2022-11-12 14:00:06 +01:00
|
|
|
LISTEN="0.0.0.0:8080"
|
2022-10-08 18:52:11 +02:00
|
|
|
LDAP_HOST="ldap://ldap.example.org"
|
2023-08-07 13:59:12 +02:00
|
|
|
# The base DN exposed to API. Could be buried in LDAP tree so we expose only a subset of directory.
|
|
|
|
LDAP_BASE_DN="ou=configuration,dc=example,dc=org"
|
2022-11-11 13:01:33 +01:00
|
|
|
|
2023-08-07 14:01:04 +02:00
|
|
|
# This account search for valid users provided by authenticating clients.
|
2022-11-12 14:00:06 +01:00
|
|
|
# Then glapi bind with client provided credentials to operate LDAP.
|
|
|
|
# Thus this account only needs bind privilege, and read access to users organizational unit
|
|
|
|
LDAP_USER="cn=ldapreaduser,dc=example,dc=org"
|
2022-10-08 18:52:11 +02:00
|
|
|
LDAP_PASS='here_lies_the_password'
|
2022-11-11 13:01:33 +01:00
|
|
|
|
2023-08-07 13:59:12 +02:00
|
|
|
# This base DN is where we seach for authenticating accounts. This way we can chose not to expose them to the API.
|
|
|
|
LDAP_AUTH_BASE_DN="ou=users,dc=example,dc=org"
|
|
|
|
|
2022-11-11 13:01:33 +01:00
|
|
|
# Https support
|
|
|
|
HTTPS=false
|
|
|
|
SSL_CERTIFICATE=/etc/ssl/certs/server.pem
|
|
|
|
SSL_PRIVATE_KEY=/etc/ssl/private/server.key
|