Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###############################################################
- # Authelia configuration #
- ###############################################################
- # The port to listen on
- port: 80
- # Log level
- #
- # Level of verbosity for logs
- logs_level: debug
- # LDAP configuration
- #
- # Example: for user john, the DN will be cn=john,ou=users,dc=example,dc=com
- ldap:
- # The url of the ldap server
- url: ldap://openldap
- # The base dn for every entries
- base_dn: dc=example,dc=com
- # An additional dn to define the scope to all users
- additional_users_dn: ou=users
- # The users filter.
- # {0} is the matcher replaced by username.
- # 'cn={0}' by default.
- users_filter: cn={0}
- # An additional dn to define the scope of groups
- additional_groups_dn: ou=groups
- # The groups filter.
- # {0} is the matcher replaced by user dn.
- # 'member={0}' by default.
- groups_filter: (&(member={0})(objectclass=groupOfNames))
- # The attribute holding the name of the group
- group_name_attribute: cn
- # The attribute holding the mail address of the user
- mail_attribute: mail
- # The username and password of the admin user.
- user: cn=admin,dc=example,dc=com
- password: password
- # Access Control
- #
- # Access control is a set of rules you can use to restrict the user access.
- # Default (anyone), per-user or per-group rules can be defined.
- #
- # If 'access_control' is not defined, ACL rules are disabled and a default policy
- # is applied, i.e., access is allowed to anyone. Otherwise restrictions follow
- # the rules defined below.
- # If no rule is provided, all domains are denied.
- #
- # One can use the wildcard * to match any subdomain.
- # Note 1: It must stand at the beginning of the pattern. (example: *.mydomain.com)
- # Note 2: You must put the pattern in simple quotes when using the wildcard.
- access_control:
- # The default policy. Applies to any user
- default:
- - public.test.local
- # Group based policies. The key is a group name and the value
- # is the domain to allow access to.
- groups:
- admin:
- - '*.test.local'
- dev:
- - secret.test.local
- - secret2.test.local
- # Group based policies. The key is a group name and the value
- # is the domain to allow access to.
- users:
- harry:
- - secret1.test.local
- bob:
- - '*.mail.test.local'
- # Configuration of session cookies
- #
- # The session cookies identify the user once logged in.
- session:
- # The secret to encrypt the session cookie.
- secret: unsecure_secret
- # The time before the cookie expires.
- expiration: 3600000
- # The domain to protect.
- # Note: the authenticator must also be in that domain. If empty, the cookie
- # is restricted to the subdomain of the issuer.
- domain: test.local
- # The redis connection details
- redis:
- host: redis
- port: 6379
- # Configuration of the authentication regulation mechanism.
- #
- # This mechanism prevents attackers from brute forcing the first factor.
- # It bans the user if too many attempts are done in a short period of
- # time.
- regulation:
- # The number of failed login attempts before user is banned.
- # Set it to 0 for disabling regulation.
- max_retries: 3
- # The length of time between login attempts before user is banned.
- find_time: 15
- # The length of time before a banned user can login again.
- ban_time: 4
- # Configuration of the storage backend used to store data and secrets.
- #
- # You must use only an available configuration: local, mongo
- storage:
- # The directory where the DB files will be saved
- # local: /var/lib/authelia/store
- # Settings to connect to mongo server
- mongo:
- url: mongodb://192.168.20.202/authelia
- # Configuration of the notification system.
- #
- # Notifications are sent to users when they require a password reset, a u2f
- # registration or a TOTP registration.
- # Use only an available configuration: filesystem, gmail
- notifier:
- # For testing purpose, notifications can be sent in a file
- filesystem:
- filename: /var/lib/authelia/notifications/notification.txt
- # Use your gmail account to send the notifications. You can use an app password.
- # gmail:
- # username: user@example.com
- # password: yourpassword
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement