CatDap/trunk/catdap.yml

# This is the default configuration for CatDap. You should not need to
# modify it, unless you actually want to fix some default behaviour
# that is configured below
#
# For site-specific configuration, copy this file (catdap.yml) to
# have a _local suffix (catdap_local.yml) and make your changes there.
# Note that you only need to keep configuration sections that differ,
# the rest will be inherited

name: CatDap
default_view: Web

organisation: Mageia
project_url: http://www.mageia.org/
apptitle: Mageia Identity Management
emailfrom: noreply@mageia.org

Model::Proxy:
        base: ou=People,dc=mageia,dc=org
        dn: cn=catdap,ou=System Accounts,dc=mageia,dc=org
        password: FIXME
        host: ldap.mageia.org
        start_tls: 1
        options:
                inet6: 1

# dn and password should not be required here, we rebind with credentials
# from the authenticated user using Model::LDAP::FromAuthentication
Model::User:
        base: dc=mageia,dc=org
        host: ldap.mageia.org
        start_tls: 1

register:
        login_regex: ^[a-z][a-z0-9_-]*$
        login_blacklist:
                - apache

forgot_password:
        secret:
                path:   '/tmp/'
                prefix: 'catdap-forgot_password-'
                timeout: 259200
        allow_filter: '(!(objectClass=posixAccount))'

authentication:
        default_realm: ldap
        realms:
                ldap:
                        credential:
                                class: Password
                                password_field: password
                                password_type: self_check
                        store:
                                class: LDAP
                                ldap_server:     'ldap.mageia.org'
                                ldap_server_options:
                                        inet6: 1
                                start_tls:       1
                                binddn:          cn=catdap,ou=System Accounts,dc=mageia,dc=org
                                bindpw:          FIXME
                                user_basedn:    "ou=people,dc=mageia,dc=org"
                                user_filter:    '(&(objectClass=inetOrgPerson)(uid=%s))'
                                user_scope:     'one'
                                user_field:     'uid'
                                email_filter:   '(&(objectClass=inetOrgPerson)(|(mail=%s)(mailAlternateAddress=%s)))'
                                use_roles:      1
                                role_basedn:    'dc=mageia,dc=org'
                                role_scope:     'sub'
                                role_field:     'cn'
                                role_value:     'dn'
                                role_filter:    '(member=%s)'
                                role_search_as_user: 1

Controller::User:
# Attributes that the user can edit. Attributes present but not listed here
# will be show (if not in skip_attrs), but the form will not allow editing.
# Note that the actual access contols should be implemented on the LDAP side,
# that is where they belong, or you are being inconsistent if users have other
# means to access LDAP
        editable_attrs:
                       - cn
                       - sn
                       - givenName
                       - mail
                       - mobile
                       - roomNumber
                       - secretary
                       - mailForwardingAddress
                       - sshPublicKey
                       - preferredLanguage

# Currently not used, we only respect editable_attrs
        uneditable_attrs:
                       - uid
                      # - uidNumber
                      # - gidNumber
                      # - homeDirectory
                      # - host
                      # - manager
                      # - krb5PrincipalName
# List of attributes which are not displayed at all in the user view
        skip_attrs:
                     - objectClass
                     - krb5Key
                     - sambaMungedDial
                     - sambaPasswordHistory
                     - userPassword
                     - sambaLMPassword
                     - sambaNTPassword
                     - sambaPwdMustChange
                     - sambaSID
                     - sambaPrimaryGroupSID
                     - sambaAcctFlags
                     - sambaPwdCanChange
                     - sambaPwdLastSet
                     - sambaKickOffTime
                     - sambaUserWorkstations
                     - sambaLogonTime
                     - krb5KeyVersionNumber
                     - krb5PasswordEnd
                     - krb5MaxLife
                     - krb5MaxRenew
                     - krb5KDCFlags
                     - shadowLastChange
                     - shadowWarning
                     - shadowMax
                     - shadowMin
                     - shadowInactive
                     - shadowExpire
                     - shadowFlag

Plugin::Captcha:
        new:
                gd_font: giant
                width: 100
                height: 40
                lines: 7
                scramble: 1

        create: 
                - normal
                - rect

        particle: 
                - 100

        gd_font: giant

Plugin::Session:
        expires: 600

1	# This is the default configuration for CatDap. You should not need to
2	# modify it, unless you actually want to fix some default behaviour
3	# that is configured below
4	#
5	# For site-specific configuration, copy this file (catdap.yml) to
6	# have a _local suffix (catdap_local.yml) and make your changes there.
7	# Note that you only need to keep configuration sections that differ,
8	# the rest will be inherited
9
10	name: CatDap
11	default_view: Web
12
13	organisation: Mageia
14	project_url: http://www.mageia.org/
15	apptitle: Mageia Identity Management
16	emailfrom: noreply@mageia.org
17
18	Model::Proxy:
19	base: ou=People,dc=mageia,dc=org
20	dn: cn=catdap,ou=System Accounts,dc=mageia,dc=org
21	password: FIXME
22	host: ldap.mageia.org
23	start_tls: 1
24	options:
25	inet6: 1
26
27	# dn and password should not be required here, we rebind with credentials
28	# from the authenticated user using Model::LDAP::FromAuthentication
29	Model::User:
30	base: dc=mageia,dc=org
31	host: ldap.mageia.org
32	start_tls: 1
33
34	register:
35	login_regex: ^[a-z][a-z0-9_-]*$
36	login_blacklist:
37	- apache
38
39	forgot_password:
40	secret:
41	path: '/tmp/'
42	prefix: 'catdap-forgot_password-'
43	timeout: 259200
44	allow_filter: '(!(objectClass=posixAccount))'
45
46	authentication:
47	default_realm: ldap
48	realms:
49	ldap:
50	credential:
51	class: Password
52	password_field: password
53	password_type: self_check
54	store:
55	class: LDAP
56	ldap_server: 'ldap.mageia.org'
57	ldap_server_options:
58	inet6: 1
59	start_tls: 1
60	binddn: cn=catdap,ou=System Accounts,dc=mageia,dc=org
61	bindpw: FIXME
62	user_basedn: "ou=people,dc=mageia,dc=org"
63	user_filter: '(&(objectClass=inetOrgPerson)(uid=%s))'
64	user_scope: 'one'
65	user_field: 'uid'
66	email_filter: '(&(objectClass=inetOrgPerson)(\|(mail=%s)(mailAlternateAddress=%s)))'
67	use_roles: 1
68	role_basedn: 'dc=mageia,dc=org'
69	role_scope: 'sub'
70	role_field: 'cn'
71	role_value: 'dn'
72	role_filter: '(member=%s)'
73	role_search_as_user: 1
74
75	Controller::User:
76	# Attributes that the user can edit. Attributes present but not listed here
77	# will be show (if not in skip_attrs), but the form will not allow editing.
78	# Note that the actual access contols should be implemented on the LDAP side,
79	# that is where they belong, or you are being inconsistent if users have other
80	# means to access LDAP
81	editable_attrs:
82	- cn
83	- sn
84	- givenName
85	- mail
86	- mobile
87	- roomNumber
88	- secretary
89	- mailForwardingAddress
90	- sshPublicKey
91	- preferredLanguage
92
93	# Currently not used, we only respect editable_attrs
94	uneditable_attrs:
95	- uid
96	# - uidNumber
97	# - gidNumber
98	# - homeDirectory
99	# - host
100	# - manager
101	# - krb5PrincipalName
102	# List of attributes which are not displayed at all in the user view
103	skip_attrs:
104	- objectClass
105	- krb5Key
106	- sambaMungedDial
107	- sambaPasswordHistory
108	- userPassword
109	- sambaLMPassword
110	- sambaNTPassword
111	- sambaPwdMustChange
112	- sambaSID
113	- sambaPrimaryGroupSID
114	- sambaAcctFlags
115	- sambaPwdCanChange
116	- sambaPwdLastSet
117	- sambaKickOffTime
118	- sambaUserWorkstations
119	- sambaLogonTime
120	- krb5KeyVersionNumber
121	- krb5PasswordEnd
122	- krb5MaxLife
123	- krb5MaxRenew
124	- krb5KDCFlags
125	- shadowLastChange
126	- shadowWarning
127	- shadowMax
128	- shadowMin
129	- shadowInactive
130	- shadowExpire
131	- shadowFlag
132
133	Plugin::Captcha:
134	new:
135	gd_font: giant
136	width: 100
137	height: 40
138	lines: 7
139	scramble: 1
140
141	create:
142	- normal
143	- rect
144
145	particle:
146	- 100
147
148	gd_font: giant
149
150	Plugin::Session:
151	expires: 600
152