[ldap]

# LDAP URI (RFC 2255), of the form "SCHEME://[HOST[:PORT]]".
# Default: ldapi://
uri = ldaps://ldap.fripost.org

# ALGO=FINGERPRINT pinning for ldaps:// URIs, where ALGO is the digest
# algorithm name (such as "sha256") and FINGERPRINT is the Base64
# encoded Subject Public Key Information (SPKI) fingerprint, which can
# be obtained (for SHA-256) by dumping the leaf X.509 certificate to
#
#     openssl x509 -noout -pubkey
#     | openssl pkey -pubin -outform DER
#     | openssl dgst -sha256 -binary | base64
#
ssl-fingerprint = sha256=5G5kcfM2TwIYPin0PsnqIQaMnBo8DcB+9Ie8LtVlmOs=

# Distinguished Name suffix for the account entries
suffix = ou=virtual,dc=fripost-test,dc=org

# Map a session ID (%s) to its authentication identity
session-authcID = %s/sessions

# Map a session ID (%s) to its authentication Distinguished Name.  On
# the slapd side, the "authz-regex" must map "session-authcid" to
# "session-authcDN".
session-authcDN = cn=%s,ou=sessions,dc=fripost-test,dc=org


[www]

# Default domain for the login form.
default-domain = fripost.org

# Base64-encoding of the key used to sign (HMAC-SHA256) CSRF tokens.
# Must be unique and kept secret.  A suitable key can be generated with
#
#     head -c32 /dev/urandom | base64
#
# If left empty (the default), then a random key is generated when the
# program starts, and lost when it exits.
#hmac-key = <<FIXME>>

# Directory where to find HTML templates.  (Default: "./templates/html".)
#templates-directory = /path/to/html/templates

# HTTP session cookie attributes
cookie-domain =
cookie-path = /
cookie-httponly = true
cookie-secure = false

# Cache directory (created with mode 0700 minus umask) for
# CHI::Driver::FastMmap
cache-directory = /tmp/fripost-panel.d

# Amount of time after which the session expires, unless it is used
# meanwhile.  (Default: 3600.)
cache-expires = 900