Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
ai3
accountserver
Commits
02df3660
Commit
02df3660
authored
May 05, 2019
by
ale
Browse files
Document more configuration options
parent
90d575cb
Changes
1
Hide whitespace changes
Inline
Side-by-side
README.md
View file @
02df3660
...
...
@@ -105,6 +105,18 @@ The configuration is stored in a YAML file, by default
*
`groups`
: list of allowed groups
*
`admin_group`
: a specific group that will be granted
*admin*
privileges
(the ability to read/write data about different users than oneself)
*
`http_server`
: specifies standard parameters for the HTTP server
*
`tls`
: server-side TLS configuration
*
`cert`
: path to the server certificate
*
`key`
: path to the server's private key
*
`ca`
: path to the CA used to validate clients
*
`acl`
: TLS-based access controls, a list of entries with the
following attributes:
*
`path`
is a regular expression to match the request URL path
*
`cn`
is a regular expression that must match the CommonName
part of the subject of the client certificate
*
`max_inflight_requests`
: maximum number of in-flight requests to
allow before server-side throttling kicks in
*
`user_meta_server`
: connection parameters for
the
[
user-meta-server
](
https://git.autistici.org/id/usermetadb
)
backend
used to store user audit logs
...
...
@@ -130,15 +142,16 @@ The configuration is stored in a YAML file, by default
*
`max_username_len`
: maximum username length (default 64)
*
`min_backend_uid`
: minimum auto-assigned UID (default 1000)
*
`max_backend_uid`
: maximum auto-assigned UID (default 0, disabled)
*
`http_server`
: specifies standard parameters for the HTTP server
*
`tls`
: server-side TLS configuration
*
`cert`
: path to the server certificate
*
`key`
: path to the server's private key
*
`ca`
: path to the CA used to validate clients
*
`acl`
: TLS-based access controls, a list of entries with the
following attributes:
*
`path`
is a regular expression to match the request URL path
*
`cn`
is a regular expression that must match the CommonName
part of the subject of the client certificate
*
`max_inflight_requests`
: maximum number of in-flight requests to
allow before server-side throttling kicks in
*
`ldap`
: configuration for the LDAP backend
*
`uri`
: LDAP URI to connect to
*
`bind_dn`
: LDAP bind DN
*
`bind_pw`
/
`bind_pw_file`
: LDAP bind password, or file to read
it from
*
`base_dn`
: base DN for all LDAP queries
*
`pwhash`
: password hashing parameters
*
`algo`
: password hashing algorithm, one of
*argon2*
or
*scrypt*
*
`params`
: parameters for the selected hashing algorithm, a map
whose values will depend on the chosen algorithm:
*argon2*
requires the
*time*
,
*mem*
and
*threads*
parameters (defaults
to 1/4/4);
*scrypt*
requires
*n*
,
*r*
and
*p*
(defaults
16384/8/1)
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment