From cf89aa909cfcf3c95e1ccf2832cd1c3f66f72ae1 Mon Sep 17 00:00:00 2001 From: Clement Michaud Date: Sun, 26 Aug 2018 14:32:19 +0200 Subject: [PATCH] Fix kubernetes configuration. --- example/kube/authelia/configs/config.yml | 88 ++++++++++++++---------- 1 file changed, 53 insertions(+), 35 deletions(-) diff --git a/example/kube/authelia/configs/config.yml b/example/kube/authelia/configs/config.yml index 4d37fd158..8230fc0a9 100644 --- a/example/kube/authelia/configs/config.yml +++ b/example/kube/authelia/configs/config.yml @@ -22,43 +22,61 @@ logs_level: debug # be redirected upon successful authentication. default_redirection_url: https://login.kube.example.com -# LDAP configuration +# The authentication backend to use for verifying user passwords +# and retrieve information such as email address and groups +# users belong to. # -# Example: for user john, the DN will be cn=john,ou=users,dc=example,dc=com -ldap: - # The url of the ldap server - url: ldap://ldap-service - - # The base dn for every entries - base_dn: dc=example,dc=com - - # An additional dn to define the scope to all users - additional_users_dn: ou=users - - # The users filter used to find the user DN - # {0} is a matcher replaced by username. - # 'cn={0}' by default. - users_filter: cn={0} - - # An additional dn to define the scope of groups - additional_groups_dn: ou=groups - - # The groups filter used for retrieving groups of a given user. - # {0} is a matcher replaced by username. - # {dn} is a matcher replaced by user DN. - # 'member={dn}' by default. - groups_filter: (&(member={dn})(objectclass=groupOfNames)) - - # The attribute holding the name of the group - group_name_attribute: cn - - # The attribute holding the mail address of the user - mail_attribute: mail - - # The username and password of the admin user. - user: cn=admin,dc=example,dc=com - password: password +# There are two supported backends: `ldap` and `file`. +authentication_backend: + # LDAP backend configuration. + # + # This backend allows Authelia to be scaled to more + # than one instance and therefore is recommended for + # production. + ldap: + # The url of the ldap server + url: ldap://ldap-service + + # The base dn for every entries + base_dn: dc=example,dc=com + + # An additional dn to define the scope to all users + additional_users_dn: ou=users + + # The users filter used to find the user DN + # {0} is a matcher replaced by username. + # 'cn={0}' by default. + users_filter: cn={0} + + # An additional dn to define the scope of groups + additional_groups_dn: ou=groups + + # The groups filter used for retrieving groups of a given user. + # {0} is a matcher replaced by username. + # {dn} is a matcher replaced by user DN. + # 'member={dn}' by default. + groups_filter: (&(member={dn})(objectclass=groupOfNames)) + + # The attribute holding the name of the group + group_name_attribute: cn + + # The attribute holding the mail address of the user + mail_attribute: mail + + # The username and password of the admin user. + user: cn=admin,dc=example,dc=com + password: password + # File backend configuration. + # + # With this backend, the users database is stored in a file + # which is updated when users reset their passwords. + # Therefore, this backend is meant to be used in a dev environment + # and not in production since it prevents Authelia to be scaled to + # more than one instance. + # + ## file: + ## path: ./users_database.yml # Authentication methods #