################# # LDAP test config ################# # General configuration. debug = true watchconfig = true ################# # Server configuration. [ldap] enabled = true # run on a non privileged port listen = "0.0.0.0:3893" [ldaps] # to enable ldaps genrerate a certificate, eg. with: # openssl req -x509 -newkey rsa:4096 -keyout example.key -out example.crt -days 365 -nodes -subj '/CN=`hostname`' enabled = false listen = "0.0.0.0:3894" cert = "example.crt" key = "example.key" ################# # The backend section controls the data store. [backend] datastore = "config" baseDN = "dc=example,dc=org" nameformat = "cn" groupformat = "ou" [behaviors] # Ignore all capabilities restrictions, for instance allowing every user to perform a search IgnoreCapabilities = false # Enable a "fail2ban" type backoff mechanism temporarily banning repeated failed login attempts LimitFailedBinds = true # How many failed login attempts are allowed before a ban is imposed NumberOfFailedBinds = 3 # How long (in seconds) is the window for failed login attempts PeriodOfFailedBinds = 10 # How long (in seconds) is the ban duration BlockFailedBindsFor = 60 # Clean learnt IP addresses every N seconds PruneSourceTableEvery = 600 # Clean learnt IP addresses not seen in N seconds PruneSourcesOlderThan = 600 ################# # The users section contains a hardcoded list of valid users. [[users]] name = "john" givenname = "john.doe@example.org" sn = "info@example.org" uidnumber = 2 primarygroup = 5 mail = "john@example.org" [[users.customattributes]] principalName = ["John Doe"] userPassword = ["12345"] [[users]] name = "jane" sn = "info@example.org" mail = "jane@example.org" uidnumber = 3 primarygroup = 5 [[users.customattributes]] otherGroups = ["support"] principalName = ["Jane Doe"] userPassword = ["abcde"] [[users]] name = "bill" sn = "info@example.org" mail = "bill@example.org" uidnumber = 4 [[users.customattributes]] principalName = ["Bill Foobar"] diskQuota = [500000] userPassword = ["$2y$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe"] [[users]] name = "serviceuser" mail = "serviceuser@example.org" uidnumber = 5003 primarygroup = 5502 passsha256 = "652c7dc687d98c9889304ed2e408c74b611e86a40caa51c4b43f1dd5913c5cd0" # mysecret [[users.capabilities]] action = "search" object = "*" ################# # The groups section contains a hardcoded list of valid users. [[groups]] name = "sales" gidnumber = 5 [[groups]] name = "support" gidnumber = 6 [[groups]] name = "svcaccts" gidnumber = 5502 ################# # Enable and configure the optional REST API here. [api] enabled = false internals = true # debug application performance tls = false # enable TLS for production!! listen = "0.0.0.0:5555" cert = "cert.pem" key = "key.pem"