forked from IdentityPython/SATOSA
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathldap_attribute_store.yaml.example
65 lines (64 loc) · 2.63 KB
/
ldap_attribute_store.yaml.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
module: LdapAttributeStore
name: LdapAttributeStore
config:
"":
ldap_url: ldaps://ldap.example.org
bind_dn: cn=admin,dc=example,dc=org
bind_password: xxxxxxxx
search_base: ou=People,dc=example,dc=org
search_return_attributes:
# Format is LDAP attribute name : internal attribute name
sn: surname
givenName: givenname
mail: mail
employeeNumber: employeenumber
isMemberOf: ismemberof
# LDAP connection pool size
pool_size: 10
# LDAP connection pool seconds to wait between calls out to server
# to keep the connection alive (uses harmless Abandon(0) call)
pool_keepalive: 10
ordered_identifier_candidates:
# Ordered list of identifiers to use when constructing the
# search filter to find the user record in LDAP directory.
# This example searches in order for eduPersonUniqueId, eduPersonPrincipalName
# combined with SAML persistent NameID, eduPersonPrincipalName
# combined with eduPersonTargetedId, eduPersonPrincipalName,
# SAML persistent NameID, and eduPersonTargetedId.
- attribute_names: [epuid]
- attribute_names: [eppn, name_id]
name_id_format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
- attribute_names: [eppn, edupersontargetedid]
- attribute_names: [eppn]
- attribute_names: [name_id]
name_id_format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
add_scope: issuer_entityid
- attribute_names: [edupersontargetedid]
add_scope: issuer_entityid
ldap_identifier_attribute: uid
# Whether to clear values for attributes incoming
# to this microservice. Default is no or false.
clear_input_attributes: no
# List of LDAP attributes to use as input to hashing to create
# NameID.
user_id_from_attrs:
- employeeNumber
# Where to redirect the browser if no record is returned
# from LDAP. The default is not to redirect.
on_ldap_search_result_empty: https://my.vo.org/please/go/enroll
# Configuration may also be done per-SP with any
# missing parameters taken from the default if any.
# The configuration key is the entityID of the SP.
#
# For example:
https://sp.myserver.edu/shibboleth-sp:
search_base: ou=People,o=MyVO,dc=example,dc=org
search_return_attributes:
employeeNumber: employeenumber
ordered_identifier_candidates:
- attribute_names: [eppn]
user_id_from_attrs:
- uid
# The microservice may be configured to ignore a particular SP.
https://another.sp.myserver.edu:
ignore: true