mail-server/tests/resources/ldap/ldap.cfg
2024-08-01 17:09:39 +02:00

125 lines
3.1 KiB
INI

#################
# LDAP test config
#################
# General configuration.
debug = true
watchconfig = true
#################
# Server configuration.
[ldap]
enabled = true
# run on a non privileged port
listen = "0.0.0.0:3893"
[ldaps]
# to enable ldaps genrerate a certificate, eg. with:
# openssl req -x509 -newkey rsa:4096 -keyout example.key -out example.crt -days 365 -nodes -subj '/CN=`hostname`'
enabled = false
listen = "0.0.0.0:3894"
cert = "example.crt"
key = "example.key"
#################
# The backend section controls the data store.
[backend]
datastore = "config"
baseDN = "dc=example,dc=org"
nameformat = "cn"
groupformat = "ou"
[behaviors]
# Ignore all capabilities restrictions, for instance allowing every user to perform a search
IgnoreCapabilities = false
# Enable a "fail2ban" type backoff mechanism temporarily banning repeated failed login attempts
LimitFailedBinds = true
# How many failed login attempts are allowed before a ban is imposed
NumberOfFailedBinds = 3
# How long (in seconds) is the window for failed login attempts
PeriodOfFailedBinds = 10
# How long (in seconds) is the ban duration
BlockFailedBindsFor = 60
# Clean learnt IP addresses every N seconds
PruneSourceTableEvery = 600
# Clean learnt IP addresses not seen in N seconds
PruneSourcesOlderThan = 600
#################
# The users section contains a hardcoded list of valid users.
[[users]]
name = "john"
givenname = "john.doe@example.org"
sn = "info@example.org"
uidnumber = 2
primarygroup = 5
mail = "john@example.org"
[[users.customattributes]]
principalName = ["John Doe"]
userPassword = ["12345"]
[[users]]
name = "jane"
sn = "info@example.org"
mail = "jane@example.org"
uidnumber = 3
primarygroup = 5
[[users.customattributes]]
otherGroups = ["support"]
principalName = ["Jane Doe"]
userPassword = ["abcde"]
[[users]]
name = "bill"
sn = "info@example.org"
mail = "bill@example.org"
uidnumber = 4
[[users.customattributes]]
principalName = ["Bill Foobar"]
diskQuota = [500000]
userPassword = ["$2y$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe"]
[[users]]
name = "robert"
sn = "@catchall.org"
mail = "robert@catchall.org"
uidnumber = 7
[[users.customattributes]]
principalName = ["Robect Foobar"]
userPassword = ["nopass"]
[[users]]
name = "serviceuser"
mail = "serviceuser@example.org"
uidnumber = 5003
primarygroup = 5502
passsha256 = "652c7dc687d98c9889304ed2e408c74b611e86a40caa51c4b43f1dd5913c5cd0" # mysecret
[[users.capabilities]]
action = "search"
object = "*"
#################
# The groups section contains a hardcoded list of valid users.
[[groups]]
name = "sales"
gidnumber = 5
[[groups]]
name = "support"
gidnumber = 6
[[groups]]
name = "svcaccts"
gidnumber = 5502
#################
# Enable and configure the optional REST API here.
[api]
enabled = false
internals = true # debug application performance
tls = false # enable TLS for production!!
listen = "0.0.0.0:5555"
cert = "cert.pem"
key = "key.pem"