API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 12th, 2017
865
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.23 KB | None | 0 0
raw download clone embed print report
  1. ###############################################################
  2. # Authelia configuration #
  3. ###############################################################
  4.  
  5. # The port to listen on
  6. port: 80
  7.  
  8. # Log level
  9. #
  10. # Level of verbosity for logs
  11. logs_level: debug
  12.  
  13. # LDAP configuration
  14. #
  15. # Example: for user john, the DN will be cn=john,ou=users,dc=example,dc=com
  16. ldap:
  17. # The url of the ldap server
  18. url: ldap://openldap
  19.  
  20. # The base dn for every entries
  21. base_dn: dc=example,dc=com
  22.  
  23. # An additional dn to define the scope to all users
  24. additional_users_dn: ou=users
  25.  
  26. # The users filter.
  27. # {0} is the matcher replaced by username.
  28. # 'cn={0}' by default.
  29. users_filter: cn={0}
  30.  
  31. # An additional dn to define the scope of groups
  32. additional_groups_dn: ou=groups
  33.  
  34. # The groups filter.
  35. # {0} is the matcher replaced by user dn.
  36. # 'member={0}' by default.
  37. groups_filter: (&(member={0})(objectclass=groupOfNames))
  38.  
  39. # The attribute holding the name of the group
  40. group_name_attribute: cn
  41.  
  42. # The attribute holding the mail address of the user
  43. mail_attribute: mail
  44.  
  45. # The username and password of the admin user.
  46. user: cn=admin,dc=example,dc=com
  47. password: password
  48.  
  49.  
  50. # Access Control
  51. #
  52. # Access control is a set of rules you can use to restrict the user access.
  53. # Default (anyone), per-user or per-group rules can be defined.
  54. #
  55. # If 'access_control' is not defined, ACL rules are disabled and a default policy
  56. # is applied, i.e., access is allowed to anyone. Otherwise restrictions follow
  57. # the rules defined below.
  58. # If no rule is provided, all domains are denied.
  59. #
  60. # One can use the wildcard * to match any subdomain.
  61. # Note 1: It must stand at the beginning of the pattern. (example: *.mydomain.com)
  62. # Note 2: You must put the pattern in simple quotes when using the wildcard.
  63. access_control:
  64. # The default policy. Applies to any user
  65. default:
  66. - public.test.local
  67.  
  68. # Group based policies. The key is a group name and the value
  69. # is the domain to allow access to.
  70. groups:
  71. admin:
  72. - '*.test.local'
  73. dev:
  74. - secret.test.local
  75. - secret2.test.local
  76.  
  77. # Group based policies. The key is a group name and the value
  78. # is the domain to allow access to.
  79. users:
  80. harry:
  81. - secret1.test.local
  82. bob:
  83. - '*.mail.test.local'
  84.  
  85.  
  86. # Configuration of session cookies
  87. #
  88. # The session cookies identify the user once logged in.
  89. session:
  90. # The secret to encrypt the session cookie.
  91. secret: unsecure_secret
  92.  
  93. # The time before the cookie expires.
  94. expiration: 3600000
  95.  
  96. # The domain to protect.
  97. # Note: the authenticator must also be in that domain. If empty, the cookie
  98. # is restricted to the subdomain of the issuer.
  99. domain: test.local
  100.  
  101. # The redis connection details
  102. redis:
  103. host: redis
  104. port: 6379
  105.  
  106. # Configuration of the authentication regulation mechanism.
  107. #
  108. # This mechanism prevents attackers from brute forcing the first factor.
  109. # It bans the user if too many attempts are done in a short period of
  110. # time.
  111. regulation:
  112. # The number of failed login attempts before user is banned.
  113. # Set it to 0 for disabling regulation.
  114. max_retries: 3
  115.  
  116. # The length of time between login attempts before user is banned.
  117. find_time: 15
  118.  
  119. # The length of time before a banned user can login again.
  120. ban_time: 4
  121.  
  122. # Configuration of the storage backend used to store data and secrets.
  123. #
  124. # You must use only an available configuration: local, mongo
  125. storage:
  126. # The directory where the DB files will be saved
  127. # local: /var/lib/authelia/store
  128.  
  129. # Settings to connect to mongo server
  130. mongo:
  131. url: mongodb://192.168.20.202/authelia
  132.  
  133. # Configuration of the notification system.
  134. #
  135. # Notifications are sent to users when they require a password reset, a u2f
  136. # registration or a TOTP registration.
  137. # Use only an available configuration: filesystem, gmail
  138. notifier:
  139. # For testing purpose, notifications can be sent in a file
  140. filesystem:
  141. filename: /var/lib/authelia/notifications/notification.txt
  142.  
  143. # Use your gmail account to send the notifications. You can use an app password.
  144. # gmail:
  145. # username: user@example.com
  146. # password: yourpassword
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!