authelia/internal/configuration/test_resources/config.deprecated.yml

---
default_redirection_url: https://home.example.com:8080/

server:
  address: "tcp://127.0.0.1:9091"
  endpoints:
    authz:
      forward-auth:
        implementation: ForwardAuth
        authn_strategies:
          - name: HeaderProxyAuthorization
          - name: CookieSession
      ext-authz:
        implementation: ExtAuthz
        authn_strategies:
          - name: HeaderProxyAuthorization
          - name: CookieSession
      auth-request:
        implementation: AuthRequest
        authn_strategies:
          - name: HeaderAuthRequestProxyAuthorization
          - name: CookieSession
      legacy:
        implementation: Legacy

log:
  level: debug

totp:
  issuer: authelia.com

duo_api:
  hostname: api-123456789.example.com
  integration_key: ABCDEF

authentication_backend:
  ldap:
    url: 'ldap://127.0.0.1'
    tls:
      private_key: |
        -----BEGIN RSA PRIVATE KEY-----
        MIIEpAIBAAKCAQEA6z1LOg1ZCqb0lytXWZ+MRBpMHEXOoTOLYgfZXt1IYyE3Z758
        cyalk0NYQhY5cZDsXPYWPvAHiPMUxutWkoxFwby56S+AbIMa3/Is+ILrHRJs8Exn
        ZkpyrYFxPX12app2kErdmAkHSx0Z5/kuXiz96PHs8S8/ZbyZolLHzdfLtSzjvRm5
        Zue5iFzsf19NJz5CIBfv8g5lRwtE8wNJoRSpn1xq7fqfuA0weDNFPzjlNWRLy6aa
        rK7qJexRkmkCs4sLgyl+9NODYJpvmN8E1yhyC27E0joI6rBFVW7Ihv+cSPCdDzGp
        EWe81x3AeqAa3mjVqkiq4u4Z2i8JDgBaPboqJwIDAQABAoIBAAFdLZ58jVOefDSU
        L8F5R1rtvBs93GDa56f926jNJ6pLewLC+/2+757W+SAI+PRLntM7Kg3bXm/Q2QH+
        Q1Y+MflZmspbWCdI61L5GIGoYKyeers59i+FpvySj5GHtLQRiTZ0+Kv1AXHSDWBm
        9XneUOqU3IbZe0ifu1RRno72/VtjkGXbW8Mkkw+ohyGbIeTx/0/JQ6sSNZTT3Vk7
        8i4IXptq3HSF0/vqZuah8rShoeNq72pD1YLM9YPdL5by1QkDLnqATDiCpLBTCaNV
        I8sqYEun+HYbQzBj8ZACG2JVZpEEidONWQHw5BPWO95DSZYrVnEkuCqeH+u5vYt7
        CHuJ3AECgYEA+W3v5z+j91w1VPHS0VB3SCDMouycAMIUnJPAbt+0LPP0scUFsBGE
        hPAKddC54pmMZRQ2KIwBKiyWfCrJ8Xz8Yogn7fJgmwTHidJBr2WQpIEkNGlK3Dzi
        jXL2sh0yC7sHvn0DqiQ79l/e7yRbSnv2wrTJEczOOH2haD7/tBRyCYECgYEA8W+q
        E9YyGvEltnPFaOxofNZ8LHVcZSsQI5b6fc0iE7fjxFqeXPXEwGSOTwqQLQRiHn9b
        CfPmIG4Vhyq0otVmlPvUnfBZ2OK+tl5X2/mQFO3ROMdvpi0KYa994uqfJdSTaqLn
        jjoKFB906UFHnDQDLZUNiV1WwnkTglgLc+xrd6cCgYEAqqthyv6NyBTM3Tm2gcio
        Ra9Dtntl51LlXZnvwy3IkDXBCd6BHM9vuLKyxZiziGx+Vy90O1xI872cnot8sINQ
        Am+dur/tAEVN72zxyv0Y8qb2yfH96iKy9gxi5s75TnOEQgAygLnYWaWR2lorKRUX
        bHTdXBOiS58S0UzCFEslGIECgYBqkO4SKWYeTDhoKvuEj2yjRYyzlu28XeCWxOo1
        otiauX0YSyNBRt2cSgYiTzhKFng0m+QUJYp63/wymB/5C5Zmxi0XtWIDADpLhqLj
        HmmBQ2Mo26alQ5YkffBju0mZyhVzaQop1eZi8WuKFV1FThPlB7hc3E0SM5zv2Grd
        tQnOWwKBgQC40yZY0PcjuILhy+sIc0Wvh7LUA7taSdTye149kRvbvsCDN7Jh75lM
        USjhLXY0Nld2zBm9r8wMb81mXH29uvD+tDqqsICvyuKlA/tyzXR+QTr7dCVKVwu0
        1YjCJ36UpTsLre2f8nOSLtNmRfDPtbOE2mkOoO9dD9UU0XZwnvn9xw==
        -----END RSA PRIVATE KEY-----
    base_dn: dc=example,dc=com
    username_attribute: uid
    additional_users_dn: ou=users
    users_filter: (&({username_attribute}={input})(objectCategory=person)(objectClass=user))
    additional_groups_dn: ou=groups
    groups_filter: (&(member={dn})(objectClass=groupOfNames))
    group_name_attribute: cn
    mail_attribute: mail
    user: cn=admin,dc=example,dc=com

access_control:
  default_policy: deny

  rules:
    # Rules applied to everyone
    - domain: public.example.com
      policy: bypass

    - domain: secure.example.com
      policy: one_factor
      # Network based rule, if not provided any network matches.
      networks:
        - 192.168.1.0/24
    - domain: secure.example.com
      policy: two_factor

    - domain: [singlefactor.example.com, onefactor.example.com]
      policy: one_factor

    # Rules applied to 'admins' group
    - domain: "mx2.mail.example.com"
      subject: "group:admins"
      policy: deny
    - domain: "*.example.com"
      subject: "group:admins"
      policy: two_factor

    # Rules applied to 'dev' group
    - domain: dev.example.com
      resources:
        - "^/groups/dev/.*$"
      subject: "group:dev"
      policy: two_factor

    # Rules applied to user 'john'
    - domain: dev.example.com
      resources:
        - "^/users/john/.*$"
      subject: "user:john"
      policy: two_factor

    # Rules applied to 'dev' group and user 'john'
    - domain: dev.example.com
      resources:
        - "^/deny-all.*$"
      subject: ["group:dev", "user:john"]
      policy: deny

    # Rules applied to user 'harry'
    - domain: dev.example.com
      resources:
        - "^/users/harry/.*$"
      subject: "user:harry"
      policy: two_factor

    # Rules applied to user 'bob'
    - domain: "*.mail.example.com"
      subject: "user:bob"
      policy: two_factor
    - domain: "dev.example.com"
      resources:
        - "^/users/bob/.*$"
      subject: "user:bob"
      policy: two_factor

session:
  name: authelia_session
  expiration: 3600000  # 1 hour
  inactivity: 300000  # 5 minutes
  domain: example.com
  redis:
    host: 127.0.0.1
    port: 6379
    high_availability:
      sentinel_name: test

regulation:
  max_retries: 3
  find_time: 120
  ban_time: 300

storage:
  mysql:
    host: 127.0.0.1
    port: 3306
    database: authelia
    username: authelia

notifier:
  smtp:
    username: test
    host: 127.0.0.1
    port: 1025
    sender: admin@example.com
    disable_require_tls: true
...
feat(authentication): suport ldap over unix socket (#5397) This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:39:17 +00:00			`---`
			`default_redirection_url: https://home.example.com:8080/`

			`server:`
			`address: "tcp://127.0.0.1:9091"`
			`endpoints:`
			`authz:`
			`forward-auth:`
			`implementation: ForwardAuth`
			`authn_strategies:`
			`- name: HeaderProxyAuthorization`
			`- name: CookieSession`
			`ext-authz:`
			`implementation: ExtAuthz`
			`authn_strategies:`
			`- name: HeaderProxyAuthorization`
			`- name: CookieSession`
			`auth-request:`
			`implementation: AuthRequest`
			`authn_strategies:`
			`- name: HeaderAuthRequestProxyAuthorization`
			`- name: CookieSession`
			`legacy:`
			`implementation: Legacy`

			`log:`
			`level: debug`

			`totp:`
			`issuer: authelia.com`

			`duo_api:`
			`hostname: api-123456789.example.com`
			`integration_key: ABCDEF`

			`authentication_backend:`
			`ldap:`
			`url: 'ldap://127.0.0.1'`
			`tls:`
			`private_key: \|`
			`-----BEGIN RSA PRIVATE KEY-----`
			`MIIEpAIBAAKCAQEA6z1LOg1ZCqb0lytXWZ+MRBpMHEXOoTOLYgfZXt1IYyE3Z758`
			`cyalk0NYQhY5cZDsXPYWPvAHiPMUxutWkoxFwby56S+AbIMa3/Is+ILrHRJs8Exn`
			`ZkpyrYFxPX12app2kErdmAkHSx0Z5/kuXiz96PHs8S8/ZbyZolLHzdfLtSzjvRm5`
			`Zue5iFzsf19NJz5CIBfv8g5lRwtE8wNJoRSpn1xq7fqfuA0weDNFPzjlNWRLy6aa`
			`rK7qJexRkmkCs4sLgyl+9NODYJpvmN8E1yhyC27E0joI6rBFVW7Ihv+cSPCdDzGp`
			`EWe81x3AeqAa3mjVqkiq4u4Z2i8JDgBaPboqJwIDAQABAoIBAAFdLZ58jVOefDSU`
			`L8F5R1rtvBs93GDa56f926jNJ6pLewLC+/2+757W+SAI+PRLntM7Kg3bXm/Q2QH+`
			`Q1Y+MflZmspbWCdI61L5GIGoYKyeers59i+FpvySj5GHtLQRiTZ0+Kv1AXHSDWBm`
			`9XneUOqU3IbZe0ifu1RRno72/VtjkGXbW8Mkkw+ohyGbIeTx/0/JQ6sSNZTT3Vk7`
			`8i4IXptq3HSF0/vqZuah8rShoeNq72pD1YLM9YPdL5by1QkDLnqATDiCpLBTCaNV`
			`I8sqYEun+HYbQzBj8ZACG2JVZpEEidONWQHw5BPWO95DSZYrVnEkuCqeH+u5vYt7`
			`CHuJ3AECgYEA+W3v5z+j91w1VPHS0VB3SCDMouycAMIUnJPAbt+0LPP0scUFsBGE`
			`hPAKddC54pmMZRQ2KIwBKiyWfCrJ8Xz8Yogn7fJgmwTHidJBr2WQpIEkNGlK3Dzi`
			`jXL2sh0yC7sHvn0DqiQ79l/e7yRbSnv2wrTJEczOOH2haD7/tBRyCYECgYEA8W+q`
			`E9YyGvEltnPFaOxofNZ8LHVcZSsQI5b6fc0iE7fjxFqeXPXEwGSOTwqQLQRiHn9b`
			`CfPmIG4Vhyq0otVmlPvUnfBZ2OK+tl5X2/mQFO3ROMdvpi0KYa994uqfJdSTaqLn`
			`jjoKFB906UFHnDQDLZUNiV1WwnkTglgLc+xrd6cCgYEAqqthyv6NyBTM3Tm2gcio`
			`Ra9Dtntl51LlXZnvwy3IkDXBCd6BHM9vuLKyxZiziGx+Vy90O1xI872cnot8sINQ`
			`Am+dur/tAEVN72zxyv0Y8qb2yfH96iKy9gxi5s75TnOEQgAygLnYWaWR2lorKRUX`
			`bHTdXBOiS58S0UzCFEslGIECgYBqkO4SKWYeTDhoKvuEj2yjRYyzlu28XeCWxOo1`
			`otiauX0YSyNBRt2cSgYiTzhKFng0m+QUJYp63/wymB/5C5Zmxi0XtWIDADpLhqLj`
			`HmmBQ2Mo26alQ5YkffBju0mZyhVzaQop1eZi8WuKFV1FThPlB7hc3E0SM5zv2Grd`
			`tQnOWwKBgQC40yZY0PcjuILhy+sIc0Wvh7LUA7taSdTye149kRvbvsCDN7Jh75lM`
			`USjhLXY0Nld2zBm9r8wMb81mXH29uvD+tDqqsICvyuKlA/tyzXR+QTr7dCVKVwu0`
			`1YjCJ36UpTsLre2f8nOSLtNmRfDPtbOE2mkOoO9dD9UU0XZwnvn9xw==`
			`-----END RSA PRIVATE KEY-----`
			`base_dn: dc=example,dc=com`
			`username_attribute: uid`
			`additional_users_dn: ou=users`
			`users_filter: (&({username_attribute}={input})(objectCategory=person)(objectClass=user))`
			`additional_groups_dn: ou=groups`
			`groups_filter: (&(member={dn})(objectClass=groupOfNames))`
			`group_name_attribute: cn`
			`mail_attribute: mail`
			`user: cn=admin,dc=example,dc=com`

			`access_control:`
			`default_policy: deny`

			`rules:`
			`# Rules applied to everyone`
			`- domain: public.example.com`
			`policy: bypass`

			`- domain: secure.example.com`
			`policy: one_factor`
			`# Network based rule, if not provided any network matches.`
			`networks:`
			`- 192.168.1.0/24`
			`- domain: secure.example.com`
			`policy: two_factor`

			`- domain: [singlefactor.example.com, onefactor.example.com]`
			`policy: one_factor`

			`# Rules applied to 'admins' group`
			`- domain: "mx2.mail.example.com"`
			`subject: "group:admins"`
			`policy: deny`
			`- domain: "*.example.com"`
			`subject: "group:admins"`
			`policy: two_factor`

			`# Rules applied to 'dev' group`
			`- domain: dev.example.com`
			`resources:`
			`- "^/groups/dev/.*$"`
			`subject: "group:dev"`
			`policy: two_factor`

			`# Rules applied to user 'john'`
			`- domain: dev.example.com`
			`resources:`
			`- "^/users/john/.*$"`
			`subject: "user:john"`
			`policy: two_factor`

			`# Rules applied to 'dev' group and user 'john'`
			`- domain: dev.example.com`
			`resources:`
			`- "^/deny-all.*$"`
			`subject: ["group:dev", "user:john"]`
			`policy: deny`

			`# Rules applied to user 'harry'`
			`- domain: dev.example.com`
			`resources:`
			`- "^/users/harry/.*$"`
			`subject: "user:harry"`
			`policy: two_factor`

			`# Rules applied to user 'bob'`
			`- domain: "*.mail.example.com"`
			`subject: "user:bob"`
			`policy: two_factor`
			`- domain: "dev.example.com"`
			`resources:`
			`- "^/users/bob/.*$"`
			`subject: "user:bob"`
			`policy: two_factor`

			`session:`
			`name: authelia_session`
			`expiration: 3600000 # 1 hour`
			`inactivity: 300000 # 5 minutes`
			`domain: example.com`
			`redis:`
			`host: 127.0.0.1`
			`port: 6379`
			`high_availability:`
			`sentinel_name: test`

			`regulation:`
			`max_retries: 3`
			`find_time: 120`
			`ban_time: 300`

			`storage:`
			`mysql:`
			`host: 127.0.0.1`
			`port: 3306`
			`database: authelia`
			`username: authelia`

			`notifier:`
			`smtp:`
			`username: test`
			`host: 127.0.0.1`
			`port: 1025`
			`sender: admin@example.com`
			`disable_require_tls: true`
			`...`