| # LDAP server authentication example. |
| # See reference.yml for additional options. |
| |
| server: |
| addr: :5001 |
| certificate: /path/to/server.pem |
| key: /path/to/server.key |
| token: |
| issuer: Acme auth server |
| expiration: 900 |
| ldap_auth: |
| # Addr is the hostname:port or ip:port |
| addr: ldap.example.com:636 |
| # Setup tls connection method to be |
| # "" or "none": the communication won't be encrypted |
| # "always": setup LDAP over SSL/TLS |
| # "starttls": sets StartTLS as the encryption method |
| tls: always |
| # set to true to allow insecure tls |
| insecure_tls_skip_verify: false |
| # set this to specify the ca certificate path |
| ca_certificate: |
| # In case bind DN and password is required for querying user information, |
| # specify them here. Plain text password is read from the file. |
| bind_dn: |
| bind_password_file: |
| # User query settings. ${account} is expanded from auth request |
| base: o=example.com |
| filter: (&(uid=${account})(objectClass=person)) |
| acl: |
| # This will allow authenticated users to pull/push |
| - match: |
| account: /.+/ |
| actions: ['*'] |
