mirror of
https://github.com/stalwartlabs/mail-server.git
synced 2024-11-25 00:36:41 +00:00
116 lines
2.9 KiB
INI
116 lines
2.9 KiB
INI
#################
|
|
# LDAP test config
|
|
|
|
#################
|
|
# General configuration.
|
|
debug = true
|
|
watchconfig = true
|
|
|
|
#################
|
|
# Server configuration.
|
|
[ldap]
|
|
enabled = true
|
|
# run on a non privileged port
|
|
listen = "0.0.0.0:3893"
|
|
|
|
[ldaps]
|
|
# to enable ldaps genrerate a certificate, eg. with:
|
|
# openssl req -x509 -newkey rsa:4096 -keyout example.key -out example.crt -days 365 -nodes -subj '/CN=`hostname`'
|
|
enabled = false
|
|
listen = "0.0.0.0:3894"
|
|
cert = "example.crt"
|
|
key = "example.key"
|
|
|
|
#################
|
|
# The backend section controls the data store.
|
|
[backend]
|
|
datastore = "config"
|
|
baseDN = "dc=example,dc=org"
|
|
nameformat = "cn"
|
|
groupformat = "ou"
|
|
|
|
[behaviors]
|
|
# Ignore all capabilities restrictions, for instance allowing every user to perform a search
|
|
IgnoreCapabilities = false
|
|
# Enable a "fail2ban" type backoff mechanism temporarily banning repeated failed login attempts
|
|
LimitFailedBinds = true
|
|
# How many failed login attempts are allowed before a ban is imposed
|
|
NumberOfFailedBinds = 3
|
|
# How long (in seconds) is the window for failed login attempts
|
|
PeriodOfFailedBinds = 10
|
|
# How long (in seconds) is the ban duration
|
|
BlockFailedBindsFor = 60
|
|
# Clean learnt IP addresses every N seconds
|
|
PruneSourceTableEvery = 600
|
|
# Clean learnt IP addresses not seen in N seconds
|
|
PruneSourcesOlderThan = 600
|
|
|
|
#################
|
|
# The users section contains a hardcoded list of valid users.
|
|
[[users]]
|
|
name = "john"
|
|
givenname = "john.doe@example.org"
|
|
sn = "info@example.org"
|
|
uidnumber = 2
|
|
primarygroup = 5
|
|
mail = "john@example.org"
|
|
[[users.customattributes]]
|
|
principalName = ["John Doe"]
|
|
userPassword = ["12345"]
|
|
|
|
[[users]]
|
|
name = "jane"
|
|
sn = "info@example.org"
|
|
mail = "jane@example.org"
|
|
uidnumber = 3
|
|
primarygroup = 5
|
|
[[users.customattributes]]
|
|
otherGroups = ["support"]
|
|
principalName = ["Jane Doe"]
|
|
userPassword = ["abcde"]
|
|
|
|
[[users]]
|
|
name = "bill"
|
|
sn = "info@example.org"
|
|
mail = "bill@example.org"
|
|
uidnumber = 4
|
|
[[users.customattributes]]
|
|
principalName = ["Bill Foobar"]
|
|
diskQuota = [500000]
|
|
userPassword = ["$2y$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe"]
|
|
|
|
[[users]]
|
|
name = "serviceuser"
|
|
mail = "serviceuser@example.org"
|
|
uidnumber = 5003
|
|
primarygroup = 5502
|
|
passsha256 = "652c7dc687d98c9889304ed2e408c74b611e86a40caa51c4b43f1dd5913c5cd0" # mysecret
|
|
[[users.capabilities]]
|
|
action = "search"
|
|
object = "*"
|
|
|
|
|
|
#################
|
|
# The groups section contains a hardcoded list of valid users.
|
|
[[groups]]
|
|
name = "sales"
|
|
gidnumber = 5
|
|
|
|
[[groups]]
|
|
name = "support"
|
|
gidnumber = 6
|
|
|
|
[[groups]]
|
|
name = "svcaccts"
|
|
gidnumber = 5502
|
|
|
|
|
|
#################
|
|
# Enable and configure the optional REST API here.
|
|
[api]
|
|
enabled = false
|
|
internals = true # debug application performance
|
|
tls = false # enable TLS for production!!
|
|
listen = "0.0.0.0:5555"
|
|
cert = "cert.pem"
|
|
key = "key.pem"
|