CatDap/trunk/catdap.yml

# This is the default configuration for CatDap. You should not need to
# modify it, unless you actually want to fix some default behaviour
# that is configured below
#
# For site-specific configuration, copy this file (catdap.yml) to
# have a _local suffix (catdap_local.yml) and make your changes there.
# Note that you only need to keep configuration sections that differ,
# the rest will be inherited

name: CatDap
default_view: Web

organisation: Mageia
apptitle: Mageia Identity Management
emailfrom: noreply@mageia.org

Model::Proxy:
        base: ou=People,dc=mageia,dc=org
        dn: cn=catdap,ou=System Accounts,dc=mageia,dc=org
        password: FIXME
        host: ldap.mageia.org
        start_tls: 1

# dn and password should not be required here, we rebind with credentials
# from the authenticated user using Model::LDAP::FromAuthentication
Model::User:
        base: dc=mageia,dc=org
        host: ldap.mageia.org
        start_tls: 1

register:
        login_blacklist:
                - apache

authentication:
        default_realm: ldap
        realms:
                ldap:
                        credential:
                                class: Password
                                password_field: password
                                password_type: self_check
                        store:
                                class: LDAP
                                ldap_server:     'ldap.mageia.org'
                                start_tls:       1
                                binddn:          cn=catdap,ou=System Accounts,dc=mageia,dc=org
                                bindpw:          FIXME
                                user_basedn:    "ou=people,dc=mageia,dc=org"
                                user_filter:    '(&(objectClass=inetOrgPerson)(uid=%s))'
                                user_scope:     'one'
                                user_field:     'uid'
                                use_roles:      1
                                role_basedn:    'dc=mageia,dc=org'
                                role_scope:     'sub'
                                role_field:     'cn'
                                role_value:     'dn'
                                role_filter:    '(member=%s)'
                                role_search_as_user: 1

Controller::User:
# Attributes that the user can edit. Attributes present but not listed here
# will be show (if not in skip_attrs), but the form will not allow editing.
# Note that the actual access contols should be implemented on the LDAP side,
# that is where they belong, or you are being inconsistent if users have other
# means to access LDAP
        editable_attrs:
                       - cn
                       - sn
                       - givenName
                       - mail
                       - mobile
                       - roomNumber
                       - secretary
                       - mailForwardingAddress

# Currently not used, we only respect editable_attrs
        uneditable_attrs:
                       - uid
                      # - uidNumber
                      # - gidNumber
                      # - homeDirectory
                      # - host
                      # - manager
                      # - krb5PrincipalName
# List of attributes which are not displayed at all in the user view
        skip_attrs:
                     - objectClass
                     - krb5Key
                     - sambaMungedDial
                     - sambaPasswordHistory
                     - userPassword
                     - sambaLMPassword
                     - sambaNTPassword
                     - sambaPwdMustChange
                     - sambaSID
                     - sambaPrimaryGroupSID
                     - sambaAcctFlags
                     - sambaPwdCanChange
                     - sambaPwdLastSet
                     - sambaKickOffTime
                     - sambaUserWorkstations
                     - sambaLogonTime
                     - krb5KeyVersionNumber
                     - krb5PasswordEnd
                     - krb5MaxLife
                     - krb5MaxRenew
                     - krb5KDCFlags
                     - shadowLastChange
                     - shadowWarning
                     - shadowMax
                     - shadowMin
                     - shadowInactive
                     - shadowExpire
                     - shadowFlag

Plugin::Captcha:
        new:
                gd_font: giant
                width: 100
                height: 40
                lines: 7

        create: 
                - normal
                - rect

        particle: 
                - 100

        gd_font: giant

Plugin::Session:
        expires: 600

1	buchan	10	# This is the default configuration for CatDap. You should not need to
2			# modify it, unless you actually want to fix some default behaviour
3			# that is configured below
4			#
5			# For site-specific configuration, copy this file (catdap.yml) to
6			# have a _local suffix (catdap_local.yml) and make your changes there.
7			# Note that you only need to keep configuration sections that differ,
8			# the rest will be inherited
9
10	buchan	4	name: CatDap
11	buchan	56	default_view: Web
12	buchan	4
13	buchan	38	organisation: Mageia
14			apptitle: Mageia Identity Management
15	buchan	46	emailfrom: noreply@mageia.org
16	buchan	38
17	buchan	10	Model::Proxy:
18			base: ou=People,dc=mageia,dc=org
19	misc	16	dn: cn=catdap,ou=System Accounts,dc=mageia,dc=org
20	buchan	10	password: FIXME
21			host: ldap.mageia.org
22			start_tls: 1
23	buchan	5
24	buchan	10	# dn and password should not be required here, we rebind with credentials
25			# from the authenticated user using Model::LDAP::FromAuthentication
26			Model::User:
27	buchan	37	base: dc=mageia,dc=org
28	buchan	10	host: ldap.mageia.org
29			start_tls: 1
30
31	misc	164	register:
32			login_blacklist:
33			- apache
34
35	buchan	10	authentication:
36			default_realm: ldap
37			realms:
38			ldap:
39			credential:
40			class: Password
41			password_field: password
42			password_type: self_check
43			store:
44			class: LDAP
45			ldap_server: 'ldap.mageia.org'
46			start_tls: 1
47	misc	166	binddn: cn=catdap,ou=System Accounts,dc=mageia,dc=org
48	buchan	10	bindpw: FIXME
49			user_basedn: "ou=people,dc=mageia,dc=org"
50			user_filter: '(&(objectClass=inetOrgPerson)(uid=%s))'
51			user_scope: 'one'
52			user_field: 'uid'
53			use_roles: 1
54	buchan	37	role_basedn: 'dc=mageia,dc=org'
55			role_scope: 'sub'
56	buchan	10	role_field: 'cn'
57	buchan	37	role_value: 'dn'
58			role_filter: '(member=%s)'
59			role_search_as_user: 1
60	buchan	10
61	buchan	5	Controller::User:
62	buchan	10	# Attributes that the user can edit. Attributes present but not listed here
63			# will be show (if not in skip_attrs), but the form will not allow editing.
64			# Note that the actual access contols should be implemented on the LDAP side,
65			# that is where they belong, or you are being inconsistent if users have other
66			# means to access LDAP
67	buchan	5	editable_attrs:
68			- cn
69			- sn
70			- givenName
71			- mail
72			- mobile
73			- roomNumber
74			- secretary
75			- mailForwardingAddress
76	buchan	10
77			# Currently not used, we only respect editable_attrs
78	buchan	5	uneditable_attrs:
79			- uid
80			# - uidNumber
81			# - gidNumber
82	buchan	45	# - homeDirectory
83			# - host
84			# - manager
85			# - krb5PrincipalName
86	buchan	10	# List of attributes which are not displayed at all in the user view
87	buchan	5	skip_attrs:
88			- objectClass
89			- krb5Key
90			- sambaMungedDial
91			- sambaPasswordHistory
92			- userPassword
93			- sambaLMPassword
94			- sambaNTPassword
95			- sambaPwdMustChange
96			- sambaSID
97			- sambaPrimaryGroupSID
98			- sambaAcctFlags
99			- sambaPwdCanChange
100			- sambaPwdLastSet
101			- sambaKickOffTime
102			- sambaUserWorkstations
103			- sambaLogonTime
104			- krb5KeyVersionNumber
105			- krb5PasswordEnd
106			- krb5MaxLife
107			- krb5MaxRenew
108			- krb5KDCFlags
109			- shadowLastChange
110			- shadowWarning
111			- shadowMax
112			- shadowMin
113			- shadowInactive
114			- shadowExpire
115			- shadowFlag
116
117	buchan	4	Plugin::Captcha:
118			new:
119			gd_font: giant
120			width: 100
121	buchan	10	height: 40
122	buchan	4	lines: 7
123
124			create:
125			- normal
126			- rect
127
128			particle:
129			- 100
130
131			gd_font: giant
132
133	buchan	5	Plugin::Session:
134			expires: 600
135