add ldap
This commit is contained in:
parent
4275535838
commit
a6ce73bb5b
99
.env.sample
99
.env.sample
@ -2,6 +2,8 @@ TYPE=wekan
|
||||
LETS_ENCRYPT_ENV=production
|
||||
SECRET_OAUTH2_SECRET_VERSION=v1
|
||||
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
||||
MONGO_URL=mongodb://db:27017/wekan
|
||||
|
||||
DOMAIN=board.example.com
|
||||
@ -9,23 +11,88 @@ ROOT_URL=https://board.example.com
|
||||
|
||||
DEBUG=false
|
||||
|
||||
OAUTH2_ENABLED=true
|
||||
OAUTH2_LOGIN_STYLE=redirect
|
||||
OAUTH2_CLIENT_ID=wekan
|
||||
OAUTH2_SERVER_URL=https://sso.example.com
|
||||
OAUTH2_AUTH_ENDPOINT=/application/o/authorize/
|
||||
OAUTH2_USERINFO_ENDPOINT=/application/o/userinfo/
|
||||
OAUTH2_TOKEN_ENDPOINT=/application/o/token/
|
||||
OAUTH2_REQUEST_PERMISSIONS="openid profile email wekan"
|
||||
OAUTH2_ID_MAP=preferred_username
|
||||
OAUTH2_USERNAME_MAP=preferred_username
|
||||
OAUTH2_FULLNAME_MAP=given_name
|
||||
OAUTH2_EMAIL_MAP=email
|
||||
|
||||
PASSWORD_LOGIN_ENABLED=false
|
||||
|
||||
MAIL_URL=smtp://smtp:25/?ignoreTLS=true&tls={rejectUnauthorized:false}
|
||||
MAIL_FROM="[WeKan] Wekan Notifications <noreply@example.org>"
|
||||
|
||||
WITH_API=true
|
||||
RICHER_CARD_COMMENT_EDITOR=false
|
||||
RICHER_CARD_COMMENT_EDITOR=false
|
||||
|
||||
# CORS=*
|
||||
# CORS_ALLOW_HEADERS=Authorization,Content-Type
|
||||
# CORS_EXPOSE_HEADERS=*
|
||||
|
||||
# PASSWORD_LOGIN_ENABLED=false
|
||||
|
||||
### OAUTH2 ###
|
||||
|
||||
OAUTH2_ENABLED=false
|
||||
# OAUTH2_LOGIN_STYLE=redirect
|
||||
# OAUTH2_CLIENT_ID=wekan
|
||||
# OAUTH2_SERVER_URL=https://sso.example.com
|
||||
# OAUTH2_AUTH_ENDPOINT=/application/o/authorize/
|
||||
# OAUTH2_USERINFO_ENDPOINT=/application/o/userinfo/
|
||||
# OAUTH2_TOKEN_ENDPOINT=/application/o/token/
|
||||
# OAUTH2_REQUEST_PERMISSIONS="openid profile email wekan"
|
||||
# OAUTH2_ID_MAP=preferred_username
|
||||
# OAUTH2_USERNAME_MAP=preferred_username
|
||||
# OAUTH2_FULLNAME_MAP=given_name
|
||||
# OAUTH2_EMAIL_MAP=email
|
||||
# PROPAGATE_OIDC_DATA=true
|
||||
|
||||
|
||||
### LDAP ###
|
||||
|
||||
|
||||
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.ldap.yml"
|
||||
# DEFAULT_AUTHENTICATION_METHOD=ldap
|
||||
# LDAP_ENABLE=true
|
||||
# LDAP_PORT=389
|
||||
# LDAP_HOST=ldap.example.org
|
||||
# LDAP_AD_SIMPLE_AUTH=false
|
||||
# LDAP_USER_AUTHENTICATION=true
|
||||
# LDAP_USER_AUTHENTICATION_FIELD=cn
|
||||
# LDAP_DEFAULT_DOMAIN=mydomain.com
|
||||
# LDAP_BASEDN=dc=ldap,dc=goauthentik,dc=io
|
||||
# LDAP_LOGIN_FALLBACK=false
|
||||
# LDAP_RECONNECT=true
|
||||
# LDAP_TIMEOUT=10000
|
||||
# LDAP_IDLE_TIMEOUT=10000
|
||||
# LDAP_CONNECT_TIMEOUT=10000
|
||||
# LDAP_AUTHENTIFICATION=true
|
||||
# LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=ldap,dc=goauthentik,dc=io"
|
||||
# LDAP_AUTHENTIFICATION_PASSWORD=secret
|
||||
# LDAP_LOG_ENABLED=true
|
||||
# LDAP_BACKGROUND_SYNC=true
|
||||
# LDAP_BACKGROUND_SYNC_INTERVAL='every 1 hour'
|
||||
# LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true
|
||||
# LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true
|
||||
# LDAP_ENCRYPTION=false
|
||||
# LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+G2FIdAgIC...-----END CERTIFICATE-----
|
||||
# LDAP_REJECT_UNAUTHORIZED=false
|
||||
# LDAP_USER_SEARCH_FILTER=
|
||||
# LDAP_USER_SEARCH_SCOPE=ou=users,dc=ldap,dc=goauthentik,dc=io
|
||||
# LDAP_USER_SEARCH_FIELD=cn
|
||||
# LDAP_SEARCH_PAGE_SIZE=0
|
||||
# LDAP_SEARCH_SIZE_LIMIT=0
|
||||
# Enable group filtering. Note the authenticated ldap user must be able to query all relevant group data with own login data from ldap.
|
||||
# LDAP_GROUP_FILTER_ENABLE=true
|
||||
# LDAP_GROUP_FILTER_OBJECTCLASS=group
|
||||
# LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=cn
|
||||
# LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=member
|
||||
# LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=dn
|
||||
# LDAP_GROUP_FILTER_GROUP_NAME=
|
||||
# LDAP_UNIQUE_IDENTIFIER_FIELD=guid
|
||||
# LDAP_UTF8_NAMES_SLUGIFY=true
|
||||
# LDAP_USERNAME_FIELD=cn
|
||||
# LDAP_FULLNAME_FIELD=name
|
||||
# LDAP_MERGE_EXISTING_USERS=true
|
||||
# LDAP_EMAIL_MATCH_ENABLE=true
|
||||
# LDAP_EMAIL_MATCH_REQUIRE=true
|
||||
# LDAP_EMAIL_MATCH_VERIFIED=true
|
||||
# LDAP_EMAIL_FIELD=mail
|
||||
# LDAP_SYNC_USER_DATA=true
|
||||
# LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"}
|
||||
# LDAP_SYNC_GROUP_ROLES=
|
||||
# LDAP_SYNC_ADMIN_STATUS=true
|
||||
# LDAP_SYNC_ADMIN_GROUPS=admin
|
||||
|
||||
54
compose.ldap.yml
Normal file
54
compose.ldap.yml
Normal file
@ -0,0 +1,54 @@
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- LDAP_ENABLE
|
||||
- LDAP_PORT
|
||||
- LDAP_HOST
|
||||
- LDAP_AD_SIMPLE_AUTH
|
||||
- LDAP_USER_AUTHENTICATION
|
||||
- LDAP_USER_AUTHENTICATION_FIELD
|
||||
- LDAP_DEFAULT_DOMAIN
|
||||
- LDAP_BASEDN
|
||||
- LDAP_LOGIN_FALLBACK
|
||||
- LDAP_RECONNECT
|
||||
- LDAP_TIMEOUT
|
||||
- LDAP_IDLE_TIMEOUT
|
||||
- LDAP_CONNECT_TIMEOUT
|
||||
- LDAP_AUTHENTIFICATION
|
||||
- LDAP_AUTHENTIFICATION_USERDN
|
||||
- LDAP_AUTHENTIFICATION_PASSWORD
|
||||
- LDAP_LOG_ENABLED
|
||||
- LDAP_BACKGROUND_SYNC
|
||||
- LDAP_BACKGROUND_SYNC_INTERVAL
|
||||
- LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED
|
||||
- LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS
|
||||
- LDAP_ENCRYPTION
|
||||
- LDAP_CA_CERT
|
||||
- LDAP_REJECT_UNAUTHORIZED
|
||||
- LDAP_USER_SEARCH_FILTER
|
||||
- LDAP_USER_SEARCH_SCOPE
|
||||
- LDAP_USER_SEARCH_FIELD
|
||||
- LDAP_SEARCH_PAGE_SIZE
|
||||
- LDAP_SEARCH_SIZE_LIMIT
|
||||
- LDAP_GROUP_FILTER_ENABLE
|
||||
- LDAP_GROUP_FILTER_OBJECTCLASS
|
||||
- LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE
|
||||
- LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE
|
||||
- LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT
|
||||
- LDAP_GROUP_FILTER_GROUP_NAME
|
||||
- LDAP_UNIQUE_IDENTIFIER_FIELD
|
||||
- LDAP_UTF8_NAMES_SLUGIFY
|
||||
- LDAP_USERNAME_FIELD
|
||||
- LDAP_FULLNAME_FIELD
|
||||
- LDAP_MERGE_EXISTING_USERS
|
||||
- LDAP_EMAIL_MATCH_ENABLE
|
||||
- LDAP_EMAIL_MATCH_REQUIRE
|
||||
- LDAP_EMAIL_MATCH_VERIFIED
|
||||
- LDAP_EMAIL_FIELD
|
||||
- LDAP_SYNC_USER_DATA
|
||||
- LDAP_SYNC_USER_DATA_FIELDMAP
|
||||
- LDAP_SYNC_GROUP_ROLES
|
||||
- LDAP_SYNC_ADMIN_STATUS
|
||||
- LDAP_SYNC_ADMIN_GROUPS
|
||||
19
compose.yml
19
compose.yml
@ -21,12 +21,20 @@ services:
|
||||
backupbot.backup.path: "/tmp/backup/"
|
||||
|
||||
app:
|
||||
image: quay.io/wekan/wekan:v6.05
|
||||
image: quay.io/wekan/wekan:v6.09
|
||||
environment:
|
||||
- MONGO_URL
|
||||
- DOMAIN
|
||||
- ROOT_URL
|
||||
- DEBUG
|
||||
- MAIL_URL
|
||||
- MAIL_FROM
|
||||
- WITH_API
|
||||
- RICHER_CARD_COMMENT_EDITOR
|
||||
- CORS
|
||||
- CORS_ALLOW_HEADERS
|
||||
- CORS_EXPOSE_HEADERS
|
||||
- PASSWORD_LOGIN_ENABLED
|
||||
- OAUTH2_ENABLED
|
||||
- OAUTH2_LOGIN_STYLE
|
||||
- OAUTH2_CLIENT_ID
|
||||
@ -40,11 +48,8 @@ services:
|
||||
- OAUTH2_USERNAME_MAP
|
||||
- OAUTH2_FULLNAME_MAP
|
||||
- OAUTH2_EMAIL_MAP
|
||||
- PASSWORD_LOGIN_ENABLED
|
||||
- MAIL_URL
|
||||
- MAIL_FROM
|
||||
- WITH_API
|
||||
- RICHER_CARD_COMMENT_EDITOR
|
||||
- DEFAULT_AUTHENTICATION_METHOD
|
||||
- PROPAGATE_OIDC_DATA
|
||||
networks:
|
||||
- internal
|
||||
- proxy
|
||||
@ -77,7 +82,7 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.2.0+v6.05"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.2.0+v6.07"
|
||||
|
||||
volumes:
|
||||
wekan-db:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user