-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathldap.yml
66 lines (61 loc) · 2.13 KB
/
ldap.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
## Authorizations
# Uncomment out the merging for each environment that you'd like to include.
# You can also just copy and paste the tree (do not include the "authorizations") to each
# environment if you need something different per enviornment.
authorizations: &AUTHORIZATIONS
allow_unauthenticated_bind: false
group_base: ou=groups,dc=test,dc=com
## Requires config.ldap_check_group_membership in devise.rb be true
# Can have multiple values, must match all to be authorized
required_groups:
# If only a group name is given, membership will be checked against "uniqueMember"
- cn=admins,ou=groups,dc=test,dc=com
- cn=users,ou=groups,dc=test,dc=com
# If an array is given, the first element will be the attribute to check against, the second the group name
- ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"]
## Requires config.ldap_check_attributes in devise.rb to be true
## Can have multiple attributes and values, must match all to be authorized
require_attribute:
objectClass: inetOrgPerson
authorizationRole: postsAdmin
## Environment
development:
host: dc1.test.com
port: 389
attribute: sAMAccountName
base: ou=groups,dc=test,dc=com
admin_user: CN=wmap,CN=Users, ou=groups,dc=test,dc=com
admin_password: QK@#$1_8ac
ssl: false
# <<: *AUTHORIZATIONS
authorizations: &AUTHORIZATIONS
#group_base: ou=role,dc=domain,dc=com
required_groups:
- ou=groups,dc=test,dc=com
test:
host: dc1.test.com
port: 389
attribute: sAMAccountName
base: ou=groups, dc=test,dc=com
admin_user: CN=wmap,CN=Users,ou=groups, dc=test,dc=com
admin_password: QK@#$1_8ac
ssl: false
# <<: *AUTHORIZATIONS
authorizations: &AUTHORIZATIONS
#group_base: ou=role,dc=domain,dc=com
required_groups:
- ou=groups, dc=test,dc=com
# <<: *AUTHORIZATIONS
production:
host: dc1.test.com
port: 389
attribute: sAMAccountName
base: DC=us, DC=Test, DC=com
admin_user: <%= ENV['LDAP_SEEVICE_ACCT'] %>
admin_password: <%= ENV['LDAP_SEEVICE_PASS'] %>
ssl: false
# <<: *AUTHORIZATIONS
authorizations: &AUTHORIZATIONS
#group_base: ou=role,dc=domain,dc=com
required_groups:
- ou=groups, dc=test,dc=com