Skip to content

GitLab

A
accountserver
Commit 02df3660 authored by ale's avatar ale
Browse files
Options

Document more configuration options

parent 90d575cb
Pipeline #2840 passed with stages
        in 4 minutes and 1 second
        Hide whitespace changes
        Inline Side-by-side
        Showing with 25 additions and 12 deletions
        README.md
        View file @ 02df3660
        ......@@ -105,6 +105,18 @@ The configuration is stored in a YAML file, by default
        * `groups`: list of allowed groups
        * `admin_group`: a specific group that will be granted *admin* privileges
        (the ability to read/write data about different users than oneself)
        * `http_server`: specifies standard parameters for the HTTP server
        * `tls`: server-side TLS configuration
        * `cert`: path to the server certificate
        * `key`: path to the server's private key
        * `ca`: path to the CA used to validate clients
        * `acl`: TLS-based access controls, a list of entries with the
        following attributes:
        * `path` is a regular expression to match the request URL path
        * `cn` is a regular expression that must match the CommonName
        part of the subject of the client certificate
        * `max_inflight_requests`: maximum number of in-flight requests to
        allow before server-side throttling kicks in
        * `user_meta_server`: connection parameters for
        the [user-meta-server](https://git.autistici.org/id/usermetadb) backend
        used to store user audit logs
        ......@@ -130,15 +142,16 @@ The configuration is stored in a YAML file, by default
        * `max_username_len`: maximum username length (default 64)
        * `min_backend_uid`: minimum auto-assigned UID (default 1000)
        * `max_backend_uid`: maximum auto-assigned UID (default 0, disabled)
        * `http_server`: specifies standard parameters for the HTTP server
        * `tls`: server-side TLS configuration
        * `cert`: path to the server certificate
        * `key`: path to the server's private key
        * `ca`: path to the CA used to validate clients
        * `acl`: TLS-based access controls, a list of entries with the
        following attributes:
        * `path` is a regular expression to match the request URL path
        * `cn` is a regular expression that must match the CommonName
        part of the subject of the client certificate
        * `max_inflight_requests`: maximum number of in-flight requests to
        allow before server-side throttling kicks in
        * `ldap`: configuration for the LDAP backend
        * `uri`: LDAP URI to connect to
        * `bind_dn`: LDAP bind DN
        * `bind_pw` / `bind_pw_file`: LDAP bind password, or file to read
        it from
        * `base_dn`: base DN for all LDAP queries
        * `pwhash`: password hashing parameters
        * `algo`: password hashing algorithm, one of *argon2* or *scrypt*
        * `params`: parameters for the selected hashing algorithm, a map
        whose values will depend on the chosen algorithm: *argon2*
        requires the *time*, *mem* and *threads* parameters (defaults
        to 1/4/4); *scrypt* requires *n*, *r* and *p* (defaults
        16384/8/1)
        Markdown is supported
        0% or
        You are about to add 0 people to the discussion. Proceed with caution.
        Finish editing this message first!
        Please register or to comment