mirror of
https://github.com/lldap/lldap.git
synced 2026-03-31 15:07:48 +01:00
farshad
35 lines
1.6 KiB
YAML
35 lines
1.6 KiB
YAML
###############################################################
|
|
# Authelia configuration #
|
|
###############################################################
|
|
|
|
# This is just the LDAP part of the Authelia configuration!
|
|
# See Authelia docs at https://www.authelia.com/configuration/first-factor/ldap/ for more info
|
|
|
|
authentication_backend:
|
|
# Password reset through authelia works normally.
|
|
password_reset:
|
|
disable: false
|
|
# How often authelia should check if there is a user update in LDAP
|
|
refresh_interval: 1m
|
|
ldap:
|
|
implementation: lldap
|
|
# Pattern is ldap://HOSTNAME-OR-IP:PORT
|
|
# Normal ldap port is 389, standard in LLDAP is 3890
|
|
address: ldap://lldap:3890
|
|
# Set base dn that you configured in LLDAP
|
|
base_dn: dc=example,dc=com
|
|
# The username and password of the bind user.
|
|
# "bind_user" should be the username you created for authentication with the "lldap_strict_readonly" permission. It is not recommended to use an actual admin account here.
|
|
# If you are configuring Authelia to change user passwords, then the account used here needs the "lldap_password_manager" permission instead.
|
|
user: uid=bind_user,ou=people,dc=example,dc=com
|
|
# Password can also be set using a secret: https://www.authelia.com/configuration/methods/secrets/
|
|
password: 'REPLACE_ME'
|
|
|
|
# Optional: Setup TLS if you've enabled LDAPS
|
|
# tls:
|
|
# skip_verify: false
|
|
# minimum_version: TLS1.2
|
|
|
|
# Optional: To allow sign in with BOTH username and email, you can change the users_filter to this
|
|
# users_filter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))"
|