diff options
| author | Buchan Milne <buchan@mageia.org> | 2010-10-26 14:51:48 +0000 |
|---|---|---|
| committer | Buchan Milne <buchan@mageia.org> | 2010-10-26 14:51:48 +0000 |
| commit | 601b41083cf7c2186ecce70ec07aebdb9310edd6 (patch) | |
| tree | 23d14b17ec560316d94f0d840f47a4ae48e9d7b3 /catdap.yml | |
| parent | 195308dcc10a015aaae5fd1f1bd0be817c2127bd (diff) | |
| download | identity-601b41083cf7c2186ecce70ec07aebdb9310edd6.tar identity-601b41083cf7c2186ecce70ec07aebdb9310edd6.tar.gz identity-601b41083cf7c2186ecce70ec07aebdb9310edd6.tar.bz2 identity-601b41083cf7c2186ecce70ec07aebdb9310edd6.tar.xz identity-601b41083cf7c2186ecce70ec07aebdb9310edd6.zip | |
Clean up repo
Diffstat (limited to 'catdap.yml')
| -rw-r--r-- | catdap.yml | 125 |
1 files changed, 125 insertions, 0 deletions
diff --git a/catdap.yml b/catdap.yml new file mode 100644 index 0000000..81e214f --- /dev/null +++ b/catdap.yml @@ -0,0 +1,125 @@ +# This is the default configuration for CatDap. You should not need to +# modify it, unless you actually want to fix some default behaviour +# that is configured below +# +# For site-specific configuration, copy this file (catdap.yml) to +# have a _local suffix (catdap_local.yml) and make your changes there. +# Note that you only need to keep configuration sections that differ, +# the rest will be inherited + +name: CatDap +default_view: TT + +Model::Proxy: + base: ou=People,dc=mageia,dc=org + dn: cn=catdap,ou=System Accounts,dc=mageai,dc=org + password: FIXME + host: ldap.mageia.org + start_tls: 1 + +# dn and password should not be required here, we rebind with credentials +# from the authenticated user using Model::LDAP::FromAuthentication +Model::User: + base: ou=People,dc=mageia,dc=org + host: ldap.mageia.org + start_tls: 1 + +authentication: + default_realm: ldap + realms: + ldap: + credential: + class: Password + password_field: password + password_type: self_check + store: + class: LDAP + ldap_server: 'ldap.mageia.org' + start_tls: 1 + binddn: cn=catdap,ou=System Accounts,dc=mageai,dc=org + bindpw: FIXME + user_basedn: "ou=people,dc=mageia,dc=org" + user_filter: '(&(objectClass=inetOrgPerson)(uid=%s))' + user_scope: 'one' + user_field: 'uid' + use_roles: 1 + role_basedn: 'ou=group,dc=mageia,dc=org' + role_scope: 'one' + role_field: 'cn' + role_value: 'uid' + +Controller::User: +# Attributes that the user can edit. Attributes present but not listed here +# will be show (if not in skip_attrs), but the form will not allow editing. +# Note that the actual access contols should be implemented on the LDAP side, +# that is where they belong, or you are being inconsistent if users have other +# means to access LDAP + editable_attrs: + - cn + - sn + - givenName + - mail + - mobile + - roomNumber + - secretary + - mailForwardingAddress + +# Currently not used, we only respect editable_attrs + uneditable_attrs: + - uid + # - uidNumber + # - gidNumber + - homeDirectory + - host + - manager + - krb5PrincipalName +# List of attributes which are not displayed at all in the user view + skip_attrs: + - objectClass + - krb5Key + - sambaMungedDial + - sambaPasswordHistory + - userPassword + - sambaLMPassword + - sambaNTPassword + - sambaPwdMustChange + - sambaSID + - sambaPrimaryGroupSID + - sambaAcctFlags + - sambaPwdCanChange + - sambaPwdLastSet + - sambaKickOffTime + - sambaUserWorkstations + - sambaLogonTime + - krb5KeyVersionNumber + - krb5PasswordEnd + - krb5MaxLife + - krb5MaxRenew + - krb5KDCFlags + - shadowLastChange + - shadowWarning + - shadowMax + - shadowMin + - shadowInactive + - shadowExpire + - shadowFlag + +Plugin::Captcha: + new: + gd_font: giant + width: 100 + height: 40 + lines: 7 + + create: + - normal + - rect + + particle: + - 100 + + gd_font: giant + +Plugin::Session: + expires: 600 + |