balance/modules/profile/config.ini - oodt - Git at Google

  ; Licensed to the Apache Software Foundation (ASF) under one or more
  ; contributor license agreements.  See the NOTICE file distributed with
  ; this work for additional information regarding copyright ownership.
  ; The ASF licenses this file to You under the Apache License, Version 2.0
  ; (the "License"); you may not use this file except in compliance with
  ; the License.  You may obtain a copy of the License at
  ;
  ;     http://www.apache.org/licenses/LICENSE-2.0
  ;
  ; Unless required by applicable law or agreed to in writing, software
  ; distributed under the License is distributed on an "AS IS" BASIS,
  ; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  ; See the License for the specific language governing permissions and
  ; limitations under the License.


 ; Profile module configuration file
 ; ---------------------------------------------------------------------------
 ;
 ; The Profile module simplifies the process of managing users of your web
 ; application. The primary use case for this module involves authentication
 ; and authorization using LDAP, although it should be possible to support
 ; additional back-ends with moderate customization.
 ;


 ; ***************************************************************************
 ; PROFILE AUTHENTICATION SETTINGS
 ; ***************************************************************************
 ;
 ; Responsibility for authentication is delegated to the class specified here.
 ; The only requirement of the delegated class is that it implement the
 ; Org_Apache_Oodt_Balance_Interfaces_IApplicationAuthenticationProvider
 ; interface.
 ;
 ; The following settings define both the class name (authentication_class) and
 ; the filesystem path to the class itself (authentication_class_path). Both
 ; are required for authentication to function.
 ;
 ; Tip: When specifying the authentication_class_path, the token [MODULE_PATH]
 ; will be expanded to the root directory of this module (i.e.: the location of
 ; this file)
 ;
 ; If authentication is not required, both of these settings should be left
 ; blank.
 ;
 authentication_class      = LDAPAuthenticationProvider
 authentication_class_path = [MODULE_PATH]/classes/LDAPAuthenticationProvider.class.php


 ; LDAP authentication server connection details
 ldap_host            = "host"
 ldap_port            = 686
 ldap_base_dn         = "dc=people,dc=project"
 cookie_key           = "__ac__sc__"


 ; Encryption method used to encrypt user passwords
 ; Supported options are:
 ; 		1. SHA
 ; 		2. MD5
 auth_encryption_method 	= SHA


 ; ***************************************************************************
 ; PROFILE AUTHORIZATION SETTINGS
 ; ***************************************************************************
 ;
 ; Responsibility for authorization is delegated to the class specified here.
 ; The only requirement of the delegated class is that it implement the
 ; Org_Apache_Oodt_Balance_Interfaces_IApplicationAuthorizationProvider
 ; interface.
 ;
 ; The following settings define both the class name (authorization_class) and
 ; the filesystem path to the class itself (authorization_class_path). Both
 ; are required for authentication to function.
 ;
 ; Tip: When specifying the authorization_class_path, the token [MODULE_PATH]
 ; will be expanded to the root directory of this module (i.e.: the location
 ; of this file)
 ;
 ; If authorization is not required, both of these settings should be left
 ; blank.
 ;
 authorization_class		 = LDAPAuthorizationProvider
 authorization_class_path = [MODULE_PATH]/classes/LDAPAuthorizationProvider.class.php


 ; LDAP authorization filter details
 authorization_ldap_filter = '&(objectClass=groupOfUniqueNames)'
 authorization_ldap_filter_userid = 'uniqueMember=uid'

 ; LDAP authorization server connection details
 authorization_ldap_host            = 'host'
 authorization_ldap_port            = 686
 authorization_ldap_base_dn         = 'dc=people,dc=project'
 authorization_ldap_group_dn        = 'dc=group,dc=project'
 authorization_cookie_key           = '__ac__sc__'

 ; Page to redirect users to when authorization is required
 authorization_redirect_url = [MODULE_ROOT]/login


 ; ***************************************************************************
 ; PROFILE ATTRIBUTE SETTINGS
 ; ***************************************************************************
 ; User profiles consist of various attributes (name, telephone, email, etc.).
 ; This section defines the attributes that the profile will expose.

 ; Attribute Mapping
 ; The profile module natively understands the following profile attributes,
 ; which are widely applicable across projects. This section defines a mapping
 ; between these profile attributes and your specific environment.
 ;
 ; commonname_attr: The common name of the user (usually first and last name)
 commonname_attr = cn
 ; firstname_attr: The first (given) name of the user
 firstname_attr  = givenname
 ; lastname_attr: The last (surname) name of the user
 lastname_attr   = sn
 ; username_attr: The unique id/name of the user
 username_attr   = uid
 ; email_attr: The email address of the user
 email_attr      = mail

 ; Visible Attributes
 ; The profile module will expose the profile attributes specified here.
 ; These attributes will be displayed for the user to view.
 ;
 ; Specify the profile attributes to expose here:
 profile_attributes[] = givenname
 profile_attributes[] = sn
 profile_attributes[] = uid
 profile_attributes[] = mail

 ; Attributes allowed to modify
 ; The profile module will expose the profile attributes specified here.
 ; These attributes will be displayed for the user to view and the user
 ; will be allowed to change values in the ldap directory.
 ;
 ; Specify the profile attributes to modify here:
 profile_modify_attributes[] = givenname
 profile_modify_attributes[] = sn
 profile_modify_attributes[] = mail

 ; When displaying the attributes specified above, a human readable label can
 ; be defined. This will help users better understand which values they are
 ; seeing and/or modifying.
 ;
 ; Specify an attribute-to-label mapping for each of the above attributes here:
 attr_titles[ 'First name' ] = givenname
 attr_titles[ 'Last name' ]  = sn
 attr_titles[ 'Username' ]   = uid
 attr_titles[ 'Email' ]      = mail


 ; ***************************************************************************
 ; PASSWORD VALIDATION SETTINGS
 ; ***************************************************************************
 ; In the event that there are requirements that define a valid password, they
 ; can be specified here as an array of 'tests'. These tests will be invoked
 ; whenever the user attempts to set / change his or her password.
 ;
 ; The general format of these rules is a regular expression followed by a
 ; pipe (|) followed by the human-readable exception to display when a password
 ; fails to validate.
 ;
 ; EXAMPLES:
 ; - To require passwords with length of 5 or greater:
 ;   security_password_rules[] = "/.{5,}/|Password must have a length of 5 or greater"
 ; - To enfoce the presence of at least one uppercase letter
 ;   security_password_rules[] = "/[A-Z]+/|Password must contain at least one uppercase letter"
 ;
 ; The security rules will be enforced in series, and processing will halt
 ; after the first failure.
 ;
 security_password_rules[] =
	; Licensed to the Apache Software Foundation (ASF) under one or more
	; contributor license agreements. See the NOTICE file distributed with
	; this work for additional information regarding copyright ownership.
	; The ASF licenses this file to You under the Apache License, Version 2.0
	; (the "License"); you may not use this file except in compliance with
	; the License. You may obtain a copy of the License at
	;
	; http://www.apache.org/licenses/LICENSE-2.0
	;
	; Unless required by applicable law or agreed to in writing, software
	; distributed under the License is distributed on an "AS IS" BASIS,
	; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	; See the License for the specific language governing permissions and
	; limitations under the License.


	; Profile module configuration file
	; ---------------------------------------------------------------------------
	;
	; The Profile module simplifies the process of managing users of your web
	; application. The primary use case for this module involves authentication
	; and authorization using LDAP, although it should be possible to support
	; additional back-ends with moderate customization.
	;


	; ***************************************************************************
	; PROFILE AUTHENTICATION SETTINGS
	; ***************************************************************************
	;
	; Responsibility for authentication is delegated to the class specified here.
	; The only requirement of the delegated class is that it implement the
	; Org_Apache_Oodt_Balance_Interfaces_IApplicationAuthenticationProvider
	; interface.
	;
	; The following settings define both the class name (authentication_class) and
	; the filesystem path to the class itself (authentication_class_path). Both
	; are required for authentication to function.
	;
	; Tip: When specifying the authentication_class_path, the token [MODULE_PATH]
	; will be expanded to the root directory of this module (i.e.: the location of
	; this file)
	;
	; If authentication is not required, both of these settings should be left
	; blank.
	;
	authentication_class = LDAPAuthenticationProvider
	authentication_class_path = [MODULE_PATH]/classes/LDAPAuthenticationProvider.class.php


	; LDAP authentication server connection details
	ldap_host = "host"
	ldap_port = 686
	ldap_base_dn = "dc=people,dc=project"
	cookie_key = "__ac__sc__"


	; Encryption method used to encrypt user passwords
	; Supported options are:
	; 1. SHA
	; 2. MD5
	auth_encryption_method = SHA


	; ***************************************************************************
	; PROFILE AUTHORIZATION SETTINGS
	; ***************************************************************************
	;
	; Responsibility for authorization is delegated to the class specified here.
	; The only requirement of the delegated class is that it implement the
	; Org_Apache_Oodt_Balance_Interfaces_IApplicationAuthorizationProvider
	; interface.
	;
	; The following settings define both the class name (authorization_class) and
	; the filesystem path to the class itself (authorization_class_path). Both
	; are required for authentication to function.
	;
	; Tip: When specifying the authorization_class_path, the token [MODULE_PATH]
	; will be expanded to the root directory of this module (i.e.: the location
	; of this file)
	;
	; If authorization is not required, both of these settings should be left
	; blank.
	;
	authorization_class = LDAPAuthorizationProvider
	authorization_class_path = [MODULE_PATH]/classes/LDAPAuthorizationProvider.class.php


	; LDAP authorization filter details
	authorization_ldap_filter = '&(objectClass=groupOfUniqueNames)'
	authorization_ldap_filter_userid = 'uniqueMember=uid'

	; LDAP authorization server connection details
	authorization_ldap_host = 'host'
	authorization_ldap_port = 686
	authorization_ldap_base_dn = 'dc=people,dc=project'
	authorization_ldap_group_dn = 'dc=group,dc=project'
	authorization_cookie_key = '__ac__sc__'

	; Page to redirect users to when authorization is required
	authorization_redirect_url = [MODULE_ROOT]/login



	; ***************************************************************************
	; PROFILE ATTRIBUTE SETTINGS
	; ***************************************************************************
	; User profiles consist of various attributes (name, telephone, email, etc.).
	; This section defines the attributes that the profile will expose.

	; Attribute Mapping
	; The profile module natively understands the following profile attributes,
	; which are widely applicable across projects. This section defines a mapping
	; between these profile attributes and your specific environment.
	;
	; commonname_attr: The common name of the user (usually first and last name)
	commonname_attr = cn
	; firstname_attr: The first (given) name of the user
	firstname_attr = givenname
	; lastname_attr: The last (surname) name of the user
	lastname_attr = sn
	; username_attr: The unique id/name of the user
	username_attr = uid
	; email_attr: The email address of the user
	email_attr = mail

	; Visible Attributes
	; The profile module will expose the profile attributes specified here.
	; These attributes will be displayed for the user to view.
	;
	; Specify the profile attributes to expose here:
	profile_attributes[] = givenname
	profile_attributes[] = sn
	profile_attributes[] = uid
	profile_attributes[] = mail

	; Attributes allowed to modify
	; The profile module will expose the profile attributes specified here.
	; These attributes will be displayed for the user to view and the user
	; will be allowed to change values in the ldap directory.
	;
	; Specify the profile attributes to modify here:
	profile_modify_attributes[] = givenname
	profile_modify_attributes[] = sn
	profile_modify_attributes[] = mail

	; When displaying the attributes specified above, a human readable label can
	; be defined. This will help users better understand which values they are
	; seeing and/or modifying.
	;
	; Specify an attribute-to-label mapping for each of the above attributes here:
	attr_titles[ 'First name' ] = givenname
	attr_titles[ 'Last name' ] = sn
	attr_titles[ 'Username' ] = uid
	attr_titles[ 'Email' ] = mail


	; ***************************************************************************
	; PASSWORD VALIDATION SETTINGS
	; ***************************************************************************
	; In the event that there are requirements that define a valid password, they
	; can be specified here as an array of 'tests'. These tests will be invoked
	; whenever the user attempts to set / change his or her password.
	;
	; The general format of these rules is a regular expression followed by a
	; pipe (\|) followed by the human-readable exception to display when a password
	; fails to validate.
	;
	; EXAMPLES:
	; - To require passwords with length of 5 or greater:
	; security_password_rules[] = "/.{5,}/\|Password must have a length of 5 or greater"
	; - To enfoce the presence of at least one uppercase letter
	; security_password_rules[] = "/[A-Z]+/\|Password must contain at least one uppercase letter"
	;
	; The security rules will be enforced in series, and processing will halt
	; after the first failure.
	;
	security_password_rules[] =