| ; Licensed to the Apache Software Foundation (ASF) under one or more |
| ; contributor license agreements. See the NOTICE file distributed with |
| ; this work for additional information regarding copyright ownership. |
| ; The ASF licenses this file to You under the Apache License, Version 2.0 |
| ; (the "License"); you may not use this file except in compliance with |
| ; the License. You may obtain a copy of the License at |
| ; |
| ; http://www.apache.org/licenses/LICENSE-2.0 |
| ; |
| ; Unless required by applicable law or agreed to in writing, software |
| ; distributed under the License is distributed on an "AS IS" BASIS, |
| ; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| ; See the License for the specific language governing permissions and |
| ; limitations under the License. |
| |
| |
| ; Profile module configuration file |
| ; --------------------------------------------------------------------------- |
| ; |
| ; The Profile module simplifies the process of managing users of your web |
| ; application. The primary use case for this module involves authentication |
| ; and authorization using LDAP, although it should be possible to support |
| ; additional back-ends with moderate customization. |
| ; |
| |
| |
| ; *************************************************************************** |
| ; PROFILE AUTHENTICATION SETTINGS |
| ; *************************************************************************** |
| ; |
| ; Responsibility for authentication is delegated to the class specified here. |
| ; The only requirement of the delegated class is that it implement the |
| ; Org_Apache_Oodt_Balance_Interfaces_IApplicationAuthenticationProvider |
| ; interface. |
| ; |
| ; The following settings define both the class name (authentication_class) and |
| ; the filesystem path to the class itself (authentication_class_path). Both |
| ; are required for authentication to function. |
| ; |
| ; Tip: When specifying the authentication_class_path, the token [MODULE_PATH] |
| ; will be expanded to the root directory of this module (i.e.: the location of |
| ; this file) |
| ; |
| ; If authentication is not required, both of these settings should be left |
| ; blank. |
| ; |
| authentication_class = LDAPAuthenticationProvider |
| authentication_class_path = [MODULE_PATH]/classes/LDAPAuthenticationProvider.class.php |
| |
| |
| ; LDAP authentication server connection details |
| ldap_host = "host" |
| ldap_port = 686 |
| ldap_base_dn = "dc=people,dc=project" |
| cookie_key = "__ac__sc__" |
| |
| |
| ; Encryption method used to encrypt user passwords |
| ; Supported options are: |
| ; 1. SHA |
| ; 2. MD5 |
| auth_encryption_method = SHA |
| |
| |
| ; *************************************************************************** |
| ; PROFILE AUTHORIZATION SETTINGS |
| ; *************************************************************************** |
| ; |
| ; Responsibility for authorization is delegated to the class specified here. |
| ; The only requirement of the delegated class is that it implement the |
| ; Org_Apache_Oodt_Balance_Interfaces_IApplicationAuthorizationProvider |
| ; interface. |
| ; |
| ; The following settings define both the class name (authorization_class) and |
| ; the filesystem path to the class itself (authorization_class_path). Both |
| ; are required for authentication to function. |
| ; |
| ; Tip: When specifying the authorization_class_path, the token [MODULE_PATH] |
| ; will be expanded to the root directory of this module (i.e.: the location |
| ; of this file) |
| ; |
| ; If authorization is not required, both of these settings should be left |
| ; blank. |
| ; |
| authorization_class = LDAPAuthorizationProvider |
| authorization_class_path = [MODULE_PATH]/classes/LDAPAuthorizationProvider.class.php |
| |
| |
| ; LDAP authorization filter details |
| authorization_ldap_filter = '&(objectClass=groupOfUniqueNames)' |
| authorization_ldap_filter_userid = 'uniqueMember=uid' |
| |
| ; LDAP authorization server connection details |
| authorization_ldap_host = 'host' |
| authorization_ldap_port = 686 |
| authorization_ldap_base_dn = 'dc=people,dc=project' |
| authorization_ldap_group_dn = 'dc=group,dc=project' |
| authorization_cookie_key = '__ac__sc__' |
| |
| ; Page to redirect users to when authorization is required |
| authorization_redirect_url = [MODULE_ROOT]/login |
| |
| |
| |
| ; *************************************************************************** |
| ; PROFILE ATTRIBUTE SETTINGS |
| ; *************************************************************************** |
| ; User profiles consist of various attributes (name, telephone, email, etc.). |
| ; This section defines the attributes that the profile will expose. |
| |
| ; Attribute Mapping |
| ; The profile module natively understands the following profile attributes, |
| ; which are widely applicable across projects. This section defines a mapping |
| ; between these profile attributes and your specific environment. |
| ; |
| ; commonname_attr: The common name of the user (usually first and last name) |
| commonname_attr = cn |
| ; firstname_attr: The first (given) name of the user |
| firstname_attr = givenname |
| ; lastname_attr: The last (surname) name of the user |
| lastname_attr = sn |
| ; username_attr: The unique id/name of the user |
| username_attr = uid |
| ; email_attr: The email address of the user |
| email_attr = mail |
| |
| ; Visible Attributes |
| ; The profile module will expose the profile attributes specified here. |
| ; These attributes will be displayed for the user to view. |
| ; |
| ; Specify the profile attributes to expose here: |
| profile_attributes[] = givenname |
| profile_attributes[] = sn |
| profile_attributes[] = uid |
| profile_attributes[] = mail |
| |
| ; Attributes allowed to modify |
| ; The profile module will expose the profile attributes specified here. |
| ; These attributes will be displayed for the user to view and the user |
| ; will be allowed to change values in the ldap directory. |
| ; |
| ; Specify the profile attributes to modify here: |
| profile_modify_attributes[] = givenname |
| profile_modify_attributes[] = sn |
| profile_modify_attributes[] = mail |
| |
| ; When displaying the attributes specified above, a human readable label can |
| ; be defined. This will help users better understand which values they are |
| ; seeing and/or modifying. |
| ; |
| ; Specify an attribute-to-label mapping for each of the above attributes here: |
| attr_titles[ 'First name' ] = givenname |
| attr_titles[ 'Last name' ] = sn |
| attr_titles[ 'Username' ] = uid |
| attr_titles[ 'Email' ] = mail |
| |
| |
| ; *************************************************************************** |
| ; PASSWORD VALIDATION SETTINGS |
| ; *************************************************************************** |
| ; In the event that there are requirements that define a valid password, they |
| ; can be specified here as an array of 'tests'. These tests will be invoked |
| ; whenever the user attempts to set / change his or her password. |
| ; |
| ; The general format of these rules is a regular expression followed by a |
| ; pipe (|) followed by the human-readable exception to display when a password |
| ; fails to validate. |
| ; |
| ; EXAMPLES: |
| ; - To require passwords with length of 5 or greater: |
| ; security_password_rules[] = "/.{5,}/|Password must have a length of 5 or greater" |
| ; - To enfoce the presence of at least one uppercase letter |
| ; security_password_rules[] = "/[A-Z]+/|Password must contain at least one uppercase letter" |
| ; |
| ; The security rules will be enforced in series, and processing will halt |
| ; after the first failure. |
| ; |
| security_password_rules[] = |
| |
| |