Document more configuration options

02df3660 · ale · 90d575cb · 02df3660
Commit 02df3660 authored May 05, 2019 by ale
--- a/README.md
+++ b/README.md
@@ -105,6 +105,18 @@ The configuration is stored in a YAML file, by default
  * `groups`: list of allowed groups
  * `admin_group`: a specific group that will be granted *admin* privileges
    (the ability to read/write data about different users than oneself)
+* `http_server`: specifies standard parameters for the HTTP server
+  * `tls`: server-side TLS configuration
+    * `cert`: path to the server certificate
+    * `key`: path to the server's private key
+    * `ca`: path to the CA used to validate clients
+    * `acl`: TLS-based access controls, a list of entries with the
+      following attributes:
+      * `path` is a regular expression to match the request URL path
+      * `cn` is a regular expression that must match the CommonName
+        part of the subject of the client certificate
+  * `max_inflight_requests`: maximum number of in-flight requests to
+    allow before server-side throttling kicks in
 * `user_meta_server`: connection parameters for
  the [user-meta-server](https://git.autistici.org/id/usermetadb) backend
  used to store user audit logs
@@ -130,15 +142,16 @@ The configuration is stored in a YAML file, by default
 * `max_username_len`: maximum username length (default 64)
 * `min_backend_uid`: minimum auto-assigned UID (default 1000)
 * `max_backend_uid`: maximum auto-assigned UID (default 0, disabled)
-* `http_server`: specifies standard parameters for the HTTP server
-  * `tls`: server-side TLS configuration
-    * `cert`: path to the server certificate
-    * `key`: path to the server's private key
-    * `ca`: path to the CA used to validate clients
-    * `acl`: TLS-based access controls, a list of entries with the
-      following attributes:
-      * `path` is a regular expression to match the request URL path
-      * `cn` is a regular expression that must match the CommonName
-        part of the subject of the client certificate
-  * `max_inflight_requests`: maximum number of in-flight requests to
-    allow before server-side throttling kicks in
+* `ldap`: configuration for the LDAP backend
+  * `uri`: LDAP URI to connect to
+  * `bind_dn`: LDAP bind DN
+  * `bind_pw` / `bind_pw_file`: LDAP bind password, or file to read
+    it from
+  * `base_dn`: base DN for all LDAP queries
+* `pwhash`: password hashing parameters
+  * `algo`: password hashing algorithm, one of *argon2* or *scrypt*
+  * `params`: parameters for the selected hashing algorithm, a map
+    whose values will depend on the chosen algorithm: *argon2*
+    requires the *time*, *mem* and *threads* parameters (defaults
+    to 1/4/4); *scrypt* requires *n*, *r* and *p* (defaults
+    16384/8/1)