diff options
Diffstat (limited to 'config.ini')
| -rw-r--r-- | config.ini | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/config.ini b/config.ini new file mode 100644 index 0000000..c8d841b --- /dev/null +++ b/config.ini @@ -0,0 +1,59 @@ +[ldap] + +# LDAP URI (RFC 2255), of the form "SCHEME://[HOST[:PORT]]". +# Default: ldapi:// +uri = ldaps://ldap.fripost.org + +# ALGO=FINGERPRINT pinning for ldaps:// URIs, where ALGO is the digest +# algorithm name (such as "sha256") and FINGERPRINT is the Base64 +# encoded Subject Public Key Information (SPKI) fingerprint, which can +# be obtained (for SHA-256) by dumping the leaf X.509 certificate to +# +# openssl x509 -noout -pubkey +# | openssl pkey -pubin -outform DER +# | openssl dgst -sha256 -binary | base64 +# +ssl-fingerprint = sha256=5G5kcfM2TwIYPin0PsnqIQaMnBo8DcB+9Ie8LtVlmOs= + +# Distinguished Name suffix for the account entries +suffix = ou=virtual,dc=fripost-test,dc=org + +# Map a session ID (%s) to its authentication identity +session-authcID = %s/sessions + +# Map a session ID (%s) to its authentication Distinguished Name. On +# the slapd side, the "authz-regex" must map "session-authcid" to +# "session-authcDN". +session-authcDN = cn=%s,ou=sessions,dc=fripost-test,dc=org + + +[www] + +# Default domain for the login form. +default-domain = fripost.org + +# Base64-encoding of the key used to sign (HMAC-SHA256) CSRF tokens. +# Must be unique and kept secret. A suitable key can be generated with +# +# head -c32 /dev/urandom | base64 +# +# If left empty (the default), then a random key is generated when the +# program starts, and lost when it exits. +#hmac-key = <<FIXME>> + +# Directory where to find HTML templates. (Default: "./templates/html".) +#templates-directory = /path/to/html/templates + +# HTTP session cookie attributes +cookie-domain = +cookie-path = / +cookie-httponly = true +cookie-secure = false + +# Cache directory (created with mode 0700 minus umask) for +# CHI::Driver::FastMmap +cache-directory = /tmp/fripost-panel.d + +# Amount of time after which the session expires, unless it is used +# meanwhile. (Default: 3600.) +cache-expires = 900 |