CatDap/trunk/catdap.yml

# This is the default configuration for CatDap. You should not need to
# modify it, unless you actually want to fix some default behaviour
# that is configured below
#
# For site-specific configuration, copy this file (catdap.yml) to
# have a _local suffix (catdap_local.yml) and make your changes there.
# Note that you only need to keep configuration sections that differ,
# the rest will be inherited

name: CatDap
default_view: Web

organisation: Mageia
project_url: http://www.mageia.org/
apptitle: Mageia Identity Management
emailfrom: noreply@mageia.org

Model::Proxy:
        base: ou=People,dc=mageia,dc=org
        dn: cn=catdap,ou=System Accounts,dc=mageia,dc=org
        password: FIXME
        host: ldap.mageia.org
        start_tls: 1
        options:
                inet6: 1

# dn and password should not be required here, we rebind with credentials
# from the authenticated user using Model::LDAP::FromAuthentication
Model::User:
        base: dc=mageia,dc=org
        host: ldap.mageia.org
        start_tls: 1

register:
        login_blacklist:
                - apache

forgot_password:
        secret:
                path:   '/tmp/'
                prefix: 'catdap-forgot_password-'
                timeout: 259200
        allow_filter: '(!(objectClass=posixAccount))'

authentication:
        default_realm: ldap
        realms:
                ldap:
                        credential:
                                class: Password
                                password_field: password
                                password_type: self_check
                        store:
                                class: LDAP
                                ldap_server:     'ldap.mageia.org'
                                ldap_server_options:
                                        inet6: 1
                                start_tls:       1
                                binddn:          cn=catdap,ou=System Accounts,dc=mageia,dc=org
                                bindpw:          FIXME
                                user_basedn:    "ou=people,dc=mageia,dc=org"
                                user_filter:    '(&(objectClass=inetOrgPerson)(uid=%s))'
                                user_scope:     'one'
                                user_field:     'uid'
                                email_filter:   '(&(objectClass=inetOrgPerson)(|(mail=%s)(mailAlternateAddress=%s)))'
                                use_roles:      1
                                role_basedn:    'dc=mageia,dc=org'
                                role_scope:     'sub'
                                role_field:     'cn'
                                role_value:     'dn'
                                role_filter:    '(member=%s)'
                                role_search_as_user: 1

Controller::User:
# Attributes that the user can edit. Attributes present but not listed here
# will be show (if not in skip_attrs), but the form will not allow editing.
# Note that the actual access contols should be implemented on the LDAP side,
# that is where they belong, or you are being inconsistent if users have other
# means to access LDAP
        editable_attrs:
                       - cn
                       - sn
                       - givenName
                       - mail
                       - mobile
                       - roomNumber
                       - secretary
                       - mailForwardingAddress
                       - sshPublicKey
                       - preferredLanguage

# Currently not used, we only respect editable_attrs
        uneditable_attrs:
                       - uid
                      # - uidNumber
                      # - gidNumber
                      # - homeDirectory
                      # - host
                      # - manager
                      # - krb5PrincipalName
# List of attributes which are not displayed at all in the user view
        skip_attrs:
                     - objectClass
                     - krb5Key
                     - sambaMungedDial
                     - sambaPasswordHistory
                     - userPassword
                     - sambaLMPassword
                     - sambaNTPassword
                     - sambaPwdMustChange
                     - sambaSID
                     - sambaPrimaryGroupSID
                     - sambaAcctFlags
                     - sambaPwdCanChange
                     - sambaPwdLastSet
                     - sambaKickOffTime
                     - sambaUserWorkstations
                     - sambaLogonTime
                     - krb5KeyVersionNumber
                     - krb5PasswordEnd
                     - krb5MaxLife
                     - krb5MaxRenew
                     - krb5KDCFlags
                     - shadowLastChange
                     - shadowWarning
                     - shadowMax
                     - shadowMin
                     - shadowInactive
                     - shadowExpire
                     - shadowFlag

Plugin::Captcha:
        new:
                gd_font: giant
                width: 100
                height: 40
                lines: 7

        create: 
                - normal
                - rect

        particle: 
                - 100

        gd_font: giant

Plugin::Session:
        expires: 600

1	# This is the default configuration for CatDap. You should not need to
2	# modify it, unless you actually want to fix some default behaviour
3	# that is configured below
4	#
5	# For site-specific configuration, copy this file (catdap.yml) to
6	# have a _local suffix (catdap_local.yml) and make your changes there.
7	# Note that you only need to keep configuration sections that differ,
8	# the rest will be inherited
9
10	name: CatDap
11	default_view: Web
12
13	organisation: Mageia
14	project_url: http://www.mageia.org/
15	apptitle: Mageia Identity Management
16	emailfrom: noreply@mageia.org
17
18	Model::Proxy:
19	base: ou=People,dc=mageia,dc=org
20	dn: cn=catdap,ou=System Accounts,dc=mageia,dc=org
21	password: FIXME
22	host: ldap.mageia.org
23	start_tls: 1
24	options:
25	inet6: 1
26
27	# dn and password should not be required here, we rebind with credentials
28	# from the authenticated user using Model::LDAP::FromAuthentication
29	Model::User:
30	base: dc=mageia,dc=org
31	host: ldap.mageia.org
32	start_tls: 1
33
34	register:
35	login_blacklist:
36	- apache
37
38	forgot_password:
39	secret:
40	path: '/tmp/'
41	prefix: 'catdap-forgot_password-'
42	timeout: 259200
43	allow_filter: '(!(objectClass=posixAccount))'
44
45	authentication:
46	default_realm: ldap
47	realms:
48	ldap:
49	credential:
50	class: Password
51	password_field: password
52	password_type: self_check
53	store:
54	class: LDAP
55	ldap_server: 'ldap.mageia.org'
56	ldap_server_options:
57	inet6: 1
58	start_tls: 1
59	binddn: cn=catdap,ou=System Accounts,dc=mageia,dc=org
60	bindpw: FIXME
61	user_basedn: "ou=people,dc=mageia,dc=org"
62	user_filter: '(&(objectClass=inetOrgPerson)(uid=%s))'
63	user_scope: 'one'
64	user_field: 'uid'
65	email_filter: '(&(objectClass=inetOrgPerson)(\|(mail=%s)(mailAlternateAddress=%s)))'
66	use_roles: 1
67	role_basedn: 'dc=mageia,dc=org'
68	role_scope: 'sub'
69	role_field: 'cn'
70	role_value: 'dn'
71	role_filter: '(member=%s)'
72	role_search_as_user: 1
73
74	Controller::User:
75	# Attributes that the user can edit. Attributes present but not listed here
76	# will be show (if not in skip_attrs), but the form will not allow editing.
77	# Note that the actual access contols should be implemented on the LDAP side,
78	# that is where they belong, or you are being inconsistent if users have other
79	# means to access LDAP
80	editable_attrs:
81	- cn
82	- sn
83	- givenName
84	- mail
85	- mobile
86	- roomNumber
87	- secretary
88	- mailForwardingAddress
89	- sshPublicKey
90	- preferredLanguage
91
92	# Currently not used, we only respect editable_attrs
93	uneditable_attrs:
94	- uid
95	# - uidNumber
96	# - gidNumber
97	# - homeDirectory
98	# - host
99	# - manager
100	# - krb5PrincipalName
101	# List of attributes which are not displayed at all in the user view
102	skip_attrs:
103	- objectClass
104	- krb5Key
105	- sambaMungedDial
106	- sambaPasswordHistory
107	- userPassword
108	- sambaLMPassword
109	- sambaNTPassword
110	- sambaPwdMustChange
111	- sambaSID
112	- sambaPrimaryGroupSID
113	- sambaAcctFlags
114	- sambaPwdCanChange
115	- sambaPwdLastSet
116	- sambaKickOffTime
117	- sambaUserWorkstations
118	- sambaLogonTime
119	- krb5KeyVersionNumber
120	- krb5PasswordEnd
121	- krb5MaxLife
122	- krb5MaxRenew
123	- krb5KDCFlags
124	- shadowLastChange
125	- shadowWarning
126	- shadowMax
127	- shadowMin
128	- shadowInactive
129	- shadowExpire
130	- shadowFlag
131
132	Plugin::Captcha:
133	new:
134	gd_font: giant
135	width: 100
136	height: 40
137	lines: 7
138
139	create:
140	- normal
141	- rect
142
143	particle:
144	- 100
145
146	gd_font: giant
147
148	Plugin::Session:
149	expires: 600
150