|
1 | 1 | module: LdapAttributeStore |
2 | 2 | name: LdapAttributeStore |
3 | 3 | config: |
| 4 | + |
| 5 | + # The microservice may be configured per SP. |
| 6 | + # The configuration key is the entityID of the SP. |
| 7 | + # The empty key ("") specifies the default configuration |
4 | 8 | "": |
5 | 9 | ldap_url: ldaps://ldap.example.org |
6 | 10 | bind_dn: cn=admin,dc=example,dc=org |
7 | 11 | bind_password: xxxxxxxx |
8 | 12 | search_base: ou=People,dc=example,dc=org |
9 | | - read_only : true |
10 | | - version : 3 |
| 13 | + read_only: true |
| 14 | + auto_bind: true |
| 15 | + version: 3 |
| 16 | + |
| 17 | + ## See ldap3 client_strategies. The default is REUSABLE. |
| 18 | + client_strategy: RESTARTABLE |
| 19 | + ## Specify pool settings when using REUSABLE client strategy. |
| 20 | + # pool_size: number of open connection; default: 10 |
| 21 | + pool_size: 10 |
| 22 | + # pool_keepalive: seconds to wait between calls to server to keep the |
| 23 | + # connection alive; default: 10 |
| 24 | + pool_keepalive: 10 |
11 | 25 |
|
12 | | - # see ldap3 client_strategies |
13 | | - client_strategy : RESTARTABLE |
14 | | - auto_bind : true |
15 | | - pool_size : 10 |
16 | | - pool_keepalive : 10 |
| 26 | + # Attributes to return from LDAP query. |
| 27 | + query_return_attributes: |
| 28 | + - sn |
| 29 | + - givenName |
| 30 | + - mail |
| 31 | + - employeeNumber |
| 32 | + - isMemberOf |
17 | 33 |
|
| 34 | + # LDAP attribute to internal attribute mapping. |
| 35 | + ldap_to_internal_map: |
| 36 | + sn: surname |
| 37 | + givenName: givenname |
| 38 | + mail: mail |
| 39 | + employeeNumber: employeenumber |
| 40 | + isMemberOf: ismemberof |
| 41 | + |
| 42 | + # Deprecated. |
| 43 | + # Use query_return_attributes and ldap_to_internal_map instead. |
| 44 | + # Format is LDAP attribute name: internal attribute name |
18 | 45 | search_return_attributes: |
19 | | - # Format is LDAP attribute name : internal attribute name |
20 | 46 | sn: surname |
21 | 47 | givenName: givenname |
22 | 48 | mail: mail |
23 | 49 | employeeNumber: employeenumber |
24 | 50 | isMemberOf: ismemberof |
25 | | - # LDAP connection pool size |
26 | | - pool_size: 10 |
27 | | - # LDAP connection pool seconds to wait between calls out to server |
28 | | - # to keep the connection alive (uses harmless Abandon(0) call) |
29 | | - pool_keepalive: 10 |
| 51 | + |
| 52 | + # Ordered list of identifiers to use when constructing the search filter |
| 53 | + # to find the user record in LDAP directory. |
| 54 | + # |
| 55 | + # This example searches in order for eduPersonUniqueId, |
| 56 | + # eduPersonPrincipalName combined with SAML persistent NameID, |
| 57 | + # eduPersonPrincipalName combined with eduPersonTargetedId, |
| 58 | + # eduPersonPrincipalName, SAML persistent NameID, and |
| 59 | + # eduPersonTargetedId. |
30 | 60 | ordered_identifier_candidates: |
31 | | - # Ordered list of identifiers to use when constructing the |
32 | | - # search filter to find the user record in LDAP directory. |
33 | | - # This example searches in order for eduPersonUniqueId, eduPersonPrincipalName |
34 | | - # combined with SAML persistent NameID, eduPersonPrincipalName |
35 | | - # combined with eduPersonTargetedId, eduPersonPrincipalName, |
36 | | - # SAML persistent NameID, and eduPersonTargetedId. |
37 | | - - attribute_names: [epuid] |
38 | | - - attribute_names: [eppn, name_id] |
| 61 | + - attribute_names: |
| 62 | + - epuid |
| 63 | + - attribute_names: |
| 64 | + - eppn |
| 65 | + - name_id |
39 | 66 | name_id_format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent |
40 | | - - attribute_names: [eppn, edupersontargetedid] |
41 | | - - attribute_names: [eppn] |
42 | | - - attribute_names: [name_id] |
| 67 | + - attribute_names: |
| 68 | + - eppn |
| 69 | + - edupersontargetedid |
| 70 | + - attribute_names: |
| 71 | + - eppn |
| 72 | + - attribute_names: |
| 73 | + - name_id |
43 | 74 | name_id_format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent |
44 | 75 | add_scope: issuer_entityid |
45 | | - - attribute_names: [edupersontargetedid] |
| 76 | + - attribute_names: |
| 77 | + - edupersontargetedid |
46 | 78 | add_scope: issuer_entityid |
| 79 | + |
47 | 80 | ldap_identifier_attribute: uid |
| 81 | + |
48 | 82 | # Whether to clear values for attributes incoming |
49 | 83 | # to this microservice. Default is no or false. |
50 | 84 | clear_input_attributes: no |
| 85 | + |
51 | 86 | # List of LDAP attributes to use as input to hashing to create |
52 | 87 | # NameID. |
53 | 88 | user_id_from_attrs: |
54 | 89 | - employeeNumber |
| 90 | + |
55 | 91 | # Where to redirect the browser if no record is returned |
56 | 92 | # from LDAP. The default is not to redirect. |
57 | 93 | on_ldap_search_result_empty: https://my.vo.org/please/go/enroll |
58 | | - # Configuration may also be done per-SP with any |
59 | | - # missing parameters taken from the default if any. |
| 94 | + |
| 95 | + # The microservice may be configured per SP. |
60 | 96 | # The configuration key is the entityID of the SP. |
61 | | - # |
62 | | - # For example: |
| 97 | + # Αny missing parameters are looked up from the default configuration. |
63 | 98 | https://sp.myserver.edu/shibboleth-sp: |
64 | 99 | search_base: ou=People,o=MyVO,dc=example,dc=org |
65 | 100 | search_return_attributes: |
66 | 101 | employeeNumber: employeenumber |
67 | 102 | ordered_identifier_candidates: |
68 | | - - attribute_names: [eppn] |
| 103 | + - attribute_names: |
| 104 | + - eppn |
69 | 105 | user_id_from_attrs: |
70 | 106 | - uid |
| 107 | + |
71 | 108 | # The microservice may be configured to ignore a particular SP. |
72 | 109 | https://another.sp.myserver.edu: |
73 | 110 | ignore: true |
0 commit comments