v0.5.5: Add "ldap-auth-base-dn" parameter to search autenticating accounts, so we can separate authentication and manipulated base DN
This commit is contained in:
parent
bf9e0afccc
commit
c74855d064
@ -1,6 +1,7 @@
|
||||
LISTEN="0.0.0.0:8080"
|
||||
LDAP_HOST="ldap://ldap.example.org"
|
||||
LDAP_BASE_DN="dc=example,dc=org"
|
||||
# The base DN exposed to API. Could be buried in LDAP tree so we expose only a subset of directory.
|
||||
LDAP_BASE_DN="ou=configuration,dc=example,dc=org"
|
||||
|
||||
# This account search for valid user provided by authenticating client.
|
||||
# Then glapi bind with client provided credentials to operate LDAP.
|
||||
@ -8,6 +9,9 @@ LDAP_BASE_DN="dc=example,dc=org"
|
||||
LDAP_USER="cn=ldapreaduser,dc=example,dc=org"
|
||||
LDAP_PASS='here_lies_the_password'
|
||||
|
||||
# This base DN is where we seach for authenticating accounts. This way we can chose not to expose them to the API.
|
||||
LDAP_AUTH_BASE_DN="ou=users,dc=example,dc=org"
|
||||
|
||||
# Https support
|
||||
HTTPS=false
|
||||
SSL_CERTIFICATE=/etc/ssl/certs/server.pem
|
||||
|
Loading…
Reference in New Issue
Block a user