--- server.address: "0.0.0.0:9091" log: level: debug identity_validation: reset_password: jwt_secret: c50498e29383564cd50bdeda9b74a3bf totp: issuer: totp.mgrote.net access_control: default_policy: deny rules: - domain: wiki.mgrote.net policy: one_factor subject: - 'group:CN=authelia_wiki' session: name: authelia_session secret: unsecure_session_secret expiration: 3600 # 1 hour inactivity: 300 # 5 minutes domain: mgrote.net # Should match whatever your root protected domain is redis: host: authelia-redis port: 6379 regulation: max_retries: 3 find_time: 120 ban_time: 300 storage: encryption_key: f30ebde68b2c85c1b3fe2d16d9884190 # verschlüsseln local: path: /data/db.sqlite3 # db auf mariadb ändern notifier: smtp: address: postfix:25 sender: no-reply-authelia@mgrote.net disable_require_tls: true # ldap # https://github.com/lldap/lldap/blob/main/example_configs/authelia_config.yml authentication_backend: password_reset: disable: false refresh_interval: 1m ldap: implementation: custom address: ldap://ldap.mgrote.net:3890 timeout: 5s start_tls: false base_dn: dc=mgrote,dc=net additional_users_dn: ou=people users_filter: "(&({username_attribute}={input})(objectClass=person))" additional_groups_dn: ou=groups groups_filter: "(member={dn})" attributes: display_name: displayName username: uid group_name: cn mail: mail # The username and password of the bind user. # "bind_user" should be the username you created for authentication with the "lldap_strict_readonly" permission. It is not recommended to use an actual admin account here. # If you are configuring Authelia to change user passwords, then the account used here needs the "lldap_password_manager" permission instead. user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net password: '{{ lookup('viczem.keepass.keepass', 'lldap_authelia_bind_user', 'password') }}'