add ldap sample to config

2023-06-28 15:41:45 +08:00 · 2023-06-28 15:41:45 +08:00 · 50780e5709
parent 70a0934691
commit 50780e5709
1 changed files with 34 additions and 1 deletions
--- a/console.yml
+++ b/console.yml
@ -60,12 +60,45 @@ metrics:
 badger:
  value_log_max_entries: 1000000
  value_log_file_size: 104857600
+
 #security:
+#  enabled: true
+#  authc:
+#    realms:
+#      ldap:
+#        test: #setup guide: https://github.com/infinilabs/testing/blob/main/setup/gateway/cases/elasticsearch/elasticsearch-with-ldap.yml
+#          enabled: true
+#          host: "localhost"
+#          port: 3893
+#          bind_dn: "cn=serviceuser,ou=svcaccts,dc=glauth,dc=com"
+#          bind_password: "mysecret"
+#          base_dn: "dc=glauth,dc=com"
+#          user_filter: "(cn=%s)"
+#          group_attribute: "ou"
+#          bypass_api_key: true
+#          cache_ttl: "10s"
+#          role_mapping:
+#            group:
+#              superheros: [ "Administrator" ]
+##            uid:
+##              hackers: [ "Administrator" ]
+#        testing:
+#          enabled: true
+#          host: "ldap.forumsys.com"
+#          port: 389
+#          bind_dn: "cn=read-only-admin,dc=example,dc=com"
+#          bind_password: "password"
+#          base_dn: "dc=example,dc=com"
+#          user_filter: "(uid=%s)"
+#          cache_ttl: "10s"
+#          role_mapping:
+#            uid:
+#              tesla: [ "readonly","data" ]
 #  oauth:
 #    enabled: true
 #    client_id: "850d747174ace88ce889"
 #    client_secret: "3d437b64e06371d6f62769320438d3dfc95a8d8e"
-#    default_roles: ["ReadonlyUI","DATA"] #default for all sso users if no specify roles was defined
+##    default_roles: ["ReadonlyUI","DATA"] #default for all sso users if no specify roles was defined
 #    role_mapping:
 #      medcl: ["Administrator"]
 #    authorize_url: "https://github.com/login/oauth/authorize"