forked from milux/ctldap
-
Notifications
You must be signed in to change notification settings - Fork 2
/
ctldap.example.config
53 lines (46 loc) · 2.58 KB
/
ctldap.example.config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
; Add debug infos to log
debug=false
; This is required for clients using lowercase DNs, e.g. ownCloud/nextCloud
dn_lower_case=true
; This is required for clients that need lowercase email addresses, e.g. Seafile
email_lower_case=true
; LDAP admin user, can be a "virtual" root user or a ChurchTools user name (virtual root is recommended!)
ldap_user=root
; The static password to be used for the ldap_user if it is NOT a CT account, or the account password of the chosen user otherwise
; If you did not use install.sh, choose a LONG SECURE RANDOM password from a password generator like KeePass!
ldap_password=XXXXXXXXXXXXXXXXXXXX
; LDAP server port
ldap_port=1389
; The ctldap.sh service script will try to read this and setup an iptables NAT rule from iptables_port to ldap_port if it is set
iptables_port=389
; LDAP base DN o=xxx, e.g. churchtools
ldap_base_dn=churchtools
; The URI pointing to the root of your ChurchTools installation
ct_uri=https://mysite.church.tools/
; This user credentials are used to authenticate against ChurchTools for API access
; The user must be granted "churchcore:administer persons" and "churchdb:view" rights for the wrapper to work properly!
; IMPORTANT: It is strongly recommended to use a LONG SECURE RANDOM password from a generator like KeePass for this user!
api_user=XXXXXXXXXXXXXXXXXXXX
api_password=XXXXXXXXXXXXXXXXXXXX
; This controls (in milliseconds) how old the user/group data can be until it is fetched from ChurchTools again
cache_lifetime=10000
; To use SSL/TLS, provide file names for x509 certificate and key here
; Use this command to create a private key and a certificate:
; openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365
; Use this command to remove the encryption password:
; openssl rsa -in key.pem -out newkey.pem && mv newkey.pem key.pem
; ldap_cert_filename=cert.pem
; ldap_key_filename=key.pem
; Define the sites here. For each site please enter one section.
; The section title has to be in the format sites.<ldap_base_dn>, e.g. "sites.foobar",
; where foobar is the organisation, as in the instance foobar.church.tools .
; dn_lower_case is optional, if not specified, the default value will be taken from the config above
; email_lower_case is optional, if not specified, the default value will be taken from the config above
; If ldap_base_dn is set above, the setting above are treated as an additional site.
;[sites.XXXXXXXXXXXXXXXXXXXX]
;ldap_password=XXXXXXXXXXXXXXXXXXXX
;ct_uri=https://XXXXXXXXXXXXXXXXXXXX.church.tools/
;api_user=XXXXXXXXXXXXXXXXXXXX
;api_password=XXXXXXXXXXXXXXXXXXXX
;dn_lower_case=true
;email_lower_case=true