# This is the default configuration for CatDap. You should not need to # modify it, unless you actually want to fix some default behaviour # that is configured below # # For site-specific configuration, copy this file (catdap.yml) to # have a _local suffix (catdap_local.yml) and make your changes there. # Note that you only need to keep configuration sections that differ, # the rest will be inherited name: CatDap default_view: Web encoding: UTF-8 organisation: Mageia project_url: http://www.mageia.org/ apptitle: Mageia Identity Management emailfrom: noreply@mageia.org Model::Proxy: base: ou=People,dc=mageia,dc=org dn: cn=catdap,ou=System Accounts,dc=mageia,dc=org password: FIXME host: ldap.mageia.org start_tls: 1 options: inet6: 1 # dn and password should not be required here, we rebind with credentials # from the authenticated user using Model::LDAP::FromAuthentication Model::User: base: dc=mageia,dc=org host: ldap.mageia.org start_tls: 1 register: login_regex: ^[a-z][a-z0-9]*$ login_blacklist: - apache email_domain_blacklist: - armyspy.com - codehot.co.uk - dayrep.com - guerillamail.com - jourrapide.com - rhyta.com - wowring.ru - yopmail.com - zasod.com forgot_password: secret: path: '/tmp/' prefix: 'catdap-forgot_password-' timeout: 259200 allow_filter: '(!(objectClass=posixAccount))' authentication: default_realm: ldap realms: ldap: credential: class: Password password_field: password password_type: self_check store: class: LDAP ldap_server: 'ldap.mageia.org' ldap_server_options: inet6: 1 start_tls: 1 binddn: cn=catdap,ou=System Accounts,dc=mageia,dc=org bindpw: FIXME user_basedn: "ou=people,dc=mageia,dc=org" user_filter: '(&(objectClass=inetOrgPerson)(uid=%s))' user_scope: 'one' user_field: 'uid' email_filter: '(&(objectClass=inetOrgPerson)(|(mail=%s)(mailAlternateAddress=%s)))' use_roles: 1 role_basedn: 'dc=mageia,dc=org' role_scope: 'sub' role_field: 'cn' role_value: 'dn' role_filter: '(member=%s)' role_search_as_user: 1 Controller::User: # Attributes that the user can edit. Attributes present but not listed here # will be show (if not in skip_attrs), but the form will not allow editing. # Note that the actual access contols should be implemented on the LDAP side, # that is where they belong, or you are being inconsistent if users have other # means to access LDAP editable_attrs: - cn - sn - givenName - mail - mobile - roomNumber - secretary - mailForwardingAddress - sshPublicKey - preferredLanguage # Currently not used, we only respect editable_attrs uneditable_attrs: - uid # - uidNumber # - gidNumber # - homeDirectory # - host # - manager # - krb5PrincipalName # List of attributes which are not displayed at all in the user view skip_attrs: - objectClass - krb5Key - sambaMungedDial - sambaPasswordHistory - userPassword - sambaLMPassword - sambaNTPassword - sambaPwdMustChange - sambaSID - sambaPrimaryGroupSID - sambaAcctFlags - sambaPwdCanChange - sambaPwdLastSet - sambaKickOffTime - sambaUserWorkstations - sambaLogonTime - krb5KeyVersionNumber - krb5PasswordEnd - krb5MaxLife - krb5MaxRenew - krb5KDCFlags - shadowLastChange - shadowWarning - shadowMax - shadowMin - shadowInactive - shadowExpire - shadowFlag Plugin::Captcha: new: width: 250 height: 100 lines: 6 scramble: 1 font: /usr/share/fonts/TTF/dejavu/DejaVuSansMono.ttf rnd_data: - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - A - B - C - D - E - F - G - H - J - K - L - M - P - R - S - T - U - V - W - X - Y - Z create: - ttf - rect - '#B20000' - '#009900' particle: - 1000 Plugin::Session: expires: 600