modules/catdap/templates/catdap_local.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

<%
ldap_server = "ldap-master.#{domain}"

ldap_account = "cn=catdap-#{hostname},ou=System Accounts,#{dc_suffix}"
%>

organisation: Mageia
apptitle: Mageia Identity Management
emailfrom: noreply@<%= domain %>

Model::Proxy:
    base:      ou=People,<%= dc_suffix %>
    dn:        <%= ldap_account %>
    password:  <%= scope.lookupvar("catdap::ldap_password") %>

Model::User:
    base:      <%= dc_suffix %>
    host:      <%= ldap_server %>
    start_tls: 1

authentication:
    default_realm: ldap
    realms:
        ldap:
            store:
                ldap_server: <%= ldap_server %>
                binddn: <%= ldap_account %>
                bindpw: <%= scope.lookupvar("catdap::ldap_password") %>
                user_basedn: ou=People,<%= dc_suffix %>
                role_basedn: <%= dc_suffix %>

register:
        login_regex: ^[a-z][a-z0-9]*$
        login_blacklist:
                - apache
                - mirror
                - bcd
                - iurt
                - schedbot
                - signbot
                - postmaster
                - hostmaster
                - abuse
                - noc
                - security
                - listmaster
                - MAILER-DAEMON
                - webmaster
                - www
                - treasurer
                - president
                - secretary
                - security

        email_domain_blacklist:
                - armyspy.com
                - codehot.co.uk
                - dayrep.com
                - guerrillamail.com
                - guerrillamail.info
                - guerrillamail.biz
                - guerrillamail.com
                - guerrillamail.de
                - guerrillamail.net
                - guerrillamail.org
                - guerrillamailblock.com
                - grr.la
                - jourrapide.com
                - namecheap.com
                - pokemail.net
                - rhyta.com
                - sharklasers.com
                - spam4.me
                - wowring.ru
                - yopmail.com
                - zasod.com
                - group.mageia.org
                - ml.mageia.org

Controller::User:
        editable_attrs:
                       - cn
                       - sn
                       - givenName
                       - mobile
                       - mailForwardingAddress
                       - preferredLanguage
        uneditable_attrs:
                       - uid
                       - uidNumber
                       - gidNumber
                       - homeDirectory
                       - mail
                       - sshPublicKey
                       - loginShell
        skip_attrs:
                     - objectClass
                     - krb5Key
                     - sambaMungedDial
                     - sambaPasswordHistory
                     - userPassword
                     - sambaLMPassword
                     - sambaNTPassword
                     - sambaPwdMustChange
                     - sambaSID
                     - sambaPrimaryGroupSID
                     - sambaAcctFlags
                     - sambaPwdCanChange
                     - sambaPwdLastSet
                     - sambaKickOffTime
                     - sambaUserWorkstations
                     - sambaLogonTime
                     - krb5KeyVersionNumber
                     - krb5PasswordEnd
                     - krb5MaxLife
                     - krb5MaxRenew
                     - krb5KDCFlags
                     - shadowLastChange
                     - roomNumber
                     - secretary