# The port to listen on port: 80 # Log level # # Level of verbosity for logs logs_level: info # LDAP configuration # # Example: for user john, the DN will be cn=john,ou=users,dc=example,dc=com ldap: # The url of the ldap server url: ldap://openldap-restriction # The base dn for every entries base_dn: dc=example,dc=com # An additional dn to define the scope to all users additional_user_dn: ou=users # The user name attribute of users. Might uid for FreeIPA. 'cn' by default. user_name_attribute: cn # An additional dn to define the scope of groups additional_group_dn: ou=groups # The group name attribute of group. 'cn' by default. group_name_attribute: cn # The username and password of the admin user. user: cn=admin,dc=example,dc=com password: password # Access Control # # Access control is a set of rules you can use to restrict the user access. # Default (anyone), per-user or per-group rules can be defined. # # If 'access_control' is not defined, ACL rules are disabled and default policy # is applied, i.e., access is allowed to anyone. Otherwise restrictions follow # the rules defined below. # If no rule is provided, all domains are denied. # # '*' means 'any' subdomains and matches any string. It must stand at the # beginning of the pattern. access_control: default: - home.test.local groups: admin: - '*.test.local' dev: - secret.test.local - secret2.test.local users: harry: - secret1.test.local bob: - '*.mail.test.local' # Configuration of session cookies # # _secret_ the secret to encrypt session cookies # _expiration_ the time before cookies expire # _domain_ the domain to protect. # Note: the authenticator must also be in that domain. If empty, the cookie # is restricted to the subdomain of the issuer. session: secret: unsecure_secret expiration: 3600000 domain: test.local redis: host: redis port: 6379 # The directory where the DB files will be saved store_directory: /var/lib/authelia/store # Notifications are sent to users when they require a password reset, a u2f # registration or a TOTP registration. # Use only one available configuration: filesystem, gmail notifier: # For testing purpose, notifications can be sent in a file filesystem: filename: /var/lib/authelia/notifications/notification.txt # Use your gmail account to send the notifications. You can use an app password. # gmail: # username: user@example.com # password: yourpassword