diff options
author | guillaume <guillaume.cassou@supinfo.com> | 2018-10-09 14:14:39 +0200 |
---|---|---|
committer | guillaume <guillaume.cassou@supinfo.com> | 2018-10-09 14:14:39 +0200 |
commit | 3b4f285fea4a90ee96bfce855e1539adcec9b7aa (patch) | |
tree | 61cbf1212c8d4052cf2bd3c37a497f1d8b204140 /docker-compose.yml | |
parent | 5b8c642d8fb16e00000a1d92bcd3a5c6bbd07bce (diff) | |
download | wekan-3b4f285fea4a90ee96bfce855e1539adcec9b7aa.tar.gz wekan-3b4f285fea4a90ee96bfce855e1539adcec9b7aa.tar.bz2 wekan-3b4f285fea4a90ee96bfce855e1539adcec9b7aa.zip |
add ldap support | simplify authentications
Diffstat (limited to 'docker-compose.yml')
-rw-r--r-- | docker-compose.yml | 121 |
1 files changed, 121 insertions, 0 deletions
diff --git a/docker-compose.yml b/docker-compose.yml index 7509bbc9..4b4cd02d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -63,6 +63,9 @@ services: # What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId . # example: WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId - WEBHOOKS_ATTRIBUTES='' + # Enable the OAuth2 connection + # example: OAUTH2_ENABLED=true + - OAUTH2_ENABLED=false # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 # OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345 # example: OAUTH2_CLIENT_ID=abcde12345 @@ -82,6 +85,124 @@ services: # OAuth2 Token Endpoint. Example: /oauth/token # example: OAUTH2_TOKEN_ENDPOINT=/oauth/token - OAUTH2_TOKEN_ENDPOINT='' + # LDAP_ENABLE : Enable or not the connection by the LDAP + # example : LDAP_ENABLE=true + - LDAP_ENABLE=false + # LDAP_PORT : The port of the LDAP server + # example : LDAP_PORT=389 + - LDAP_PORT=389 + # LDAP_HOST : The host server for the LDAP server + # example : LDAP_HOST=localhost + - LDAP_HOST='' + # LDAP_BASEDN : The base DN for the LDAP Tree + # example : LDAP_BASEDN=ou=user,dc=example,dc=org + - LDAP_BASEDN='' + # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method + # example : LDAP_LOGIN_FALLBACK=true + - LDAP_LOGIN_FALLBACK=false + # LDAP_RECONNECT : Reconnect to the server if the connection is lost + # example : LDAP_RECONNECT=false + - LDAP_RECONNECT=true + # LDAP_TIMEOUT : Overall timeout, in milliseconds + # example : LDAP_TIMEOUT=12345 + - LDAP_TIMEOUT=10000 + # LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds + # example : LDAP_IDLE_TIMEOUT=12345 + - LDAP_IDLE_TIMEOUT=10000 + # LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds + # example : LDAP_CONNECT_TIMEOUT=12345 + - LDAP_CONNECT_TIMEOUT=10000 + # LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search + # example : LDAP_AUTHENTIFICATION=true + - LDAP_AUTHENTIFICATION=false + # LDAP_AUTHENTIFICATION_USERDN : The search user DN + # example : LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org + - LDAP_AUTHENTIFICATION_USERDN='' + # LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user + # example : AUTHENTIFICATION_PASSWORD=admin + - LDAP_AUTHENTIFICATION_PASSWORD='' + # LDAP_LOG_ENABLED : Enable logs for the module + # example : LDAP_LOG_ENABLED=true + - LDAP_LOG_ENABLED=false + # LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background + # example : LDAP_BACKGROUND_SYNC=true + - LDAP_BACKGROUND_SYNC=false + # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds + # example : LDAP_BACKGROUND_SYNC_INTERVAL=12345 + - LDAP_BACKGROUND_SYNC_INTERVAL=100 + # LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED : + # example : LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true + - LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false + # LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS : + # example : LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true + - LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false + # LDAP_ENCRYPTION : If using LDAPS + # example : LDAP_ENCRYPTION=true + - LDAP_ENCRYPTION=false + # LDAP_CA_CERT : The certification for the LDAPS server + # example : LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE----- + - LDAP_CA_CERT='' + # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate + # example : LDAP_REJECT_UNAUTHORIZED=true + - LDAP_REJECT_UNAUTHORIZED=false + # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed + # example : LDAP_USER_SEARCH_FILTER= + - LDAP_USER_SEARCH_FILTER='' + # LDAP_USER_SEARCH_SCOPE : Base (search only in the provided DN), one (search only in the provided DN and one level deep), or subtree (search the whole subtree) + # example : LDAP_USER_SEARCH_SCOPE=one + - LDAP_USER_SEARCH_SCOPE='' + # LDAP_USER_SEARCH_FIELD : Which field is used to find the user + # example : LDAP_USER_SEARCH_FIELD=uid + - LDAP_USER_SEARCH_FIELD='' + # LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited) + # example : LDAP_SEARCH_PAGE_SIZE=12345 + - LDAP_SEARCH_PAGE_SIZE=0 + # LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited) + # example : LDAP_SEARCH_SIZE_LIMIT=12345 + - LDAP_SEARCH_SIZE_LIMIT=0 + # LDAP_GROUP_FILTER_ENABLE : Enable group filtering + # example : LDAP_GROUP_FILTER_ENABLE=true + - LDAP_GROUP_FILTER_ENABLE=false + # LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering + # example : LDAP_GROUP_FILTER_OBJECTCLASS=group + - LDAP_GROUP_FILTER_OBJECTCLASS='' + # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE : + # example : + - LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE='' + # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE : + # example : + - LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE='' + # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT : + # example : + - LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT='' + # LDAP_GROUP_FILTER_GROUP_NAME : + # example : + - LDAP_GROUP_FILTER_GROUP_NAME='' + # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier) + # example : LDAP_UNIQUE_IDENTIFIER_FIELD=guid + - LDAP_UNIQUE_IDENTIFIER_FIELD='' + # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8 + # example : LDAP_UTF8_NAMES_SLUGIFY=false + - LDAP_UTF8_NAMES_SLUGIFY=true + # LDAP_USERNAME_FIELD : Which field contains the ldap username + # example : LDAP_USERNAME_FIELD=username + - LDAP_USERNAME_FIELD='' + # LDAP_MERGE_EXISTING_USERS : + # example : LDAP_MERGE_EXISTING_USERS=true + - LDAP_MERGE_EXISTING_USERS=false + # LDAP_SYNC_USER_DATA : + # example : LDAP_SYNC_USER_DATA=true + - LDAP_SYNC_USER_DATA=false + # LDAP_SYNC_USER_DATA_FIELDMAP : + # example : LDAP_SYNC_USER_DATA_FIELDMAP={\"cn\":\"name\", \"mail\":\"email\"} + - LDAP_SYNC_USER_DATA_FIELDMAP='' + # LDAP_SYNC_GROUP_ROLES : + # example : + - LDAP_SYNC_GROUP_ROLES='' + # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP + # example : + - LDAP_DEFAULT_DOMAIN='' + depends_on: - wekandb |