Select Git revision
Forked from
uffd / uffd
Source project has a limited visibility.
default_config.cfg 4.62 KiB
LDAP_USER_SEARCH_BASE="ou=users,dc=example,dc=com"
LDAP_USER_SEARCH_FILTER=[("objectClass", "person")]
LDAP_USER_OBJECTCLASSES=["top", "inetOrgPerson", "organizationalPerson", "person", "posixAccount"]
LDAP_USER_MIN_UID=10000
LDAP_USER_MAX_UID=18999
LDAP_USER_GID=20001
LDAP_USER_DN_ATTRIBUTE="uid"
LDAP_USER_UID_ATTRIBUTE="uidNumber"
LDAP_USER_UID_ALIASES=[]
LDAP_USER_LOGINNAME_ATTRIBUTE="uid"
LDAP_USER_LOGINNAME_ALIASES=[]
LDAP_USER_DISPLAYNAME_ATTRIBUTE="cn"
LDAP_USER_DISPLAYNAME_ALIASES=["givenName", "displayName"]
LDAP_USER_MAIL_ATTRIBUTE="mail"
LDAP_USER_MAIL_ALIASES=[]
LDAP_USER_DEFAULT_ATTRIBUTES={
"sn": " ",
"homeDirectory": "/home/{loginname}",
"gidNumber": LDAP_USER_GID
}
LDAP_GROUP_SEARCH_BASE="ou=groups,dc=example,dc=com"
LDAP_GROUP_SEARCH_FILTER=[("objectClass","groupOfUniqueNames")]
LDAP_GROUP_GID_ATTRIBUTE="gidNumber"
LDAP_GROUP_NAME_ATTRIBUTE="cn"
LDAP_GROUP_DESCRIPTION_ATTRIBUTE="description"
LDAP_GROUP_MEMBER_ATTRIBUTE="uniqueMember"
LDAP_MAIL_SEARCH_BASE="ou=postfix,dc=example,dc=com"
LDAP_MAIL_SEARCH_FILTER=[("objectClass","postfixVirtual")]
LDAP_MAIL_OBJECTCLASSES=["top", "postfixVirtual"]
LDAP_MAIL_DN_ATTRIBUTE="uid"
LDAP_MAIL_UID_ATTRIBUTE="uid"
LDAP_MAIL_RECEIVERS_ATTRIBUTE="mailacceptinggeneralid"
LDAP_MAIL_DESTINATIONS_ATTRIBUTE="maildrop"
LDAP_SERVICE_BIND_DN=""
LDAP_SERVICE_BIND_PASSWORD=""
LDAP_SERVICE_URL="ldapi:///"
LDAP_SERVICE_USE_STARTTLS=True
SESSION_LIFETIME_SECONDS=3600
# CSRF protection
SESSION_COOKIE_SECURE=True
SESSION_COOKIE_HTTPONLY=True
SESSION_COOKIE_SAMESITE='Strict'
ACL_ADMIN_GROUP="uffd_admin"
ACL_SELFSERVICE_GROUP="uffd_access"
MAIL_SERVER='' # e.g. example.com
MAIL_PORT=465
MAIL_USERNAME='yourId@example.com'
MAIL_PASSWORD='*****'
MAIL_USE_STARTTLS=True
MAIL_FROM_ADDRESS='foo@bar.com'
#MFA_ICON_URL = 'https://example.com/logo.png'
#MFA_RP_ID = 'example.com' # If unset, hostname from current request is used
MFA_RP_NAME = 'Uffd Test Service' # Service name passed to U2F/FIDO2 authenticators
ROLES_BASEROLES=['base']
SQLALCHEMY_TRACK_MODIFICATIONS=False
FOOTER_LINKS=[{"url": "https://example.com", "title": "example"}]
OAUTH2_CLIENTS={
#'test_client_id' : {'client_secret': 'random_secret', 'redirect_uris': ['https://example.com/oauth']},
# You can optionally restrict access to users with a certain group. Set 'required_group' to the name of an LDAP group name or a list of groups.
# ... 'required_group': 'test_access_group' ... only allows users with group "test_access_group" access
# ... 'required_group': ['groupa', ['groupb', 'groupc']] ... allows users with group "groupa" as well as users with both "groupb" and "groupc" access
}
# Service overview page (disabled if empty)
SERVICES=[
# # Title is mandatory, all other fields are optional.
# # For permission_levels/groups/infos/links all fields are mandatory aside from required_group.
# {
# 'title': 'Service Title',
# 'subtitle': 'Service Subtitle',
# 'description': 'Short description of the service as plain text',
# 'url': 'https://example.com/',
# 'logo_url': 'https://example.com/logo.png',
# # Basic access group name, service is accessible to everyone if empty
# 'required_group': 'users',
# # Non-basic permission levels, the last matching entry is selected.
# # Users with a matching permission level are considered to have
# # access to the service (as if they have the basic access group).
# 'permission_levels': [
# {'name': 'Moderator', 'required_group': 'moderators'},
# {'name': 'Admin', 'required_group': 'uffd_admin'},
# ],
# # Per default all services are listed publicly (but grayed out for
# # guests/users without access). Confidential services are only visible
# # to users with access rights to the service.
# 'confidential': True,
# # In-service groups, all matching items are visible
# 'groups': [
# {'name': 'Group "crew_crew"', 'required_group': 'users'},
# {'name': 'Group "crew_logistik"', 'required_group': 'uffd_admin'},
# ],
# # Infos are small/medium amounts of information displayed in a modal
# # dialog. All matching items are visible.
# 'infos': [
# {'title': 'Documentation', 'html': '<p>Some information about the service as html</p>', 'required_group': 'users'},
# ],
# # Links to external sites, all matching items are visible
# 'links': [
# {'title': 'Link to an external site', 'url': '#', 'required_group': 'users'},
# ]
# },
]
# Enable the service overview page for users who are not logged in
SERVICES_PUBLIC=True
BRANDING_LOGO_URL='/static/empty.png'
# do NOT set in production
#TEMPLATES_AUTO_RELOAD=True
#SQLALCHEMY_ECHO=True
#FLASK_ENV=development
#LDAP_SERVICE_MOCK=True
# DO set in production
# SECRET_KEY=<long key>
# FLASK_ENV=production
# SQLALCHEMY_DATABASE_URI=<path>