingAddress
89 - sshPublicKey
90 - preferredLanguage
91
92 # Currently not used, we only respect editable_attrs
93 uneditable_attrs:
94 - uid
95 # - uidNumber
96 # - gidNumber
97 # - homeDirectory
98 # - host
99 # - manager
100 # - krb5PrincipalName
101 # List of attributes which are not displayed at all in the user view
102 skip_attrs:
103 - objectClass
104 - krb5Key
105 - sambaMungedDial
106 - sambaPasswordHistory
107 - userPassword
108 - sambaLMPassword
109 - sambaNTPassword
110 - sambaPwdMustChange
111 - sambaSID
112 - sambaPrimaryGroupSID
113 - sambaAcctFlags
114 - sambaPwdCanChange
115 - sambaPwdLastSet
116 - sambaKickOffTime
117 - sambaUserWorkstations
118 - sambaLogonTime
119 - krb5KeyVersionNumber
120 - krb5PasswordEnd
121 - krb5MaxLife
122 - krb5MaxRenew
123 - krb5KDCFlags
124 - shadowLastChange
125 - shadowWarning
126 - shadowMax
127 - shadowMin
128 - shadowInactive
129 - shadowExpire
130 - shadowFlag
131
132 Plugin::Captcha:
133 new:
134 gd_font: giant
135 width: 100
136 height: 40
137 lines: 7
138
139 create:
140 - normal
141 - rect
142
143 particle:
144 - 100
145
146 gd_font: giant
147
148 Plugin::Session:
149 expires: 600
150
  ViewVC Help
Powered by ViewVC 1.1.30