#!/bin/sh # All supported keys are defined here together with descriptions and default values # list of supported keys keys="DEBUG S3 MONGO_LOG_DESTINATION MONGO_URL MONGODB_BIND_UNIX_SOCKET MONGO_URL MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM MAIL_SERVICE MAIL_SERVICE_USER MAIL_SERVICE_PASSWORD ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API RICHER_CARD_COMMENT_EDITOR CARD_OPENED_WEBHOOK_ENABLED ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW ACCOUNTS_COMMON_LOGIN_EXPIRATION_IN_DAYS ATTACHMENTS_UPLOAD_EXTERNAL_PROGRAM ATTACHMENTS_UPLOAD_MIME_TYPES ATTACHMENTS_UPLOAD_MAX_SIZE AVATARS_UPLOAD_EXTERNAL_PROGRAM AVATARS_UPLOAD_MIME_TYPES AVATARS_UPLOAD_MAX_SIZE MAX_IMAGE_PIXEL IMAGE_COMPRESS_RATIO BIGEVENTS_PATTERN NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE NOTIFY_DUE_DAYS_BEFORE_AND_AFTER NOTIFY_DUE_AT_HOUR_OF_DAY DEFAULT_BOARD_ID EMAIL_NOTIFICATION_TIMEOUT CORS CORS_ALLOW_HEADERS CORS_EXPOSE_HEADERS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME METRICS_ALLOWED_IP_ADDRESSES BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OIDC_REDIRECTION_ENABLED OAUTH2_CA_CERT OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_EMAIL_MAP OAUTH2_REQUEST_PERMISSIONS OAUTH2_ADFS_ENABLED OAUTH2_B2C_ENABLED LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_AD_SIMPLE_AUTH LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_AUTHENTICATION_FIELD LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD PASSWORD_LOGIN_ENABLED CAS_ENABLED CAS_BASE_URL CAS_LOGIN_URL CAS_VALIDATE_URL SAML_ENABLED SAML_PROVIDER SAML_ENTRYPOINT SAML_ISSUER SAML_CERT SAML_IDPSLO_REDIRECTURL SAML_PRIVATE_KEYFILE SAML_PUBLIC_CERTFILE SAML_IDENTIFIER_FORMAT SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE SAML_ATTRIBUTES ORACLE_OIM_ENABLED RESULTS_PER_PAGE WAIT_SPINNER NODE_OPTIONS" DESCRIPTION_S3='AWS S3 for files. Example: {"s3":{"key": "xxx", "secret": "xxx", "bucket": "xxx", "region": "eu-west-1"}}' DEFAULT_S3="" KEY_S3="s3" #----------------------------------------------------------------- # ==== AWS S3 FOR FILES ==== # Any region. For example: # us-standard,us-west-1,us-west-2, # eu-west-1,eu-central-1, # ap-southeast-1,ap-northeast-1,sa-east-1 # #- S3='{"s3":{"key": "xxx", "secret": "xxx", "bucket": "xxx", "region": "eu-west-1"}}' #----------------------------------------------------------------- #DESCRIPTION_WRITABLE_PATH="Writable path. Default: $SNAP_COMMON/files" #DEFAULT_WRITABLE_PATH="$SNAP_COMMON/files" #KEY_WRITABLE_PATH="writable-path" #--------------------------------------------------------------------- # https://github.com/wekan/wekan/issues/3585#issuecomment-1021522132 # Add more Node heap: # NODE_OPTIONS="--max_old_space_size=4096" # Add more stack: # bash -c "ulimit -s 65500; exec node --stack-size=65500 main.js" #--------------------------------------------------------------------- # # CMD ["node", "/build/main.js"] DESCRIPTION_NODE_OPTIONS="Add more Node heap. https://github.com/wekan/wekan/issues/3585#issuecomment-1021522132 . Default: node-options=\"--max_old_space_size=4096\"" DEFAULT_NODE_OPTIONS="" KEY_NODE_OPTIONS="node-options" # default values DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'" DEFAULT_DEBUG="false" KEY_DEBUG="debug" DESCRIPTION_MONGO_LOG_DESTINATION="MONGO_LOG_DESTINATION: devnull/snapcommon/syslog. Default: 'devnull'" DEFAULT_MONGO_LOG_DESTINATION="devnull" KEY_MONGO_LOG_DESTINATION='mongo-log-destination' DESCRIPTION_MONGO_URL="MONGO_URL. Default: ''" DEFAULT_MONGO_URL="" KEY_MONGO_URL='mongo-url' DESCRIPTION_MONGODB_BIND_UNIX_SOCKET="mongodb binding unix socket. Example: /var/snap/wekan/current/share . Default: ''\n"\ "\t\t\t Default behaviour will preffer binding over unix socket, to disable unix socket binding set value to 'nill' string\n"\ "\t\t\t To bind to instance of mongodb provided through content interface,set value to relative path to the socket inside '$SNAP_DATA/shared' directory" DEFAULT_MONGODB_BIND_UNIX_SOCKET="" KEY_MONGODB_BIND_UNIX_SOCKET="mongodb-bind-unix-socket" DESCRIPTION_MONGODB_PORT="mongodb binding port: eg 27017 when using localhost" DEFAULT_MONGODB_PORT="27019" KEY_MONGODB_PORT='mongodb-port' DESCRIPTION_MONGODB_BIND_IP="mongodb binding ip address: eg 127.0.0.1 for localhost\n\t\tIf not defined default unix socket is used instead" DEFAULT_MONGODB_BIND_IP="127.0.0.1" KEY_MONGODB_BIND_IP="mongodb-bind-ip" DESCRIPTION_MAIL_URL="wekan mail binding" DEFAULT_MAIL_URL="" KEY_MAIL_URL="mail-url" DESCRIPTION_MAIL_FROM="wekan's admin mail from name email address" DEFAULT_MAIL_FROM="" KEY_MAIL_FROM="mail-from" DESCRIPTION_MAIL_SERVICE="wekan's mail-service, see https://github.com/wekan/wekan/wiki/Troubleshooting-Mail" DEFAULT_MAIL_SERVICE="" KEY_MAIL_SERVICE="mail-service" DESCRIPTION_MAIL_SERVICE_USER="wekan's mail-service-user" DEFAULT_MAIL_SERVICE_USER="" KEY_MAIL_SERVICE_USER="mail-service-user" DESCRIPTION_MAIL_SERVICE_PASSWORD="wekan's mail-service-password" DEFAULT_MAIL_SERVICE_PASSWORD="" KEY_MAIL_SERVICE_PASSWORD="mail-service-password" DESCRIPTION_ROOT_URL="wekan's root url, eg http://127.0.0.1, https://example.com, https://wekan.example.com, http://example.com/wekan" DEFAULT_ROOT_URL="http://127.0.0.1" KEY_ROOT_URL="root-url" DESCRIPTION_PORT="port wekan is exposed at" DEFAULT_PORT="8080" KEY_PORT="port" DESCRIPTION_DISABLE_MONGODB="Disable mongodb service: use only if binding to database outside of the ${SNAP_NAME} snap. Valid values: [true,false]" DEFAULT_DISABLE_MONGODB="false" KEY_DISABLE_MONGODB="disable-mongodb" DESCRIPTION_CADDY_ENABLED="Enable caddy service (caddy - Every Site on HTTPS) personal license for non-commercial use only, see https://caddyserver.com/products/licenses . Set to 'true' to enable caddy\n\t\tcaddy settings are handled through $SNAP_COMMON/Caddyfile" DEFAULT_CADDY_ENABLED="false" KEY_CADDY_ENABLED="caddy-enabled" DESCRIPTION_CADDY_BIND_PORT="Port on which caddy will expect proxy, value set here will be set in $SNAP_COMMON/Caddyfile" DEFAULT_CADDY_BIND_PORT="3001" KEY_CADDY_BIND_PORT="caddy-bind-port" DESCRIPTION_WITH_API="Enable/disable the api of wekan" DEFAULT_WITH_API="true" KEY_WITH_API="with-api" DESCRIPTION_RICHER_CARD_COMMENT_EDITOR="Rich text editor in card comments. Default: false" DEFAULT_RICHER_CARD_COMMENT_EDITOR="false" KEY_RICHER_CARD_COMMENT_EDITOR="richer-card-comment-editor" DESCRIPTION_CARD_OPENED_WEBHOOK_ENABLED="Card opened, send webhook message. Default: false https://github.com/wekan/wekan/issues/2518" DEFAULT_CARD_OPENED_WEBHOOK_ENABLED="false" KEY_CARD_OPENED_WEBHOOK_ENABLED="card-opened-webhook-enabled" DESCRIPTION_ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE="Accounts lockout known users failures before, greater than 0. Default: 3" DEFAULT_ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE="3" KEY_ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE="accounts-lockout-known-users-failures-before" DESCRIPTION_ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD="Accounts lockout know users period, in seconds. Default: 60" DEFAULT_ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD="60" KEY_ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD="accounts-lockout-known-users-period" DESCRIPTION_ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW="Accounts lockout unknown failure window, in seconds. Default: 15" DEFAULT_ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW="15" KEY_ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW="accounts-lockout-known-users-failure-window" DESCRIPTION_ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE="Accounts lockout unknown users failures before, greater than 0. Default: 3" DEFAULT_ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE="3" KEY_ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE="accounts-lockout-unknown-users-failures-before" DESCRIPTION_ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD="Accounts lockout unknown users lockout period, in seconds. Default: 60" DEFAULT_ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD="60" KEY_ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD="accounts-lockout-unknown-users-lockout-period" DESCRIPTION_ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW="Accounts lockout unknown users failure window, in seconds. Default: 15" DEFAULT_ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW="15" KEY_ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW="accounts-lockout-unknown-users-failure-window" DESCRIPTION_ACCOUNTS_COMMON_LOGIN_EXPIRATION_IN_DAYS="Accounts common login expiration in days. Default: 90" DEFAULT_ACCOUNTS_COMMON_LOGIN_EXPIRATION_IN_DAYS="90" KEY_ACCOUNTS_COMMON_LOGIN_EXPIRATION_IN_DAYS="accounts-common-login-expiration-in-days" DESCRIPTION_ATTACHMENTS_UPLOAD_EXTERNAL_PROGRAM="Attachments upload validation by an external program. {file} is replaced by the uploaded file. Example: /usr/local/bin/avscan {file}" DEFAULT_ATTACHMENTS_UPLOAD_EXTERNAL_PROGRAM="" KEY_ATTACHMENTS_UPLOAD_EXTERNAL_PROGRAM="attachments-upload-external-program" DESCRIPTION_ATTACHMENTS_UPLOAD_MIME_TYPES="Attachments upload mime types. Example: image/*,text/*" DEFAULT_ATTACHMENTS_UPLOAD_MIME_TYPES="" KEY_ATTACHMENTS_UPLOAD_MIME_TYPES="attachments-upload-mime-types" DESCRIPTION_ATTACHMENTS_UPLOAD_MAX_SIZE="Attachments upload max size in bytes. Example: 5000000" DEFAULT_ATTACHMENTS_UPLOAD_MAX_SIZE="" KEY_ATTACHMENTS_UPLOAD_MAX_SIZE="attachments-upload-max-size" DESCRIPTION_AVATARS_UPLOAD_EXTERNAL_PROGRAM="Avatars upload validation by an external program. {file} is replaced by the uploaded file. Example: /usr/local/bin/avscan {file}" DEFAULT_AVATARS_UPLOAD_EXTERNAL_PROGRAM="" KEY_AVATARS_UPLOAD_EXTERNAL_PROGRAM="avatars-upload-external-program" DESCRIPTION_AVATARS_UPLOAD_MIME_TYPES="Avatars upload mime types. Example: image/*" DEFAULT_AVATARS_UPLOAD_MIME_TYPES="" KEY_AVATARS_UPLOAD_MIME_TYPES="avatars-upload-mime-types" DESCRIPTION_AVATARS_UPLOAD_MAX_SIZE="Avatars upload max size in bytes. Example: 500000" DEFAULT_AVATARS_UPLOAD_MAX_SIZE="" KEY_AVATARS_UPLOAD_MAX_SIZE="avatars-upload-max-size" # Example, not in use: /var/snap/wekan/common/uploads/ DESCRIPTION_MAX_IMAGE_PIXEL="Max image pixel: Allow to shrink attached/pasted image https://github.com/wekan/wekan/pull/2544" DEFAULT_MAX_IMAGE_PIXEL="" KEY_MAX_IMAGE_PIXEL="max-image-pixel" DESCRIPTION_IMAGE_COMPRESS_RATIO="Image compress ratio: Allow to shrink attached/pasted image https://github.com/wekan/wekan/pull/2544" DEFAULT_IMAGE_COMPRESS_RATIO="" KEY_IMAGE_COMPRESS_RATIO="image-compress-ratio" DESCRIPTION_NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE="Number of days after a notification is read before we remove it. Default: 2." DEFAULT_NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE="" KEY_NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE="notification-tray-after-read-days-before-remove" DESCRIPTION_DEFAULT_BOARD_ID="After OIDC login, add users automatically to this default-board-id. https://github.com/wekan/wekan/pull/5098" DEFAULT_DEFAULT_BOARD_ID="" KEY_DEFAULT_BOARD_ID="default-board-id" DESCRIPTION_BIGEVENTS_PATTERN="Big events pattern: Notify always due etc regardless of notification settings. Default: NONE, All: received|start|due|end, Disabled: NONE" DEFAULT_BIGEVENTS_PATTERN="NONE" KEY_BIGEVENTS_PATTERN="bigevents-pattern" DESCRIPTION_NOTIFY_DUE_DAYS_BEFORE_AND_AFTER="Notify due days, accepts ',' delimited string, i.e. 2,0 means notify will be sent out 2 days before and right on due day. Default: empty" DEFAULT_NOTIFY_DUE_DAYS_BEFORE_AND_AFTER="" KEY_NOTIFY_DUE_DAYS_BEFORE_AND_AFTER="notify-due-days-before-and-after" DESCRIPTION_NOTIFY_DUE_AT_HOUR_OF_DAY="Notify due at hour of day. Default every morning at 8am. Can be 0-23. If env variable has parsing error, use default. Notification sent to watchers. Default: 0" DEFAULT_NOTIFY_DUE_AT_HOUR_OF_DAY="" KEY_NOTIFY_DUE_AT_HOUR_OF_DAY="notify-due-at-hour-of-day" DESCRIPTION_EMAIL_NOTIFICATION_TIMEOUT="Email notification timeout, ms. Default: 30000 (=30s)." DEFAULT_EMAIL_NOTIFICATION_TIMEOUT="30000" KEY_EMAIL_NOTIFICATION_TIMEOUT="email-notification-timeout" DESCRIPTION_CORS="Enable/disable CORS: Set Access-Control-Allow-Origin header. Example: *" DEFAULT_CORS="" KEY_CORS="cors" DESCRIPTION_CORS_ALLOW_HEADERS="Set Access-Control-Allow-Headers header. \"Authorization,Content-Type\" is required for cross-origin use of the API." DEFAULT_CORS_ALLOW_HEADERS="" KEY_CORS_ALLOW_HEADERS="cors-allow-headers" DESCRIPTION_EXPOSE_HEADERS="Set Access-Control-Expose-Headers header. This is not needed for typical CORS situations. Example: *" DEFAULT_CORS_EXPOSE_HEADERS="" KEY_CORS_EXPOSE_HEADERS="cors-expose-headers" DESCRIPTION_MATOMO_ADDRESS="The address of the server where matomo is hosted" DEFAULT_MATOMO_ADDRESS="" KEY_MATOMO_ADDRESS="matomo-address" DESCRIPTION_MATOMO_SITE_ID="The value of the site ID given in matomo server for wekan" DEFAULT_MATOMO_SITE_ID="" KEY_MATOMO_SITE_ID="matomo-site-id" DESCRIPTION_MATOMO_DO_NOT_TRACK="The option do not track which enables users to not be tracked by matomo" DEFAULT_MATOMO_DO_NOT_TRACK="true" KEY_MATOMO_DO_NOT_TRACK="matomo-do-not-track" DESCRIPTION_MATOMO_WITH_USERNAME="The option that allows matomo to retrieve the username" DEFAULT_MATOMO_WITH_USERNAME="false" KEY_MATOMO_WITH_USERNAME="matomo-with-username" DESCRIPTION_METRICS_ALLOWED_IP_ADDRESSES="Metrics allowed IP addresses, separated by ',' . https://github.com/wekan/wekan/wiki/Metrics" DEFAULT_METRICS_ALLOWED_IP_ADDRESSES="" KEY_METRICS_ALLOWED_IP_ADDRESSES="metrics-allowed-ip-addresses" DESCRIPTION_BROWSER_POLICY_ENABLED="Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside.\n"\ "\t\t\t Setting this to false is not recommended, it also disables all other browser policy protections\n"\ "\t\t\t and allows all iframing etc. See wekan/server/policy.js" DEFAULT_BROWSER_POLICY_ENABLED="true" KEY_BROWSER_POLICY_ENABLED="browser-policy-enabled" DESCRIPTION_TRUSTED_URL="When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside." DEFAULT_TRUSTED_URL="" KEY_TRUSTED_URL="trusted-url" DESCRIPTION_WEBHOOKS_ATTRIBUTES="What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId ." DEFAULT_WEBHOOKS_ATTRIBUTES="" KEY_WEBHOOKS_ATTRIBUTES="webhooks-attributes" DESCRIPTION_ORACLE_OIM_ENABLED="Enable OAUTH2 ORACLE on premise identity manager OIM. Default: false" DEFAULT_ORACLE_OIM_ENABLED="false" KEY_ORACLE_OIM_ENABLED="oracle-oim-enabled" DESCRIPTION_OAUTH2_ENABLED="Enable the OAuth2 connection. Default: false" DEFAULT_OAUTH2_ENABLED="false" KEY_OAUTH2_ENABLED="oauth2-enabled" DESCRIPTION_OIDC_REDIRECTION_ENABLED="Enable the OIDC/OAuth2 autologin. See https://github.com/wekan/wekan/wiki/autologin . Default: false" DEFAULT_OIDC_REDIRECTION_ENABLED="false" KEY_OIDC_REDIRECTION_ENABLED="oidc-redirection-enabled" DESCRIPTION_OAUTH2_CA_CERT="Optional OAuth2 CA Cert, see https://github.com/wekan/wekan/issues/3299." DEFAULT_OAUTH2_CA_CERT="" KEY_OAUTH2_CA_CERT="oauth2-ca-cert" DESCRIPTION_OAUTH2_ADFS_ENABLED="Enable OAuth2 ADFS. Default: false" DEFAULT_OAUTH2_ADFS_ENABLED="false" KEY_OAUTH2_ADFS_ENABLED="oauth2-adfs-enabled" DESCRIPTION_OAUTH2_B2C_ENABLED="Enable OAuth2 Azure AD B2C https://github.com/wekan/wekan/issues/5242. Default: false" DEFAULT_OAUTH2_B2C_ENABLED="false" KEY_OAUTH2_B2C_ENABLED="oauth2-b2c-enabled" DESCRIPTION_OAUTH2_LOGIN_STYLE="OAuth2 login style: popup or redirect. Default: redirect" DEFAULT_OAUTH2_LOGIN_STYLE="redirect" KEY_OAUTH2_LOGIN_STYLE="oauth2-login-style" DESCRIPTION_OAUTH2_CLIENT_ID="OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345" DEFAULT_OAUTH2_CLIENT_ID="" KEY_OAUTH2_CLIENT_ID="oauth2-client-id" DESCRIPTION_OAUTH2_SECRET="OAuth2 Secret, for example from Rocket.Chat: Example: 54321abcde" DEFAULT_OAUTH2_SECRET="" KEY_OAUTH2_SECRET="oauth2-secret" DESCRIPTION_OAUTH2_SERVER_URL="OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com" DEFAULT_OAUTH2_SERVER_URL="" KEY_OAUTH2_SERVER_URL="oauth2-server-url" DESCRIPTION_OAUTH2_AUTH_ENDPOINT="OAuth2 authorization endpoint. Example: /oauth/authorize" DEFAULT_OAUTH2_AUTH_ENDPOINT="" KEY_OAUTH2_AUTH_ENDPOINT="oauth2-auth-endpoint" DESCRIPTION_OAUTH2_USERINFO_ENDPOINT="OAuth2 userinfo endpoint. Example: /oauth/userinfo" DEFAULT_OAUTH2_USERINFO_ENDPOINT="" KEY_OAUTH2_USERINFO_ENDPOINT="oauth2-userinfo-endpoint" DESCRIPTION_OAUTH2_TOKEN_ENDPOINT="OAuth2 token endpoint. Example: /oauth/token" DEFAULT_OAUTH2_TOKEN_ENDPOINT="" KEY_OAUTH2_TOKEN_ENDPOINT="oauth2-token-endpoint" DESCRIPTION_OAUTH2_ID_MAP="OAuth2 ID Mapping. Example: email" DEFAULT_OAUTH2_ID_MAP="" KEY_OAUTH2_ID_MAP="oauth2-id-map" DESCRIPTION_OAUTH2_USERNAME_MAP="OAuth2 Username Mapping. Example: email" DEFAULT_OAUTH2_USERNAME_MAP="" KEY_OAUTH2_USERNAME_MAP="oauth2-username-map" DESCRIPTION_OAUTH2_FULLNAME_MAP="OAuth2 Fullname Mapping. Example: name" DEFAULT_OAUTH2_FULLNAME_MAP="" KEY_OAUTH2_FULLNAME_MAP="oauth2-fullname-map" DESCRIPTION_OAUTH2_FULLNAME_MAP="OAuth2 Fullname Mapping. Example: name" DEFAULT_OAUTH2_FULLNAME_MAP="" KEY_OAUTH2_FULLNAME_MAP="oauth2-fullname-map" DESCRIPTION_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="OAuth2 ID Token Whitelist Fields." DEFAULT_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="" KEY_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="oauth2-id-token-whitelist-fields" DESCRIPTION_OAUTH2_REQUEST_PERMISSIONS="OAuth2 Request Permissions. Example: 'openid profile email'" DEFAULT_OAUTH2_REQUEST_PERMISSIONS="'openid profile email'" KEY_OAUTH2_REQUEST_PERMISSIONS="oauth2-request-permissions" DESCRIPTION_OAUTH2_EMAIL_MAP="OAuth2 Email Mapping. Example: email" DEFAULT_OAUTH2_EMAIL_MAP="" KEY_OAUTH2_EMAIL_MAP="oauth2-email-map" DESCRIPTION_LDAP_ENABLE="Enable or not the connection by the LDAP" DEFAULT_LDAP_ENABLE="false" KEY_LDAP_ENABLE="ldap-enable" DESCRIPTION_LDAP_PORT="The port of the LDAP server" DEFAULT_LDAP_PORT="389" KEY_LDAP_PORT="ldap-port" DESCRIPTION_LDAP_HOST="The host server for the LDAP server" DEFAULT_LDAP_HOST="" KEY_LDAP_HOST="ldap-host" DESCRIPTION_LDAP_AD_SIMPLE_AUTH="LDAP AD Simple Auth. When enabled, ldap-basedn is not needed, and also do set ldap-user-authentication='true'. Example: true" DEFAULT_LDAP_AD_SIMPLE_AUTH="" KEY_LDAP_AD_SIMPLE_AUTH="ldap-ad-simple-auth" DESCRIPTION_LDAP_BASEDN="The base DN for the LDAP Tree" DEFAULT_LDAP_BASEDN="" KEY_LDAP_BASEDN="ldap-basedn" DESCRIPTION_LDAP_LOGIN_FALLBACK="Fallback on the default authentication method" DEFAULT_LDAP_LOGIN_FALLBACK="false" KEY_LDAP_LOGIN_FALLBACK="ldap-login-fallback" DESCRIPTION_LDAP_RECONNECT="Reconnect to the server if the connection is lost" DEFAULT_LDAP_RECONNECT="true" KEY_LDAP_RECONNECT="ldap-reconnect" DESCRIPTION_LDAP_TIMEOUT="Overall timeout, in milliseconds." DEFAULT_LDAP_TIMEOUT="10000" KEY_LDAP_TIMEOUT="ldap-timeout" DESCRIPTION_LDAP_IDLE_TIMEOUT="Specifies the timeout for idle LDAP connections in milliseconds" DEFAULT_LDAP_IDLE_TIMEOUT="10000" KEY_LDAP_IDLE_TIMEOUT="ldap-idle-timeout" DESCRIPTION_LDAP_CONNECT_TIMEOUT="Connection timeout, in milliseconds." DEFAULT_LDAP_CONNECT_TIMEOUT="10000" KEY_LDAP_CONNECT_TIMEOUT="ldap-connect-timeout" DESCRIPTION_LDAP_AUTHENTIFICATION="If the LDAP needs a user account to search" DEFAULT_LDAP_AUTHENTIFICATION="false" KEY_LDAP_AUTHENTIFICATION="ldap-authentication" DESCRIPTION_LDAP_AUTHENTIFICATION_USERDN="The search user DN" DEFAULT_LDAP_AUTHENTIFICATION_USERDN="" KEY_LDAP_AUTHENTIFICATION_USERDN="ldap-authentication-userdn" DESCRIPTION_LDAP_AUTHENTIFICATION_PASSWORD="The password for the search user" DEFAULT_LDAP_AUTHENTIFICATION_PASSWORD="" KEY_LDAP_AUTHENTIFICATION_PASSWORD="ldap-authentication-password" DESCRIPTION_LDAP_LOG_ENABLED="Enable logs for the module" DEFAULT_LDAP_LOG_ENABLED="false" KEY_LDAP_LOG_ENABLED="ldap-log-enabled" DESCRIPTION_LDAP_BACKGROUND_SYNC="If the sync of the users should be done in the background" DEFAULT_LDAP_BACKGROUND_SYNC="false" KEY_LDAP_BACKGROUND_SYNC="ldap-background-sync" DESCRIPTION_LDAP_BACKGROUND_SYNC_INTERVAL="At which interval does the background task sync" DEFAULT_LDAP_BACKGROUND_SYNC_INTERVAL="" KEY_LDAP_BACKGROUND_SYNC_INTERVAL="ldap-background-sync-interval" DESCRIPTION_LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED="" DEFAULT_LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED="false" KEY_LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED="ldap-background-sync-keep-existant-users-updated" DESCRIPTION_LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS="" DEFAULT_LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS="false" KEY_LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS="ldap-background-sync-import-new-users" DESCRIPTION_LDAP_ENCRYPTION="If using LDAPS, use LDAP_ENCRYPTION=ssl" DEFAULT_LDAP_ENCRYPTION="false" KEY_LDAP_ENCRYPTION="ldap-encryption" DESCRIPTION_LDAP_CA_CERT="The certification for the LDAPS server" DEFAULT_LDAP_CA_CERT="" KEY_LDAP_CA_CERT="ldap-ca-cert" DESCRIPTION_LDAP_REJECT_UNAUTHORIZED="Reject Unauthorized Certificate" DEFAULT_LDAP_REJECT_UNAUTHORIZED="false" KEY_LDAP_REJECT_UNAUTHORIZED="ldap-reject-unauthorized" DESCRIPTION_LDAP_USER_AUTHENTICATION="Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key)." DEFAULT_LDAP_USER_AUTHENTICATION="false" KEY_LDAP_USER_AUTHENTICATION="ldap-user-authentication" DESCRIPTION_LDAP_USER_AUTHENTICATION_FIELD="Which field is used to find the user for the user authentication. Default: uid." DEFAULT_LDAP_USER_AUTHENTICATION_FIELD="uid" KEY_LDAP_USER_AUTHENTICATION_FIELD="ldap-user-authentication-field" DESCRIPTION_LDAP_USER_SEARCH_FILTER="Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed" DEFAULT_LDAP_USER_SEARCH_FILTER="" KEY_LDAP_USER_SEARCH_FILTER="ldap-user-search-filter" DESCRIPTION_LDAP_USER_SEARCH_SCOPE="base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree). Example: one" DEFAULT_LDAP_USER_SEARCH_SCOPE="" KEY_LDAP_USER_SEARCH_SCOPE="ldap-user-search-scope" DESCRIPTION_LDAP_USER_SEARCH_FIELD="Which field is used to find the user" DEFAULT_LDAP_USER_SEARCH_FIELD="" KEY_LDAP_USER_SEARCH_FIELD="ldap-user-search-field" DESCRIPTION_LDAP_SEARCH_PAGE_SIZE="Used for pagination (0=unlimited)" DEFAULT_LDAP_SEARCH_PAGE_SIZE="0" KEY_LDAP_SEARCH_PAGE_SIZE="ldap-search-page-size" DESCRIPTION_LDAP_SEARCH_SIZE_LIMIT="The limit number of entries (0=unlimited)" DEFAULT_LDAP_SEARCH_SIZE_LIMIT="0" KEY_LDAP_SEARCH_SIZE_LIMIT="ldap-search-size-limit" DESCRIPTION_LDAP_GROUP_FILTER_ENABLE="Enable group filtering" DEFAULT_LDAP_GROUP_FILTER_ENABLE="false" KEY_LDAP_GROUP_FILTER_ENABLE="ldap-group-filter-enable" DESCRIPTION_LDAP_GROUP_FILTER_OBJECTCLASS="The object class for filtering" DEFAULT_LDAP_GROUP_FILTER_OBJECTCLASS="" KEY_LDAP_GROUP_FILTER_OBJECTCLASS="ldap-group-filter-objectclass" DESCRIPTION_LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE="The attribute of a group identifying it. Default: ''" DEFAULT_LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE="" KEY_LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE="ldap-group-filter-id-attribute" DESCRIPTION_LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE="The attribute inside a group object listing its members. Default: ''" DEFAULT_LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE="" KEY_LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE="ldap-group-filter-member-attribute" DESCRIPTION_LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT="The format of the value of ldap-group-filter-member-attribute (e.g. 'dn' if the user's dn ist saved as value into the attribute). Default: ''" DEFAULT_LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT="" KEY_LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT="ldap-group-filter-member-format" DESCRIPTION_LDAP_GROUP_FILTER_GROUP_NAME="The group name (id) that matches all users. Default: ''" DEFAULT_LDAP_GROUP_FILTER_GROUP_NAME="" KEY_LDAP_GROUP_FILTER_GROUP_NAME="ldap-group-filter-group-name" DESCRIPTION_LDAP_UNIQUE_IDENTIFIER_FIELD="This field is sometimes class GUID (Globally Unique Identifier)" DEFAULT_LDAP_UNIQUE_IDENTIFIER_FIELD="" KEY_LDAP_UNIQUE_IDENTIFIER_FIELD="ldap-unique-identifier-field" DESCRIPTION_LDAP_UTF8_NAMES_SLUGIFY="Convert the username to utf8" DEFAULT_LDAP_UTF8_NAMES_SLUGIFY="true" KEY_LDAP_UTF8_NAMES_SLUGIFY="ldap-utf8-names-slugify" DESCRIPTION_LDAP_USERNAME_FIELD="Which field contains the ldap username" DEFAULT_LDAP_USERNAME_FIELD="" KEY_LDAP_USERNAME_FIELD="ldap-username-field" DESCRIPTION_LDAP_FULLNAME_FIELD="Which field contains the ldap fullname" DEFAULT_LDAP_FULLNAME_FIELD="" KEY_LDAP_FULLNAME_FIELD="ldap-fullname-field" DESCRIPTION_LDAP_MERGE_EXISTING_USERS="ldap-merge-existing-users . Default: false" DEFAULT_LDAP_MERGE_EXISTING_USERS="false" KEY_LDAP_MERGE_EXISTING_USERS="ldap-merge-existing-users" DESCRIPTION_LDAP_EMAIL_MATCH_ENABLE="ldap-email-match-enable . Default: false" DEFAULT_LDAP_EMAIL_MATCH_ENABLE="false" KEY_LDAP_EMAIL_MATCH_ENABLE="ldap-email-match-enable" DESCRIPTION_LDAP_EMAIL_MATCH_REQUIRE="ldap-email-match-require . Default: false" DEFAULT_LDAP_EMAIL_MATCH_REQUIRE="false" KEY_LDAP_EMAIL_MATCH_REQUIRE="ldap-email-match-require" DESCRIPTION_LDAP_EMAIL_MATCH_VERIFIED="ldap-email-match-verified . Default: false" DEFAULT_LDAP_EMAIL_MATCH_VERIFIED="false" KEY_LDAP_EMAIL_MATCH_VERIFIED="ldap-email-match-verified" DESCRIPTION_LDAP_EMAIL_FIELD="Which field contains the ldap e-mail address" DEFAULT_LDAP_EMAIL_FIELD="" KEY_LDAP_EMAIL_FIELD="ldap-email-field" DESCRIPTION_LDAP_SYNC_USER_DATA="ldap-sync-user-data . Default: false" DEFAULT_LDAP_SYNC_USER_DATA="false" KEY_LDAP_SYNC_USER_DATA="ldap-sync-user-data" DESCRIPTION_LDAP_SYNC_USER_DATA_FIELDMAP="LDAP Sync User Data Fieldmap. Example: ldap-sync-user-data-fieldmap='{\"cn\":\"name\", \"mail\":\"email\"}'" DEFAULT_LDAP_SYNC_USER_DATA_FIELDMAP="" KEY_LDAP_SYNC_USER_DATA_FIELDMAP="ldap-sync-user-data-fieldmap" DESCRIPTION_LDAP_SYNC_GROUP_ROLES="ldap-sync-group-roles . Default: '' (empty)." DEFAULT_LDAP_SYNC_GROUP_ROLES="" KEY_LDAP_SYNC_GROUP_ROLES="ldap-sync-group-roles" DESCRIPTION_LDAP_SYNC_ADMIN_STATUS="Enable/Disable syncing of admin status based on LDAP groups. Example: true" DEFAULT_LDAP_SYNC_ADMIN_STATUS="" KEY_LDAP_SYNC_ADMIN_STATUS="ldap-sync-admin-status" DESCRIPTION_LDAP_SYNC_ADMIN_GROUPS="Comma separated list of admin group names to sync. Example: group1, group2" DEFAULT_LDAP_SYNC_ADMIN_GROUPS="" KEY_LDAP_SYNC_ADMIN_GROUPS="ldap-sync-admin-groups" DESCRIPTION_LDAP_DEFAULT_DOMAIN="LDAP default domain. a) In case AD SimpleAuth is configured, the default domain is appended to the given loginname for creating the correct username for the bind request to AD. b) The default domain of the ldap it is used to create email if the field is not map correctly with the ldap-sync-user-data-fieldmap." DEFAULT_LDAP_DEFAULT_DOMAIN="" KEY_LDAP_DEFAULT_DOMAIN="ldap-default-domain" DESCRIPTION_HEADER_LOGIN_ID="Header login ID. Example for siteminder: HEADERUID" DEFAULT_HEADER_LOGIN_ID="" KEY_HEADER_LOGIN_ID="header-login-id" DESCRIPTION_HEADER_LOGIN_FIRSTNAME="Header login firstname. Example for siteminder: HEADERFIRSTNAME" DEFAULT_HEADER_LOGIN_FIRSTNAME="Header login firstname. Example for siteminder: HEADERFIRSTNAME" KEY_HEADER_LOGIN_FIRSTNAME="header-login-firstname" DESCRIPTION_HEADER_LOGIN_LASTNAME="Header login lastname. Example for siteminder: HEADERLASTNAME" DEFAULT_HEADER_LOGIN_LASTNAME="Header login firstname. Example for siteminder: HEADERLASTNAME" KEY_HEADER_LOGIN_LASTNAME="header-login-lastname" DESCRIPTION_HEADER_LOGIN_EMAIL="Header login email. Example for siteminder: HEADEREMAILADDRESS" DEFAULT_HEADER_LOGIN_EMAIL="Header login email. Example for siteminder: HEADEREMAILADDRESS" KEY_HEADER_LOGIN_EMAIL="header-login-email" DESCRIPTION_LOGOUT_WITH_TIMER="Enables or not the option logout with timer" DEFAULT_LOGOUT_WITH_TIMER="false" KEY_LOGOUT_WITH_TIMER="logout-with-timer" DESCRIPTION_LOGOUT_IN="The number of days" DEFAULT_LOGOUT_IN="" KEY_LOGOUT_IN="logout-in" DESCRIPTION_LOGOUT_ON_HOURS="The number of hours" DEFAULT_LOGOUT_ON_HOURS="" KEY_LOGOUT_ON_HOURS="logout-on-hours" DESCRIPTION_LOGOUT_ON_MINUTES="The number of minutes" DEFAULT_LOGOUT_ON_MINUTES="" KEY_LOGOUT_ON_MINUTES="logout-on-minutes" DESCRIPTION_DEFAULT_AUTHENTICATION_METHOD="The default authentication method used if a user does not exist to create and authenticate. Method can be password or ldap." DEFAULT_DEFAULT_AUTHENTICATION_METHOD="" KEY_DEFAULT_AUTHENTICATION_METHOD="default-authentication-method" DESCRIPTION_PASSWORD_LOGIN_ENABLED="To hide the password login form" DEFAULT_PASSWORD_LOGIN_ENABLED="true" KEY_PASSWORD_LOGIN_ENABLED="password-login-enabled" DESCRIPTION_CAS_ENABLED="CAS Enabled" DEFAULT_CAS_ENABLED="false" KEY_CAS_ENABLED="cas-enabled" DESCRIPTION_CAS_BASE_URL="CAS Base URL" DEFAULT_CAS_BASE_URL="" KEY_CAS_BASE_URL="cas-base-url" DESCRIPTION_CAS_LOGIN_URL="CAS Login URL" DEFAULT_CAS_LOGIN_URL="" KEY_CAS_LOGIN_URL="cas-login-url" DESCRIPTION_CAS_VALIDATE_URL="CAS Validate URL" DEFAULT_CAS_VALIDATE_URL="" KEY_CAS_VALIDATE_URL="cas-validate-url" DESCRIPTION_SAML_ENABLED="SAML Enabled. Default: false" DEFAULT_SAML_ENABLED="false" KEY_SAML_ENABLED="saml-enabled" DESCRIPTION_SAML_PROVIDER="SAML Provider" DEFAULT_SAML_PROVIDER="" KEY_SAML_PROVIDER="saml-provider" DESCRIPTION_SAML_ENTRYPOINT="SAML Entrypoint" DEFAULT_SAML_ENTRYPOINT="" KEY_SAML_ENTRYPOINT="saml-entrypoint" DESCRIPTION_SAML_ISSUER="SAML Issuer" DEFAULT_SAML_ISSUER="" KEY_SAML_ISSUER="saml-issuer" DESCRIPTION_SAML_CERT="SAML Cert" DEFAULT_SAML_CERT="" KEY_SAML_CERT="saml-cert" DESCRIPTION_SAML_IDPSLO_REDIRECTURL="SAML IDPSLO Redirect URL" DEFAULT_SAML_IDPSLO_REDIRECTURL="" KEY_SAML_IDPSLO_REDIRECTURL="saml-idpslo-redirecturl" DESCRIPTION_SAML_PRIVATE_KEYFILE="SAML Private Keyfile" DEFAULT_SAML_PRIVATE_KEYFILE="" KEY_SAML_PRIVATE_KEYFILE="saml-private-keyfile" DESCRIPTION_SAML_PUBLIC_CERTFILE="SAML Public Certfile" DEFAULT_SAML_PUBLIC_CERTFILE="" KEY_SAML_PUBLIC_CERTFILE="saml-public-certfile" DESCRIPTION_SAML_PUBLIC_CERTFILE="SAML Public Certfile" DEFAULT_SAML_PUBLIC_CERTFILE="" KEY_SAML_PUBLIC_CERTFILE="saml-public-certfile" DESCRIPTION_SAML_IDENTIFIER_FORMAT="SAML Identifier Format" DEFAULT_SAML_IDENTIFIER_FORMAT="" KEY_SAML_IDENTIFIER_FORMAT="saml-identifier-format" DESCRIPTION_SAML_IDENTIFIER_FORMAT="SAML Identifier Format" DEFAULT_SAML_IDENTIFIER_FORMAT="" KEY_SAML_IDENTIFIER_FORMAT="saml-identifier-format" DESCRIPTION_SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE="SAML Local Profile Match Attribute" DEFAULT_SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE="" KEY_SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE="saml-local-profile-match-attribute" DESCRIPTION_SAML_ATTRIBUTES="SAML Attributes" DEFAULT_SAML_ATTRIBUTES="" KEY_SAML_ATTRIBUTES="saml-attributes" DESCRIPTION_RESULTS_PER_PAGE="Number of search results to show per page by default" DEFAULT_RESULTS_PER_PAGE="" KEY_RESULTS_PER_PAGE="results-per-page" DESCRIPTION_WAIT_SPINNER="Default wait spinner to use" DEFAULT_WAIT_SPINNER="Bounce" KEY_WAIT_SPINNER="wait-spinner"