1 |
# This is the default configuration for CatDap. You should not need to |
2 |
# modify it, unless you actually want to fix some default behaviour |
3 |
# that is configured below |
4 |
# |
5 |
# For site-specific configuration, copy this file (catdap.yml) to |
6 |
# have a _local suffix (catdap_local.yml) and make your changes there. |
7 |
# Note that you only need to keep configuration sections that differ, |
8 |
# the rest will be inherited |
9 |
|
10 |
name: CatDap |
11 |
default_view: Web |
12 |
|
13 |
organisation: Mageia |
14 |
project_url: http://www.mageia.org/ |
15 |
apptitle: Mageia Identity Management |
16 |
emailfrom: noreply@mageia.org |
17 |
|
18 |
Model::Proxy: |
19 |
base: ou=People,dc=mageia,dc=org |
20 |
dn: cn=catdap,ou=System Accounts,dc=mageia,dc=org |
21 |
password: FIXME |
22 |
host: ldap.mageia.org |
23 |
start_tls: 1 |
24 |
options: |
25 |
inet6: 1 |
26 |
|
27 |
# dn and password should not be required here, we rebind with credentials |
28 |
# from the authenticated user using Model::LDAP::FromAuthentication |
29 |
Model::User: |
30 |
base: dc=mageia,dc=org |
31 |
host: ldap.mageia.org |
32 |
start_tls: 1 |
33 |
|
34 |
register: |
35 |
login_blacklist: |
36 |
- apache |
37 |
|
38 |
forgot_password: |
39 |
secret: |
40 |
path: '/tmp/' |
41 |
prefix: 'catdap-forgot_password-' |
42 |
timeout: 259200 |
43 |
allow_filter: '(!(objectClass=posixAccount))' |
44 |
|
45 |
authentication: |
46 |
default_realm: ldap |
47 |
realms: |
48 |
ldap: |
49 |
credential: |
50 |
class: Password |
51 |
password_field: password |
52 |
password_type: self_check |
53 |
store: |
54 |
class: LDAP |
55 |
ldap_server: 'ldap.mageia.org' |
56 |
ldap_server_options: |
57 |
inet6: 1 |
58 |
start_tls: 1 |
59 |
binddn: cn=catdap,ou=System Accounts,dc=mageia,dc=org |
60 |
bindpw: FIXME |
61 |
user_basedn: "ou=people,dc=mageia,dc=org" |
62 |
user_filter: '(&(objectClass=inetOrgPerson)(uid=%s))' |
63 |
user_scope: 'one' |
64 |
user_field: 'uid' |
65 |
email_filter: '(&(objectClass=inetOrgPerson)(|(mail=%s)(mailAlternateAddress=%s)))' |
66 |
use_roles: 1 |
67 |
role_basedn: 'dc=mageia,dc=org' |
68 |
role_scope: 'sub' |
69 |
role_field: 'cn' |
70 |
role_value: 'dn' |
71 |
role_filter: '(member=%s)' |
72 |
role_search_as_user: 1 |
73 |
|
74 |
Controller::User: |
75 |
# Attributes that the user can edit. Attributes present but not listed here |
76 |
# will be show (if not in skip_attrs), but the form will not allow editing. |
77 |
# Note that the actual access contols should be implemented on the LDAP side, |
78 |
# that is where they belong, or you are being inconsistent if users have other |
79 |
# means to access LDAP |
80 |
editable_attrs: |
81 |
- cn |
82 |
- sn |
83 |
- givenName |
84 |
- mail |
85 |
- mobile |
86 |
- roomNumber |
87 |
- secretary |
88 |
- mailForwardingAddress |
89 |
- sshPublicKey |
90 |
- preferredLanguage |
91 |
|
92 |
# Currently not used, we only respect editable_attrs |
93 |
uneditable_attrs: |
94 |
- uid |
95 |
# - uidNumber |
96 |
# - gidNumber |
97 |
# - homeDirectory |
98 |
# - host |
99 |
# - manager |
100 |
# - krb5PrincipalName |
101 |
# List of attributes which are not displayed at all in the user view |
102 |
skip_attrs: |
103 |
- objectClass |
104 |
- krb5Key |
105 |
- sambaMungedDial |
106 |
- sambaPasswordHistory |
107 |
- userPassword |
108 |
- sambaLMPassword |
109 |
- sambaNTPassword |
110 |
- sambaPwdMustChange |
111 |
- sambaSID |
112 |
- sambaPrimaryGroupSID |
113 |
- sambaAcctFlags |
114 |
- sambaPwdCanChange |
115 |
- sambaPwdLastSet |
116 |
- sambaKickOffTime |
117 |
- sambaUserWorkstations |
118 |
- sambaLogonTime |
119 |
- krb5KeyVersionNumber |
120 |
- krb5PasswordEnd |
121 |
- krb5MaxLife |
122 |
- krb5MaxRenew |
123 |
- krb5KDCFlags |
124 |
- shadowLastChange |
125 |
- shadowWarning |
126 |
- shadowMax |
127 |
- shadowMin |
128 |
- shadowInactive |
129 |
- shadowExpire |
130 |
- shadowFlag |
131 |
|
132 |
Plugin::Captcha: |
133 |
new: |
134 |
gd_font: giant |
135 |
width: 100 |
136 |
height: 40 |
137 |
lines: 7 |
138 |
|
139 |
create: |
140 |
- normal |
141 |
- rect |
142 |
|
143 |
particle: |
144 |
- 100 |
145 |
|
146 |
gd_font: giant |
147 |
|
148 |
Plugin::Session: |
149 |
expires: 600 |
150 |
|