# This is the default configuration for CatDap. You should not need to # modify it, unless you actually want to fix some default behaviour # that is configured below # # For site-specific configuration, copy this file (catdap.yml) to # have a _local suffix (catdap_local.yml) and make your changes there. # Note that you only need to keep configuration sections that differ, # the rest will be inherited name: CatDap default_view: Web organisation: Mageia apptitle: Mageia Identity Management emailfrom: noreply@mageia.org Model::Proxy: base: ou=People,dc=mageia,dc=org dn: cn=catdap,ou=System Accounts,dc=mageia,dc=org password: FIXME host: ldap.mageia.org start_tls: 1 # dn and password should not be required here, we rebind with credentials # from the authenticated user using Model::LDAP::FromAuthentication Model::User: base: dc=mageia,dc=org host: ldap.mageia.org start_tls: 1 authentication: default_realm: ldap realms: ldap: credential: class: Password password_field: password password_type: self_check store: class: LDAP ldap_server: 'ldap.mageia.org' start_tls: 1 binddn: cn=catdap,ou=System Accounts,dc=mageai,dc=org bindpw: FIXME user_basedn: "ou=people,dc=mageia,dc=org" user_filter: '(&(objectClass=inetOrgPerson)(uid=%s))' user_scope: 'one' user_field: 'uid' use_roles: 1 role_basedn: 'dc=mageia,dc=org' role_scope: 'sub' role_field: 'cn' role_value: 'dn' role_filter: '(member=%s)' role_search_as_user: 1 Controller::User: # Attributes that the user can edit. Attributes present but not listed here # will be show (if not in skip_attrs), but the form will not allow editing. # Note that the actual access contols should be implemented on the LDAP side, # that is where they belong, or you are being inconsistent if users have other # means to access LDAP editable_attrs: - cn - sn - givenName - mail - mobile - roomNumber - secretary - mailForwardingAddress # Currently not used, we only respect editable_attrs uneditable_attrs: - uid # - uidNumber # - gidNumber # - homeDirectory # - host # - manager # - krb5PrincipalName # List of attributes which are not displayed at all in the user view skip_attrs: - objectClass - krb5Key - sambaMungedDial - sambaPasswordHistory - userPassword - sambaLMPassword - sambaNTPassword - sambaPwdMustChange - sambaSID - sambaPrimaryGroupSID - sambaAcctFlags - sambaPwdCanChange - sambaPwdLastSet - sambaKickOffTime - sambaUserWorkstations - sambaLogonTime - krb5KeyVersionNumber - krb5PasswordEnd - krb5MaxLife - krb5MaxRenew - krb5KDCFlags - shadowLastChange - shadowWarning - shadowMax - shadowMin - shadowInactive - shadowExpire - shadowFlag Plugin::Captcha: new: gd_font: giant width: 100 height: 40 lines: 7 create: - normal - rect particle: - 100 gd_font: giant Plugin::Session: expires: 600