Nathan Coad
@@ -353,9 +353,8 @@ settings:
|
||||
auth_mode: required
|
||||
ldap_bind_address: ldaps://ad01.example.com:636
|
||||
ldap_base_dn: DC=example,DC=com
|
||||
# Optional performance scopes; default to ldap_base_dn when omitted.
|
||||
# Optional user lookup scope; defaults to ldap_base_dn when omitted.
|
||||
ldap_user_base_dn: OU=Users,DC=example,DC=com
|
||||
ldap_group_base_dn: OU=Groups,DC=example,DC=com
|
||||
auth_group_role_mappings:
|
||||
"CN=vctp-viewers,OU=Groups,DC=example,DC=com": viewer
|
||||
"CN=vctp-admins,OU=Groups,DC=example,DC=com": admin
|
||||
@@ -513,9 +512,8 @@ Authentication:
|
||||
- A user must belong to at least one mapped group to receive any role and log in.
|
||||
- `settings.ldap_groups` empty/omitted means no allowlist filter, but mapped-role requirement still applies.
|
||||
- `settings.ldap_bind_address`: LDAP/LDAPS URL used for authentication.
|
||||
- `settings.ldap_base_dn`: LDAP base DN for user/group lookups.
|
||||
- `settings.ldap_base_dn`: LDAP base DN fallback used for user lookup when `settings.ldap_user_base_dn` is not set.
|
||||
- `settings.ldap_user_base_dn`: optional user lookup base DN; defaults to `settings.ldap_base_dn`.
|
||||
- `settings.ldap_group_base_dn`: optional group lookup base DN; defaults to `settings.ldap_base_dn`.
|
||||
- `settings.ldap_trust_cert_file`: optional CA cert file for LDAP TLS.
|
||||
- `settings.ldap_disable_validation`: disables LDAP TLS cert validation.
|
||||
- `settings.ldap_insecure`: insecure LDAP TLS mode.
|
||||
|
||||
Reference in New Issue
Block a user