1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
# This is the default configuration for CatDap. You should not need to
# modify it, unless you actually want to fix some default behaviour
# that is configured below
#
# For site-specific configuration, copy this file (catdap.yml) to
# have a _local suffix (catdap_local.yml) and make your changes there.
# Note that you only need to keep configuration sections that differ,
# the rest will be inherited
name: CatDap
default_view: TT
Model::Proxy:
base: ou=People,dc=mageia,dc=org
dn: cn=catdap,ou=System Accounts,dc=mageia,dc=org
password: FIXME
host: ldap.mageia.org
start_tls: 1
# dn and password should not be required here, we rebind with credentials
# from the authenticated user using Model::LDAP::FromAuthentication
Model::User:
base: ou=People,dc=mageia,dc=org
host: ldap.mageia.org
start_tls: 1
authentication:
default_realm: ldap
realms:
ldap:
credential:
class: Password
password_field: password
password_type: self_check
store:
class: LDAP
ldap_server: 'ldap.mageia.org'
start_tls: 1
binddn: cn=catdap,ou=System Accounts,dc=mageai,dc=org
bindpw: FIXME
user_basedn: "ou=people,dc=mageia,dc=org"
user_filter: '(&(objectClass=inetOrgPerson)(uid=%s))'
user_scope: 'one'
user_field: 'uid'
use_roles: 1
role_basedn: 'ou=group,dc=mageia,dc=org'
role_scope: 'one'
role_field: 'cn'
role_value: 'uid'
Controller::User:
# Attributes that the user can edit. Attributes present but not listed here
# will be show (if not in skip_attrs), but the form will not allow editing.
# Note that the actual access contols should be implemented on the LDAP side,
# that is where they belong, or you are being inconsistent if users have other
# means to access LDAP
editable_attrs:
- cn
- sn
- givenName
- mail
- mobile
- roomNumber
- secretary
- mailForwardingAddress
# Currently not used, we only respect editable_attrs
uneditable_attrs:
- uid
# - uidNumber
# - gidNumber
- homeDirectory
- host
- manager
- krb5PrincipalName
# List of attributes which are not displayed at all in the user view
skip_attrs:
- objectClass
- krb5Key
- sambaMungedDial
- sambaPasswordHistory
- userPassword
- sambaLMPassword
- sambaNTPassword
- sambaPwdMustChange
- sambaSID
- sambaPrimaryGroupSID
- sambaAcctFlags
- sambaPwdCanChange
- sambaPwdLastSet
- sambaKickOffTime
- sambaUserWorkstations
- sambaLogonTime
- krb5KeyVersionNumber
- krb5PasswordEnd
- krb5MaxLife
- krb5MaxRenew
- krb5KDCFlags
- shadowLastChange
- shadowWarning
- shadowMax
- shadowMin
- shadowInactive
- shadowExpire
- shadowFlag
Plugin::Captcha:
new:
gd_font: giant
width: 100
height: 40
lines: 7
create:
- normal
- rect
particle:
- 100
gd_font: giant
Plugin::Session:
expires: 600
|