2021-10-24 12:14:35 +02:00
###############################################################
# Authelia configuration #
###############################################################
# This is just the LDAP part of the Authelia configuration!
authentication_backend :
2021-11-25 10:13:21 +01:00
# Password reset through authelia works normally.
2022-07-01 08:10:11 +02:00
password_reset :
disable : false
2021-10-24 12:14:35 +02:00
# How often authelia should check if there is an user update in LDAP
2021-11-25 10:13:21 +01:00
refresh_interval : 1m
2021-10-24 12:14:35 +02:00
ldap :
implementation : custom
# Pattern is ldap://HOSTNAME-OR-IP:PORT
# Normal ldap port is 389, standard in LLDAP is 3890
url : ldap://lldap:3890
# The dial timeout for LDAP.
timeout : 5s
# Use StartTLS with the LDAP connection, TLS not supported right now
start_tls : false
#tls:
# skip_verify: false
# minimum_version: TLS1.2
# Set base dn, like dc=google,dc.com
base_dn : dc=example,dc=com
username_attribute : uid
# You need to set this to ou=people, because all users are stored in this ou!
additional_users_dn : ou=people
# To allow sign in both with username and email, one can use a filter like
# (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
2022-10-19 14:12:55 +02:00
users_filter : "(&({username_attribute}={input})(objectClass=person))"
2021-10-24 12:14:35 +02:00
# Set this to ou=groups, because all groups are stored in this ou
additional_groups_dn : ou=groups
2024-01-13 22:51:46 +01:00
# The groups are not displayed in the UI, but this filter works.
2022-10-19 14:12:55 +02:00
groups_filter : "(member={dn})"
2021-10-24 12:14:35 +02:00
# The attribute holding the name of the group.
group_name_attribute : cn
# Email attribute
mail_attribute : mail
# The attribute holding the display name of the user. This will be used to greet an authenticated user.
display_name_attribute : displayName
2024-03-14 20:42:03 +01:00
# The username and password of the bind user.
# "bind_user" should be the username you created for authentication with the "lldap_strict_readonly" permission. It is not recommended to use an actual admin account here.
# If you are configuring Authelia to change user passwords, then the account used here needs the "lldap_password_manager" permission instead.
user : uid=bind_user,ou=people,dc=example,dc=com
2021-10-24 12:14:35 +02:00
# Password can also be set using a secret: https://www.authelia.com/docs/configuration/secrets.html
2021-10-24 12:31:01 +02:00
password : 'REPLACE_ME'