# The port to listen on port: 80 # Log level # # Level of verbosity for logs logs_level: info # LDAP configuration # # Example: for user john, the DN will be cn=john,ou=users,dc=example,dc=com ldap: # The url of the ldap server url: ldap://ldap # The base dn for every entries base_dn: dc=example,dc=com # An additional dn to define the scope to all users additional_user_dn: ou=users # The user name attribute of users. Might uid for FreeIPA. 'cn' by default. user_name_attribute: cn # An additional dn to define the scope of groups additional_group_dn: ou=groups # The group name attribute of group. 'cn' by default. group_name_attribute: cn # The username and password of the admin user. user: cn=admin,dc=example,dc=com password: password # Access Control # # Access control is a set of rules where you can specify a group-based # subdomain restrictions. # # If access_control is not defined, ACL rules are disabled and default policy # is allowed to everyone. # Otherwise, the default policy is denied for any user and any subdomain. access_control: - group: admin allowed_domains: - secret.test.local - secret1.test.local - group: dev allowed_domains: - secret2.test.local - user: harry allowed_domains: - secret1.test.local # Configuration of session cookies # # _secret_ the secret to encrypt session cookies # _expiration_ the time before cookies expire # _domain_ the domain to protect. # Note: the authenticator must also be in that domain. If empty, the cookie # is restricted to the subdomain of the issuer. session: secret: unsecure_secret expiration: 3600000 domain: example.com # The directory where the DB files will be saved store_directory: /var/lib/auth-server/store # Notifications are sent to users when they require a password reset, a u2f # registration or a TOTP registration. # Use only one available configuration: filesystem, gmail notifier: # For testing purpose, notifications can be sent in a file filesystem: filename: /var/lib/auth-server/notifications/notification.txt # Use your gmail account to send the notifications. You can use an app password. # gmail: # username: user@example.com # password: yourpassword