Skip to content
Snippets Groups Projects
Select Git revision
  • 2e617c041b08684316fce75b7f9622560468bacb
  • main default protected
  • art-play
  • chillfloor
  • fix-search
  • network-typo-shielded-remmediation
  • rework-photopolicy-social-media
  • pr-47
  • isdn
9 results

how-to-survive.md

Blame
  • Forked from infra / static pages / camp2023-infos
    Source project has a limited visibility.
    default_config.cfg 4.62 KiB
    LDAP_USER_SEARCH_BASE="ou=users,dc=example,dc=com"
    LDAP_USER_SEARCH_FILTER=[("objectClass", "person")]
    LDAP_USER_OBJECTCLASSES=["top", "inetOrgPerson", "organizationalPerson", "person", "posixAccount"]
    LDAP_USER_MIN_UID=10000
    LDAP_USER_MAX_UID=18999
    LDAP_USER_GID=20001
    LDAP_USER_DN_ATTRIBUTE="uid"
    LDAP_USER_UID_ATTRIBUTE="uidNumber"
    LDAP_USER_UID_ALIASES=[]
    LDAP_USER_LOGINNAME_ATTRIBUTE="uid"
    LDAP_USER_LOGINNAME_ALIASES=[]
    LDAP_USER_DISPLAYNAME_ATTRIBUTE="cn"
    LDAP_USER_DISPLAYNAME_ALIASES=["givenName", "displayName"]
    LDAP_USER_MAIL_ATTRIBUTE="mail"
    LDAP_USER_MAIL_ALIASES=[]
    LDAP_USER_DEFAULT_ATTRIBUTES={
    	"sn": " ",
    	"homeDirectory": "/home/{loginname}",
    	"gidNumber": LDAP_USER_GID
    }
    
    LDAP_GROUP_SEARCH_BASE="ou=groups,dc=example,dc=com"
    LDAP_GROUP_SEARCH_FILTER=[("objectClass","groupOfUniqueNames")]
    LDAP_GROUP_GID_ATTRIBUTE="gidNumber"
    LDAP_GROUP_NAME_ATTRIBUTE="cn"
    LDAP_GROUP_DESCRIPTION_ATTRIBUTE="description"
    LDAP_GROUP_MEMBER_ATTRIBUTE="uniqueMember"
    
    LDAP_MAIL_SEARCH_BASE="ou=postfix,dc=example,dc=com"
    LDAP_MAIL_SEARCH_FILTER=[("objectClass","postfixVirtual")]
    LDAP_MAIL_OBJECTCLASSES=["top", "postfixVirtual"]
    LDAP_MAIL_DN_ATTRIBUTE="uid"
    LDAP_MAIL_UID_ATTRIBUTE="uid"
    LDAP_MAIL_RECEIVERS_ATTRIBUTE="mailacceptinggeneralid"
    LDAP_MAIL_DESTINATIONS_ATTRIBUTE="maildrop"
    
    LDAP_SERVICE_BIND_DN=""
    LDAP_SERVICE_BIND_PASSWORD=""
    LDAP_SERVICE_URL="ldapi:///"
    LDAP_SERVICE_USE_STARTTLS=True
    
    SESSION_LIFETIME_SECONDS=3600
    # CSRF protection
    SESSION_COOKIE_SECURE=True
    SESSION_COOKIE_HTTPONLY=True
    SESSION_COOKIE_SAMESITE='Strict'
    
    ACL_ADMIN_GROUP="uffd_admin"
    ACL_SELFSERVICE_GROUP="uffd_access"
    
    MAIL_SERVER='' # e.g. example.com
    MAIL_PORT=465
    MAIL_USERNAME='yourId@example.com'
    MAIL_PASSWORD='*****'
    MAIL_USE_STARTTLS=True
    MAIL_FROM_ADDRESS='foo@bar.com'
    
    #MFA_ICON_URL = 'https://example.com/logo.png'
    #MFA_RP_ID = 'example.com' # If unset, hostname from current request is used
    MFA_RP_NAME = 'Uffd Test Service' # Service name passed to U2F/FIDO2 authenticators
    
    ROLES_BASEROLES=['base']
    
    SQLALCHEMY_TRACK_MODIFICATIONS=False
    
    FOOTER_LINKS=[{"url": "https://example.com", "title": "example"}]
    
    OAUTH2_CLIENTS={
    	#'test_client_id' : {'client_secret': 'random_secret', 'redirect_uris': ['https://example.com/oauth']},
    	# You can optionally restrict access to users with a certain group. Set 'required_group' to the name of an LDAP group name or a list of groups.
    	# ... 'required_group': 'test_access_group' ... only allows users with group "test_access_group" access
    	# ... 'required_group': ['groupa', ['groupb', 'groupc']] ... allows users with group "groupa" as well as users with both "groupb" and "groupc" access
    }
    
    # Service overview page (disabled if empty)
    SERVICES=[
    #	# Title is mandatory, all other fields are optional.
    #	# For permission_levels/groups/infos/links all fields are mandatory aside from required_group.
    #	{
    #		'title': 'Service Title',
    #		'subtitle': 'Service Subtitle',
    #		'description': 'Short description of the service as plain text',
    #		'url': 'https://example.com/',
    #		'logo_url': 'https://example.com/logo.png',
    #		# Basic access group name, service is accessible to everyone if empty
    #		'required_group': 'users',
    #		# Non-basic permission levels, the last matching entry is selected.
    #		# Users with a matching permission level are considered to have
    #		# access to the service (as if they have the basic access group).
    #		'permission_levels': [
    #			{'name': 'Moderator', 'required_group': 'moderators'},
    #			{'name': 'Admin', 'required_group': 'uffd_admin'},
    #		],
    #		# Per default all services are listed publicly (but grayed out for
    #		# guests/users without access). Confidential services are only visible
    #		# to users with access rights to the service.
    #		'confidential': True,
    #		# In-service groups, all matching items are visible
    #		'groups': [
    #			{'name': 'Group "crew_crew"', 'required_group': 'users'},
    #			{'name': 'Group "crew_logistik"', 'required_group': 'uffd_admin'},
    #		],
    #		# Infos are small/medium amounts of information displayed in a modal
    #		# dialog. All matching items are visible.
    #		'infos': [
    #			{'title': 'Documentation', 'html': '<p>Some information about the service as html</p>', 'required_group': 'users'},
    #		],
    #		# Links to external sites, all matching items are visible
    #		'links': [
    #			{'title': 'Link to an external site', 'url': '#', 'required_group': 'users'},
    #		]
    #	},
    ]
    # Enable the service overview page for users who are not logged in
    SERVICES_PUBLIC=True
    
    BRANDING_LOGO_URL='/static/empty.png'
    
    # do NOT set in production
    
    #TEMPLATES_AUTO_RELOAD=True
    #SQLALCHEMY_ECHO=True
    #FLASK_ENV=development
    #LDAP_SERVICE_MOCK=True
    
    # DO set in production
    
    # SECRET_KEY=<long key>
    # FLASK_ENV=production
    # SQLALCHEMY_DATABASE_URI=<path>