mirror of
https://github.com/wekan/wekan.git
synced 2025-04-23 13:37:09 -04:00
LDAP AD Simple Auth: Added settings for all Wekan Standalone (non-Sandstorm) platforms.
Thanks to xet7 !
This commit is contained in:
Lauri Ojansivu
parent
c0d1ed714e
commit
fe40f35d6d
8 changed files with 243 additions and 45 deletions
|
|
@ -64,6 +64,9 @@ ENV BUILD_DEPS="apt-utils libarchive-tools gnupg gosu wget curl bzip2 g++ build-
|
|||
LDAP_ENABLE=false \
|
||||
LDAP_PORT=389 \
|
||||
LDAP_HOST="" \
|
||||
LDAP_AD_SIMPLE_AUTH="" \
|
||||
LDAP_USER_AUTHENTICATION=false \
|
||||
LDAP_USER_AUTHENTICATION_FIELD=uid \
|
||||
LDAP_BASEDN="" \
|
||||
LDAP_LOGIN_FALLBACK=false \
|
||||
LDAP_RECONNECT=true \
|
||||
|
|
@ -81,8 +84,6 @@ ENV BUILD_DEPS="apt-utils libarchive-tools gnupg gosu wget curl bzip2 g++ build-
|
|||
LDAP_ENCRYPTION=false \
|
||||
LDAP_CA_CERT="" \
|
||||
LDAP_REJECT_UNAUTHORIZED=false \
|
||||
LDAP_USER_AUTHENTICATION=false \
|
||||
LDAP_USER_AUTHENTICATION_FIELD=uid \
|
||||
LDAP_USER_SEARCH_FILTER="" \
|
||||
LDAP_USER_SEARCH_SCOPE="" \
|
||||
LDAP_USER_SEARCH_FIELD="" \
|
||||
|
|
|
|||
|
|
@ -439,16 +439,48 @@ services:
|
|||
#
|
||||
# The host server for the LDAP server
|
||||
#- LDAP_HOST=localhost
|
||||
#
|
||||
# set to true, if you want to connect with Active Directory by Simple Authentication
|
||||
- LDAP_AD_SIMPLE_AUTH=true
|
||||
#
|
||||
# set to true, if the login user is used for binding
|
||||
- LDAP_USER_AUTHENTICATION=true
|
||||
#-----------------------------------------------------------------
|
||||
# ==== LDAP AD Simple Auth ====
|
||||
#
|
||||
# Set to true, if you want to connect with Active Directory by Simple Authentication.
|
||||
# When using AD Simple Auth, LDAP_BASEDN is not needed.
|
||||
#
|
||||
# Example:
|
||||
#- LDAP_AD_SIMPLE_AUTH=true
|
||||
#
|
||||
# === LDAP User Authentication ===
|
||||
#
|
||||
# a) Option to login to the LDAP server with the user's own username and password, instead of
|
||||
# an administrator key. Default: false (use administrator key).
|
||||
#
|
||||
# b) When using AD Simple Auth, set to true, when login user is used for binding,
|
||||
# and LDAP_BASEDN is not needed.
|
||||
#
|
||||
# Example:
|
||||
#- LDAP_USER_AUTHENTICATION=true
|
||||
#
|
||||
# Which field is used to find the user for the user authentication. Default: uid.
|
||||
#- LDAP_USER_AUTHENTICATION_FIELD=uid
|
||||
#
|
||||
# === LDAP Default Domain ===
|
||||
#
|
||||
# a) In case AD SimpleAuth is configured, the default domain is appended to the given
|
||||
# loginname for creating the correct username for the bind request to AD.
|
||||
#
|
||||
# b) The default domain of the ldap it is used to create email if the field is not map
|
||||
# correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
|
||||
#
|
||||
# Example :
|
||||
#- LDAP_DEFAULT_DOMAIN=mydomain.com
|
||||
#
|
||||
#-----------------------------------------------------------------
|
||||
# ==== LDAP BASEDN Auth ====
|
||||
#
|
||||
# The base DN for the LDAP Tree
|
||||
#- LDAP_BASEDN=ou=user,dc=example,dc=org
|
||||
#
|
||||
#-----------------------------------------------------------------
|
||||
# Fallback on the default authentication method
|
||||
#- LDAP_LOGIN_FALLBACK=false
|
||||
#
|
||||
|
|
@ -499,12 +531,6 @@ services:
|
|||
# Reject Unauthorized Certificate
|
||||
#- LDAP_REJECT_UNAUTHORIZED=false
|
||||
#
|
||||
# Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
|
||||
#- LDAP_USER_AUTHENTICATION=true
|
||||
#
|
||||
# Which field is used to find the user for the user authentication. Default: uid.
|
||||
#- LDAP_USER_AUTHENTICATION_FIELD=uid
|
||||
#
|
||||
# Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
|
||||
#- LDAP_USER_SEARCH_FILTER=
|
||||
#
|
||||
|
|
@ -570,10 +596,8 @@ services:
|
|||
#
|
||||
#- LDAP_SYNC_GROUP_ROLES=
|
||||
#
|
||||
# The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
|
||||
# In case SimpleAuth with AD is configured, the default domain is appended to the given loginname for creating the correct username for the bind request to AD
|
||||
# example :
|
||||
#- LDAP_DEFAULT_DOMAIN=mydomain.com
|
||||
# The default domain of the ldap it is used to create email if the field is not map correctly
|
||||
# with the LDAP_SYNC_USER_DATA_FIELDMAP is defined in setting LDAP_DEFAULT_DOMAIN above.
|
||||
#
|
||||
# Enable/Disable syncing of admin status based on ldap groups:
|
||||
#- LDAP_SYNC_ADMIN_STATUS=true
|
||||
|
|
|
|||
|
|
@ -230,7 +230,7 @@ export default class LDAP {
|
|||
if (!this.options.BaseDN && !this.options.AD_Simple_Auth) throw new Error('BaseDN is not provided');
|
||||
|
||||
var userDn = "";
|
||||
if (this.options.AD_Simple_Auth === true) {
|
||||
if (this.options.AD_Simple_Auth === true || this.options.AD_Simple_Auth === 'true') {
|
||||
userDn = `${username}@${this.options.Default_Domain}`;
|
||||
} else {
|
||||
userDn = `${this.options.User_Authentication_Field}=${username},${this.options.BaseDN}`;
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
# All supported keys are defined here together with descriptions and default values
|
||||
|
||||
# list of supported keys
|
||||
keys="DEBUG MONGO_LOG_DESTINATION MONGO_URL MONGODB_BIND_UNIX_SOCKET MONGO_URL MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API RICHER_CARD_COMMENT_EDITOR CARD_OPENED_WEBHOOK_ENABLED ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW MAX_IMAGE_PIXEL IMAGE_COMPRESS_RATIO BIGEVENTS_PATTERN NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE NOTIFY_DUE_DAYS_BEFORE_AND_AFTER NOTIFY_DUE_AT_HOUR_OF_DAY EMAIL_NOTIFICATION_TIMEOUT CORS CORS_ALLOW_HEADERS CORS_EXPOSE_HEADERS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CA_CERT OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_EMAIL_MAP OAUTH2_REQUEST_PERMISSIONS OAUTH2_ADFS_ENABLED LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_AUTHENTICATION_FIELD LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD ATTACHMENTS_STORE_PATH PASSWORD_LOGIN_ENABLED CAS_ENABLED CAS_BASE_URL CAS_LOGIN_URL CAS_VALIDATE_URL SAML_ENABLED SAML_PROVIDER SAML_ENTRYPOINT SAML_ISSUER SAML_CERT SAML_IDPSLO_REDIRECTURL SAML_PRIVATE_KEYFILE SAML_PUBLIC_CERTFILE SAML_IDENTIFIER_FORMAT SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE SAML_ATTRIBUTES ORACLE_OIM_ENABLED RESULTS_PER_PAGE WAIT_SPINNER"
|
||||
keys="DEBUG MONGO_LOG_DESTINATION MONGO_URL MONGODB_BIND_UNIX_SOCKET MONGO_URL MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API RICHER_CARD_COMMENT_EDITOR CARD_OPENED_WEBHOOK_ENABLED ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW MAX_IMAGE_PIXEL IMAGE_COMPRESS_RATIO BIGEVENTS_PATTERN NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE NOTIFY_DUE_DAYS_BEFORE_AND_AFTER NOTIFY_DUE_AT_HOUR_OF_DAY EMAIL_NOTIFICATION_TIMEOUT CORS CORS_ALLOW_HEADERS CORS_EXPOSE_HEADERS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CA_CERT OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_EMAIL_MAP OAUTH2_REQUEST_PERMISSIONS OAUTH2_ADFS_ENABLED LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_AD_SIMPLE_AUTH LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_AUTHENTICATION_FIELD LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD ATTACHMENTS_STORE_PATH PASSWORD_LOGIN_ENABLED CAS_ENABLED CAS_BASE_URL CAS_LOGIN_URL CAS_VALIDATE_URL SAML_ENABLED SAML_PROVIDER SAML_ENTRYPOINT SAML_ISSUER SAML_CERT SAML_IDPSLO_REDIRECTURL SAML_PRIVATE_KEYFILE SAML_PUBLIC_CERTFILE SAML_IDENTIFIER_FORMAT SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE SAML_ATTRIBUTES ORACLE_OIM_ENABLED RESULTS_PER_PAGE WAIT_SPINNER"
|
||||
|
||||
# default values
|
||||
DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'"
|
||||
|
|
@ -256,6 +256,10 @@ DESCRIPTION_LDAP_HOST="The host server for the LDAP server"
|
|||
DEFAULT_LDAP_HOST=""
|
||||
KEY_LDAP_HOST="ldap-host"
|
||||
|
||||
DESCRIPTION_LDAP_AD_SIMPLE_AUTH="LDAP AD Simple Auth. When enabled, ldap-basedn is not needed, and also do set ldap-user-authentication='true'. Example: true"
|
||||
DEFAULT_LDAP_AD_SIMPLE_AUTH=""
|
||||
KEY_LDAP_AD_SIMPLE_AUTH="ldap-ad-simple-auth"
|
||||
|
||||
DESCRIPTION_LDAP_BASEDN="The base DN for the LDAP Tree"
|
||||
DEFAULT_LDAP_BASEDN=""
|
||||
KEY_LDAP_BASEDN="ldap-basedn"
|
||||
|
|
@ -432,7 +436,7 @@ DESCRIPTION_LDAP_SYNC_ADMIN_GROUPS="Comma separated list of admin group names to
|
|||
DEFAULT_LDAP_SYNC_ADMIN_GROUPS=""
|
||||
KEY_LDAP_SYNC_ADMIN_GROUPS="ldap-sync-admin-groups"
|
||||
|
||||
DESCRIPTION_LDAP_DEFAULT_DOMAIN="The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP"
|
||||
DESCRIPTION_LDAP_DEFAULT_DOMAIN="LDAP default domain. a) In case AD SimpleAuth is configured, the default domain is appended to the given loginname for creating the correct username for the bind request to AD. b) The default domain of the ldap it is used to create email if the field is not map correctly with the ldap-sync-user-data-fieldmap."
|
||||
DEFAULT_LDAP_DEFAULT_DOMAIN=""
|
||||
KEY_LDAP_DEFAULT_DOMAIN="ldap-default-domain"
|
||||
|
||||
|
|
|
|||
|
|
@ -297,6 +297,18 @@ echo -e "Ldap Port."
|
|||
echo -e "The port of the ldap server:"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-port='12345'"
|
||||
echo -e "\n"
|
||||
echo -e "LDAP AD Simple Auth. When enabled, ldap-basedn is not needed, and also do set ldap-user-autentication='true'. Example: true. Enable:"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-ad-simple-auth='true'"
|
||||
echo -e "\t-Disable the LDAP AD Simple Auth of Wekan:"
|
||||
echo -e "\t$ snap unset $SNAP_NAME ldap-ad-simple-auth"
|
||||
echo -e "\n"
|
||||
echo -e "a) Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key)."
|
||||
echo -e "b) For LDAP AD Simple Auth, set to true."
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-user-authentication='true'"
|
||||
echo -e "\n"
|
||||
echo -e "Which field is used to find the user for the user authentication. Default: uid."
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-user-authentication-field='uid'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Host."
|
||||
echo -e "The host server for the LDAP server:"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-host='localhost'"
|
||||
|
|
@ -370,12 +382,6 @@ echo -e "Ldap Reject Unauthorized."
|
|||
echo -e "Reject Unauthorized Certificate:"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-reject-unauthorized='true'"
|
||||
echo -e "\n"
|
||||
echo -e "Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key)."
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-user-authentication='true'"
|
||||
echo -e "\n"
|
||||
echo -e "Which field is used to find the user for the user authentication. Default: uid."
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-user-authentication-field='uid'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap User Search Filter."
|
||||
echo -e "Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed:"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-user-search-filter=''"
|
||||
|
|
@ -460,7 +466,8 @@ echo -e "Ldap Sync Group Roles."
|
|||
echo -e "\t$ snap set $SNAP_NAME ldap-sync-group-roles=''"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Default Domain."
|
||||
echo -e "The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP:"
|
||||
echo -e "a) In case AD SimpleAuth is configured, the default domain is appended to the given loginname for creating the correct username for the bind request to AD."
|
||||
echo -e "b) The default domain of the ldap it is used to create email if the field is not map correctly with the ldap-sync-user-data-fieldmap."
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-default-domain=''"
|
||||
echo -e "\n"
|
||||
echo -e "Enable/Disable syncing of admin status based on LDAP groups."
|
||||
|
|
|
|||
|
|
@ -190,10 +190,45 @@ REM # LDAP_HOST : The host server for the LDAP server
|
|||
REM # example : LDAP_HOST=localhost
|
||||
REM SET LDAP_HOST=
|
||||
|
||||
REM #-----------------------------------------------------------------
|
||||
REM # ==== LDAP AD Simple Auth ====
|
||||
REM # Set to true, if you want to connect with Active Directory by Simple Authentication.
|
||||
REM # When using AD Simple Auth, LDAP_BASEDN is not needed.
|
||||
REM SET LDAP_AD_SIMPLE_AUTH=true
|
||||
|
||||
REM #-----------------------------------------------------------------
|
||||
REM # === LDAP User Authentication ===
|
||||
REM #
|
||||
REM # a) Option to login to the LDAP server with the user's own username and password, instead of
|
||||
REM # an administrator key. Default: false (use administrator key).
|
||||
REM #
|
||||
REM # b) When using AD Simple Auth, set to true, when login user is used for binding,
|
||||
REM # and LDAP_BASEDN is not needed.
|
||||
REM #
|
||||
REM # Example:
|
||||
REM SET LDAP_USER_AUTHENTICATION=true
|
||||
|
||||
REM # Which field is used to find the user for the user authentication. Default: uid.
|
||||
REM SET LDAP_USER_AUTHENTICATION_FIELD=uid
|
||||
|
||||
REM # === LDAP Default Domain ===
|
||||
REM #
|
||||
REM # a) In case AD SimpleAuth is configured, the default domain is appended to the given
|
||||
REM # loginname for creating the correct username for the bind request to AD.
|
||||
REM #
|
||||
REM # b) The default domain of the ldap it is used to create email if the field is not map
|
||||
REM # correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
|
||||
REM #
|
||||
REM # Example :
|
||||
REM SET LDAP_DEFAULT_DOMAIN=mydomain.com
|
||||
|
||||
REM #-----------------------------------------------------------------
|
||||
REM # ==== LDAP BASEDN Auth ====
|
||||
REM # LDAP_BASEDN : The base DN for the LDAP Tree
|
||||
REM # example : LDAP_BASEDN=ou=user,dc=example,dc=org
|
||||
REM SET LDAP_BASEDN=
|
||||
|
||||
REM #-----------------------------------------------------------------
|
||||
REM # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method
|
||||
REM # example : LDAP_LOGIN_FALLBACK=true
|
||||
REM SET LDAP_LOGIN_FALLBACK=false
|
||||
|
|
@ -265,12 +300,6 @@ REM # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate
|
|||
REM # example : LDAP_REJECT_UNAUTHORIZED=true
|
||||
REM SET LDAP_REJECT_UNAUTHORIZED=false
|
||||
|
||||
REM # Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
|
||||
REM SET LDAP_USER_AUTHENTICATION=true
|
||||
|
||||
REM # Which field is used to find the user for the user authentication. Default: uid.
|
||||
REM SET LDAP_USER_AUTHENTICATION_FIELD=uid
|
||||
|
||||
REM # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
|
||||
REM # example : LDAP_USER_SEARCH_FILTER=
|
||||
REM SET LDAP_USER_SEARCH_FILTER=
|
||||
|
|
@ -355,14 +384,13 @@ REM # LDAP_SYNC_USER_DATA_FIELDMAP :
|
|||
REM # example : LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"}
|
||||
REM SET LDAP_SYNC_USER_DATA_FIELDMAP=
|
||||
|
||||
REM # The default domain of the ldap it is used to create email if the field is not map correctly
|
||||
REM # with the LDAP_SYNC_USER_DATA_FIELDMAP is defined in setting LDAP_DEFAULT_DOMAIN above.
|
||||
|
||||
REM # LDAP_SYNC_GROUP_ROLES :
|
||||
REM # example :
|
||||
REM # SET LDAP_SYNC_GROUP_ROLES=
|
||||
|
||||
REM # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
|
||||
REM # example :
|
||||
REM SET LDAP_DEFAULT_DOMAIN=
|
||||
|
||||
REM # Enable/Disable syncing of admin status based on ldap groups:
|
||||
REM SET LDAP_SYNC_ADMIN_STATUS=true
|
||||
|
||||
|
|
|
|||
114
start-wekan.sh
114
start-wekan.sh
|
|
@ -111,6 +111,7 @@
|
|||
## The option that allows matomo to retrieve the username:
|
||||
# Example: export MATOMO_WITH_USERNAME=true
|
||||
#export MATOMO_WITH_USERNAME='false'
|
||||
#---------------------------------------------
|
||||
# Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside.
|
||||
# Setting this to false is not recommended, it also disables all other browser policy protections
|
||||
# and allows all iframing etc. See wekan/server/policy.js
|
||||
|
|
@ -133,27 +134,36 @@
|
|||
# 2) Configure the environment variables. This differs slightly
|
||||
# by installation type, but make sure you have the following:
|
||||
#export OAUTH2_ENABLED=true
|
||||
#
|
||||
# Optional OAuth2 CA Cert, see https://github.com/wekan/wekan/issues/3299
|
||||
#export OAUTH2_CA_CERT=ABCD1234
|
||||
#
|
||||
# Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting.
|
||||
#export OAUTH2_ADFS_ENABLED=false
|
||||
#
|
||||
# OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
|
||||
# OAuth2 login style: popup or redirect.
|
||||
#export OAUTH2_LOGIN_STYLE=redirect
|
||||
#
|
||||
# Application GUID captured during app registration:
|
||||
#export OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
|
||||
#
|
||||
# Secret key generated during app registration:
|
||||
#export OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||||
#export OAUTH2_SERVER_URL=https://login.microsoftonline.com/
|
||||
#export OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize
|
||||
#export OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo
|
||||
#export OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token
|
||||
#
|
||||
# The claim name you want to map to the unique ID field:
|
||||
#export OAUTH2_ID_MAP=email
|
||||
#
|
||||
# The claim name you want to map to the username field:
|
||||
#export OAUTH2_USERNAME_MAP=email
|
||||
#
|
||||
# The claim name you want to map to the full name field:
|
||||
#export OAUTH2_FULLNAME_MAP=name
|
||||
#
|
||||
# The claim name you want to map to the email field:
|
||||
#export OAUTH2_EMAIL_MAP=email
|
||||
#-----------------------------------------------------------------
|
||||
|
|
@ -175,63 +185,124 @@
|
|||
# https://github.com/wekan/wekan/wiki/OAuth2
|
||||
# Enable the OAuth2 connection
|
||||
#export OAUTH2_ENABLED=true
|
||||
#
|
||||
# OAuth2 login style: popup or redirect.
|
||||
#export OAUTH2_LOGIN_STYLE=redirect
|
||||
#
|
||||
# OAuth2 Client ID.
|
||||
#export OAUTH2_CLIENT_ID=abcde12345
|
||||
#
|
||||
# OAuth2 Secret.
|
||||
#export OAUTH2_SECRET=54321abcde
|
||||
#
|
||||
# OAuth2 Server URL.
|
||||
#export OAUTH2_SERVER_URL=https://chat.example.com
|
||||
#
|
||||
# OAuth2 Authorization Endpoint.
|
||||
#export OAUTH2_AUTH_ENDPOINT=/oauth/authorize
|
||||
#
|
||||
# OAuth2 Userinfo Endpoint.
|
||||
#export OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
|
||||
#
|
||||
# OAuth2 Token Endpoint.
|
||||
#export OAUTH2_TOKEN_ENDPOINT=/oauth/token
|
||||
#
|
||||
# OAUTH2 ID Token Whitelist Fields.
|
||||
#export OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
|
||||
#
|
||||
# OAUTH2 Request Permissions.
|
||||
#export OAUTH2_REQUEST_PERMISSIONS='openid profile email'
|
||||
#
|
||||
# OAuth2 ID Mapping
|
||||
#export OAUTH2_ID_MAP=
|
||||
#
|
||||
# OAuth2 Username Mapping
|
||||
#export OAUTH2_USERNAME_MAP=
|
||||
#
|
||||
# OAuth2 Fullname Mapping
|
||||
#export OAUTH2_FULLNAME_MAP=
|
||||
#
|
||||
# OAuth2 Email Mapping
|
||||
#export OAUTH2_EMAIL_MAP=
|
||||
#---------------------------------------------
|
||||
# LDAP_ENABLE : Enable or not the connection by the LDAP
|
||||
# example : export LDAP_ENABLE=true
|
||||
#export LDAP_ENABLE=false
|
||||
#
|
||||
# LDAP_PORT : The port of the LDAP server
|
||||
# example : export LDAP_PORT=389
|
||||
#export LDAP_PORT=389
|
||||
#
|
||||
# LDAP_HOST : The host server for the LDAP server
|
||||
# example : export LDAP_HOST=localhost
|
||||
#export LDAP_HOST=
|
||||
#
|
||||
#-----------------------------------------------------------------
|
||||
# ==== LDAP AD Simple Auth ====
|
||||
#
|
||||
# Set to true, if you want to connect with Active Directory by Simple Authentication.
|
||||
# When using AD Simple Auth, LDAP_BASEDN is not needed.
|
||||
#
|
||||
# Example:
|
||||
#export LDAP_AD_SIMPLE_AUTH=true
|
||||
#
|
||||
# === LDAP User Authentication ===
|
||||
#
|
||||
# a) Option to login to the LDAP server with the user's own username and password, instead of
|
||||
# an administrator key. Default: false (use administrator key).
|
||||
#
|
||||
# b) When using AD Simple Auth, set to true, when login user is used for binding,
|
||||
# and LDAP_BASEDN is not needed.
|
||||
#
|
||||
# Example:
|
||||
#export LDAP_USER_AUTHENTICATION=true
|
||||
#
|
||||
# Which field is used to find the user for the user authentication. Default: uid.
|
||||
#export LDAP_USER_AUTHENTICATION_FIELD=uid
|
||||
#
|
||||
# === LDAP Default Domain ===
|
||||
#
|
||||
# a) In case AD SimpleAuth is configured, the default domain is appended to the given
|
||||
# loginname for creating the correct username for the bind request to AD.
|
||||
#
|
||||
# b) The default domain of the ldap it is used to create email if the field is not map
|
||||
# correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
|
||||
#
|
||||
# Example :
|
||||
#export LDAP_DEFAULT_DOMAIN=mydomain.com
|
||||
#
|
||||
#-----------------------------------------------------------------
|
||||
# ==== LDAP BASEDN Auth ====
|
||||
#
|
||||
# LDAP_BASEDN : The base DN for the LDAP Tree
|
||||
# example : export LDAP_BASEDN=ou=user,dc=example,dc=org
|
||||
#export LDAP_BASEDN=
|
||||
#
|
||||
#---------------------------------------------
|
||||
# LDAP_LOGIN_FALLBACK : Fallback on the default authentication method
|
||||
# example : export LDAP_LOGIN_FALLBACK=true
|
||||
#export LDAP_LOGIN_FALLBACK=false
|
||||
#
|
||||
# LDAP_RECONNECT : Reconnect to the server if the connection is lost
|
||||
# example : export LDAP_RECONNECT=false
|
||||
#export LDAP_RECONNECT=true
|
||||
#
|
||||
# LDAP_TIMEOUT : Overall timeout, in milliseconds
|
||||
# example : export LDAP_TIMEOUT=12345
|
||||
#export LDAP_TIMEOUT=10000
|
||||
#
|
||||
# LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds
|
||||
# example : export LDAP_IDLE_TIMEOUT=12345
|
||||
#export LDAP_IDLE_TIMEOUT=10000
|
||||
#
|
||||
# LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds
|
||||
# example : export LDAP_CONNECT_TIMEOUT=12345
|
||||
#export LDAP_CONNECT_TIMEOUT=10000
|
||||
#
|
||||
# LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search
|
||||
# example : export LDAP_AUTHENTIFICATION=true
|
||||
#export LDAP_AUTHENTIFICATION=false
|
||||
#
|
||||
# LDAP_AUTHENTIFICATION_USERDN : The search user DN
|
||||
# example : export LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org
|
||||
#----------------------------------------------------------------------------
|
||||
|
|
@ -243,110 +314,139 @@
|
|||
# LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user
|
||||
# example : AUTHENTIFICATION_PASSWORD=admin
|
||||
#export LDAP_AUTHENTIFICATION_PASSWORD=
|
||||
#
|
||||
# LDAP_LOG_ENABLED : Enable logs for the module
|
||||
# example : export LDAP_LOG_ENABLED=true
|
||||
#export LDAP_LOG_ENABLED=false
|
||||
#
|
||||
# LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background
|
||||
# example : export LDAP_BACKGROUND_SYNC=true
|
||||
#export LDAP_BACKGROUND_SYNC=false
|
||||
#
|
||||
# LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds
|
||||
# At which interval does the background task sync in milliseconds.
|
||||
# Leave this unset, so it uses default, and does not crash.
|
||||
# https://github.com/wekan/wekan/issues/2354#issuecomment-515305722
|
||||
export LDAP_BACKGROUND_SYNC_INTERVAL=''
|
||||
#
|
||||
# LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED :
|
||||
# example : export LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true
|
||||
#export LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false
|
||||
#
|
||||
# LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS :
|
||||
# example : export LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true
|
||||
#export LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false
|
||||
#
|
||||
# LDAP_ENCRYPTION : If using LDAPS
|
||||
# example : export LDAP_ENCRYPTION=ssl
|
||||
#export LDAP_ENCRYPTION=false
|
||||
#
|
||||
# LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file.
|
||||
# example : export LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE-----
|
||||
#export LDAP_CA_CERT=
|
||||
#
|
||||
# LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate
|
||||
# example : export LDAP_REJECT_UNAUTHORIZED=true
|
||||
#export LDAP_REJECT_UNAUTHORIZED=false
|
||||
# Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
|
||||
#export LDAP_USER_AUTHENTICATION=true
|
||||
# Which field is used to find the user for the user authentication. Default: uid.
|
||||
#export LDAP_USER_AUTHENTICATION_FIELD=uid
|
||||
#
|
||||
# LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
|
||||
# example : export LDAP_USER_SEARCH_FILTER=
|
||||
#export LDAP_USER_SEARCH_FILTER=
|
||||
#
|
||||
# LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree)
|
||||
# example : export LDAP_USER_SEARCH_SCOPE=one
|
||||
#export LDAP_USER_SEARCH_SCOPE=
|
||||
#
|
||||
# LDAP_USER_SEARCH_FIELD : Which field is used to find the user
|
||||
# example : export LDAP_USER_SEARCH_FIELD=uid
|
||||
#export LDAP_USER_SEARCH_FIELD=
|
||||
#
|
||||
# LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited)
|
||||
# example : export LDAP_SEARCH_PAGE_SIZE=12345
|
||||
#export LDAP_SEARCH_PAGE_SIZE=0
|
||||
#
|
||||
# LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited)
|
||||
# example : export LDAP_SEARCH_SIZE_LIMIT=12345
|
||||
#export LDAP_SEARCH_SIZE_LIMIT=0
|
||||
#
|
||||
# LDAP_GROUP_FILTER_ENABLE : Enable group filtering
|
||||
# example : export LDAP_GROUP_FILTER_ENABLE=true
|
||||
#export LDAP_GROUP_FILTER_ENABLE=false
|
||||
#
|
||||
# LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering
|
||||
# example : export LDAP_GROUP_FILTER_OBJECTCLASS=group
|
||||
#export LDAP_GROUP_FILTER_OBJECTCLASS=
|
||||
#
|
||||
# LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE :
|
||||
# example :
|
||||
#export LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=
|
||||
#
|
||||
# LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE :
|
||||
# example :
|
||||
#export LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=
|
||||
#
|
||||
# LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT :
|
||||
# example :
|
||||
#export LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=
|
||||
#
|
||||
# LDAP_GROUP_FILTER_GROUP_NAME :
|
||||
# example :
|
||||
#export LDAP_GROUP_FILTER_GROUP_NAME=
|
||||
#
|
||||
# LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier)
|
||||
# example : export LDAP_UNIQUE_IDENTIFIER_FIELD=guid
|
||||
#export LDAP_UNIQUE_IDENTIFIER_FIELD=
|
||||
#
|
||||
# LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8
|
||||
# example : export LDAP_UTF8_NAMES_SLUGIFY=false
|
||||
#export LDAP_UTF8_NAMES_SLUGIFY=true
|
||||
#
|
||||
# LDAP_USERNAME_FIELD : Which field contains the ldap username
|
||||
# example : export LDAP_USERNAME_FIELD=username
|
||||
#export LDAP_USERNAME_FIELD=
|
||||
#
|
||||
# LDAP_FULLNAME_FIELD : Which field contains the ldap fullname
|
||||
# example : export LDAP_FULLNAME_FIELD=fullname
|
||||
#export LDAP_FULLNAME_FIELD=
|
||||
#
|
||||
# LDAP_MERGE_EXISTING_USERS :
|
||||
# example : export LDAP_MERGE_EXISTING_USERS=true
|
||||
#export LDAP_MERGE_EXISTING_USERS=false
|
||||
#
|
||||
# LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match
|
||||
# example: LDAP_EMAIL_MATCH_ENABLE=true
|
||||
#export LDAP_EMAIL_MATCH_ENABLE=false
|
||||
#
|
||||
# LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match
|
||||
# example: LDAP_EMAIL_MATCH_REQUIRE=true
|
||||
#export LDAP_EMAIL_MATCH_REQUIRE=false
|
||||
#
|
||||
# LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching
|
||||
# example: LDAP_EMAIL_MATCH_VERIFIED=true
|
||||
#export LDAP_EMAIL_MATCH_VERIFIED=false
|
||||
#
|
||||
# LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address
|
||||
# example: LDAP_EMAIL_FIELD=mail
|
||||
#export LDAP_EMAIL_FIELD=
|
||||
#
|
||||
# LDAP_SYNC_USER_DATA :
|
||||
# example : export LDAP_SYNC_USER_DATA=true
|
||||
#export LDAP_SYNC_USER_DATA=false
|
||||
#
|
||||
# LDAP_SYNC_USER_DATA_FIELDMAP :
|
||||
# example : export LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"}
|
||||
#export LDAP_SYNC_USER_DATA_FIELDMAP=
|
||||
#
|
||||
# The default domain of the ldap it is used to create email if the field is not map correctly
|
||||
# with the LDAP_SYNC_USER_DATA_FIELDMAP is defined in setting LDAP_DEFAULT_DOMAIN above.
|
||||
#
|
||||
# LDAP_SYNC_GROUP_ROLES :
|
||||
# example :
|
||||
#export LDAP_SYNC_GROUP_ROLES=
|
||||
# LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
|
||||
# example :
|
||||
#export LDAP_DEFAULT_DOMAIN=
|
||||
#
|
||||
# Enable/Disable syncing of admin status based on ldap groups:
|
||||
#export LDAP_SYNC_ADMIN_STATUS=true
|
||||
#
|
||||
# Comma separated list of admin group names to sync.
|
||||
#export LDAP_SYNC_ADMIN_GROUPS=group1,group2
|
||||
#---------------------------------------------------------------------
|
||||
|
|
|
|||
|
|
@ -372,10 +372,43 @@ services:
|
|||
# example : LDAP_HOST=localhost
|
||||
#- LDAP_HOST=
|
||||
#
|
||||
#-----------------------------------------------------------------
|
||||
# ==== LDAP AD Simple Auth ====
|
||||
#
|
||||
# Set to true, if you want to connect with Active Directory by Simple Authentication.
|
||||
# When using AD Simple Auth, LDAP_BASEDN is not needed.
|
||||
#- LDAP_AD_SIMPLE_AUTH=true
|
||||
#
|
||||
# === Related settings ELSEWHERE IN THIS FILE, NOT HERE ===
|
||||
#
|
||||
# Option to login to the LDAP server with the user's own username and password, instead of
|
||||
# an administrator key. Default: false (use administrator key). When using AD Simple Auth, set to true.
|
||||
# Set to true, if the login user is used for binding. Used with AD Simple Auth.
|
||||
# When using AD Simple Auth, LDAP_BASEDN is not needed.
|
||||
##ELSEWHERE IN THIS SETTINGS FILE, NOT HERE: #- LDAP_USER_AUTHENTICATION=true
|
||||
#
|
||||
# Which field is used to find the user for the user authentication. Default: uid.
|
||||
##ELSEWHERE IN THIS SETTINGS FILE, NOT HERE:#- LDAP_USER_AUTHENTICATION_FIELD=uid
|
||||
#
|
||||
# === LDAP Default Domain: 2 different use cases, a/b ===
|
||||
#
|
||||
# a) The default domain of the ldap it is used to create email if the field is not map
|
||||
# correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
|
||||
#
|
||||
# b) In case AD SimpleAuth is configured, the default domain is appended to the given
|
||||
# loginname for creating the correct username for the bind request to AD.
|
||||
#
|
||||
# Example :
|
||||
##ELSEWHERE IN THIS SETTINGS FILE, NOT HERE:- LDAP_DEFAULT_DOMAIN=mydomain.com
|
||||
#
|
||||
#-----------------------------------------------------------------
|
||||
# ==== LDAP BASEDN Auth ====
|
||||
#
|
||||
# LDAP_BASEDN : The base DN for the LDAP Tree
|
||||
# example : LDAP_BASEDN=ou=user,dc=example,dc=org
|
||||
#- LDAP_BASEDN=
|
||||
#
|
||||
#-----------------------------------------------------------------
|
||||
# LDAP_LOGIN_FALLBACK : Fallback on the default authentication method
|
||||
# example : LDAP_LOGIN_FALLBACK=true
|
||||
#- LDAP_LOGIN_FALLBACK=false
|
||||
|
|
@ -504,7 +537,7 @@ services:
|
|||
# LDAP_MERGE_EXISTING_USERS :
|
||||
# example : LDAP_MERGE_EXISTING_USERS=true
|
||||
#- LDAP_MERGE_EXISTING_USERS=false
|
||||
#-----------------------------------------------------------------
|
||||
#
|
||||
# LDAP_SYNC_USER_DATA :
|
||||
# example : LDAP_SYNC_USER_DATA=true
|
||||
#- LDAP_SYNC_USER_DATA=false
|
||||
|
|
@ -520,6 +553,7 @@ services:
|
|||
# LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
|
||||
# example :
|
||||
#- LDAP_DEFAULT_DOMAIN=
|
||||
#
|
||||
#---------------------------------------------------------------------
|
||||
# ==== LOGOUT TIMER, probably does not work yet ====
|
||||
# LOGOUT_WITH_TIMER : Enables or not the option logout with timer
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue