forked from ramondeklein/minio-ldap-test
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdex.yaml
68 lines (56 loc) · 1.39 KB
/
dex.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
issuer: http://openid:5556/dex
storage:
type: sqlite3
config:
file: /var/dex/dex.db
web:
http: 0.0.0.0:5556
expiry:
deviceRequests: 5m
signingKeys: 5h
idTokens: 24h
authRequests: 24h
logger:
level: debug
format: text
oauth2:
responseTypes: ["code"]
skipApprovalScreen: false
alwaysShowLoginScreen: false
enablePasswordDB: true
connectors:
- type: ldap
name: OpenLDAP
id: ldap
config:
host: openldap:389
insecureNoSSL: true
bindDN: cn=admin,dc=example,dc=org
bindPW: admin123
usernamePrompt: Email Address
userSearch:
baseDN: ou=users,dc=example,dc=org
filter: "(objectClass=inetOrgPerson)"
username: mail
# "DN" (case sensitive) is a special attribute name. It indicates that
# this value should be taken from the entity's DN not an attribute on
# the entity.
idAttr: DN
emailAttr: mail
nameAttr: cn
groupSearch:
baseDN: ou=groups,dc=example,dc=org
filter: "(objectClass=groupOfNames)"
userMatchers:
# A user is a member of a group when their DN matches
# the value of a "member" attribute on the group entity.
- userAttr: DN
groupAttr: member
# The group name should be the "cn" value.
nameAttr: cn
staticClients:
- id: minio
redirectURIs:
- 'http://localhost:9001/oauth_callback'
name: 'MinIO'
secret: oidc-client-secret