98 lines
3.6 KiB
Plaintext
98 lines
3.6 KiB
Plaintext
#
|
|
## openldap environment variables
|
|
# version 3.2
|
|
#
|
|
|
|
### Usage
|
|
#
|
|
# ***VERY IMPORTANT! DO NOT PUT QUOTES AROUND VALUES IN THIS FILE!!!***
|
|
# incorrect: ORG_NAME="MyOrganization"
|
|
# correct: ORG_NAME=MyOrganization
|
|
#
|
|
# Instead of typing a myriad of "-e ...", you can fill them all out in this
|
|
# file and then use "--env-file ab-openldap.params" to tell docker to source
|
|
# its variables from here. You can also combine both methods if you like.
|
|
# Most important, if you're using the convenience script, it draws all info from
|
|
# this file!
|
|
#
|
|
# You should probably protect this file via file permissions since it likely
|
|
# will contain things like passwords! Suggest restricting it to root only
|
|
# ex: chown root:root ab-openldap.parms && chmod 600 ab-openldap.parms
|
|
#
|
|
# N.B. If you change the convenience script name, you must also change this
|
|
# file's name to match.
|
|
# ex: script name is 'runldap.sh' --> this file must be 'runldap.params'
|
|
#
|
|
###
|
|
|
|
### Your timezone (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)
|
|
TZ=Area/Location
|
|
|
|
### First user account (will be added to Organization DIT 'manager' role)
|
|
USER=admin
|
|
USER_PASS=admin
|
|
USER_FIRSTNAME=admin
|
|
USER_LASTNAME=admin
|
|
|
|
### Your Organization domain and name
|
|
# domain in standard (dotted) format -- not LDAP format
|
|
DOMAIN=mydomain.net
|
|
# Org name: suggest using [A-Z][a-z][0-9][-_] ONLY. Avoid spaces.
|
|
ORG_NAME=MyOrganization
|
|
|
|
### Your 'directory browser' user
|
|
BROWSER_USER=ldapbind
|
|
BROWSER_PASS=ldapbind
|
|
|
|
### Anonymous binding (enabled by default)
|
|
ANONYMOUS_BINDING=yes
|
|
|
|
### Location of your TLS files
|
|
# Note: This section is only automated if using the script file to start the
|
|
# container. If you are starting it manually and using '--env-file', you still
|
|
# have to manually bind-mount these files using '-v source:/certs/dest.file:ro'.
|
|
#
|
|
# If you're bind-mounting symlinks, remember that you have to fully expand them
|
|
# or Docker will try to bind the link instead of the target! This is most
|
|
# common with Let's Encrypt.
|
|
#
|
|
# Example that does not work (binding directory instead of files):
|
|
# /etc/letsencrypt/live/mydomain.net:/certs:ro
|
|
# This will end up copying the symlinks themselves and, since the targets are
|
|
# not available to the container, it doesn't work!
|
|
# Example of the right way (bind actual files):
|
|
# /etc/letsencrypt/live/mydomain.net/privkey.pem:/certs/privkey.pem:ro
|
|
###
|
|
#TLS_CERT=/etc/letsencrypt/live/mydomain.net/fullchain.pem
|
|
#TLS_KEY=/etc/letsencrypt/live/mydomain.net/privkey.pem
|
|
#TLS_CHAIN=/etc/letsencrypt/live/mydomain.net/chain.pem
|
|
|
|
# The container will generate Diffie-Hellman parameters automatically the first
|
|
# time it's launched with TLS certificates defined.
|
|
|
|
### Custom LDIFs
|
|
# Path to any custom LDIFs you want applied to the container. Leave this line/
|
|
# variable commented-out if you don't have any LDIFs to apply.
|
|
# MY_LDIF=/path/to/my/LDIFs
|
|
|
|
### Enable checking passwords against IMAP/S server
|
|
#
|
|
# Setting the DOMAILAUTH variable to '1' tells openLDAP to verify SASL passwords
|
|
# in the directory against an IMAP/S remote host. In other words, any user with
|
|
# a password '{SASL}user@server.tld' will have their password checked by the
|
|
# IMAP/S server using the provided email address and a 'NO/OK' reponse is fed
|
|
# back to openLDAP. Please note, the remote mailserver *must* support IMAP/S
|
|
# (i.e. secured IMAP).
|
|
#
|
|
# Specify the remote mailserver hostname using the MAILSERVER variable.
|
|
#
|
|
# If the remote mailserver implements IMAP/S (secure IMAP) on a non-standard
|
|
# port (not port 993) then supply that using the MAILAUTHPORT variable.
|
|
#
|
|
# More details can be found in the wiki.
|
|
###
|
|
#DOMAILAUTH=0
|
|
#MAILSERVER=mail.myserver.tld
|
|
#MAILAUTHPORT=imaps
|
|
|
|
#EOF |