forked from cesanta/docker_auth
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ldap_auth.yml
32 lines (31 loc) · 994 Bytes
/
ldap_auth.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# LDAP server authentication example.
# See reference.yml for additional options.
server:
addr: :5001
certificate: /path/to/server.pem
key: /path/to/server.key
token:
issuer: Acme auth server
expiration: 900
ldap_auth:
# Addr is the hostname:port or ip:port
addr: ldap.example.com:636
# Setup tls connection method to be
# "" or "none": the communication won't be encrypted
# "always": setup LDAP over SSL/TLS
# "starttls": sets StartTLS as the encryption method
tls: always
# set to true to allow insecure tls
insecure_tls_skip_verify: false
# In case bind DN and password is required for querying user information,
# specify them here. Plain text password is read from the file.
bind_dn:
bind_password_file:
# User query settings. ${account} is expanded from auth request
base: o=example.com
filter: (&(uid=${account})(objectClass=person))
acl:
# This will allow authenticated users to pull/push
- match:
account: /.+/
actions: ['*']