mail-server/tests/resources/ldap.cfg

#################
# LDAP test config

#################
# General configuration.
debug = true
watchconfig = true

#################
# Server configuration.
[ldap]
  enabled = true
  # run on a non privileged port
  listen = "0.0.0.0:3893"

[ldaps]
# to enable ldaps genrerate a certificate, eg. with:
# openssl req -x509 -newkey rsa:4096 -keyout example.key -out example.crt -days 365 -nodes -subj '/CN=`hostname`'
  enabled = false
  listen = "0.0.0.0:3894"
  cert = "example.crt"
  key = "example.key"

#################
# The backend section controls the data store.
[backend]
  datastore = "config"
  baseDN = "dc=example,dc=org"
  nameformat = "cn"
  groupformat = "ou"
  
[behaviors]
  # Ignore all capabilities restrictions, for instance allowing every user to perform a search
  IgnoreCapabilities = false
  # Enable a "fail2ban" type backoff mechanism temporarily banning repeated failed login attempts
  LimitFailedBinds = true
  # How many failed login attempts are allowed before a ban is imposed
  NumberOfFailedBinds = 3
  # How long (in seconds) is the window for failed login attempts
  PeriodOfFailedBinds = 10
  # How long (in seconds) is the ban duration
  BlockFailedBindsFor = 60
  # Clean learnt IP addresses every N seconds
  PruneSourceTableEvery = 600
  # Clean learnt IP addresses not seen in N seconds
  PruneSourcesOlderThan = 600

#################
# The users section contains a hardcoded list of valid users.
[[users]]
  name = "john"
  givenname = "john.doe@example.org"
  sn = "info@example.org"
  uidnumber = 2
  primarygroup = 5
  mail = "john@example.org"
  [[users.customattributes]]
    principalName = ["John Doe"]
    userPassword = ["12345"]

[[users]]
  name = "jane"
  sn = "info@example.org"
  mail = "jane@example.org"
  uidnumber = 3
  primarygroup = 5
  [[users.customattributes]]
    otherGroups = ["support"]
    principalName = ["Jane Doe"]
    userPassword = ["abcde"]

[[users]]
  name = "bill"
  sn = "info@example.org"
  mail = "bill@example.org"
  uidnumber = 4
  [[users.customattributes]]
    principalName = ["Bill Foobar"]
    diskQuota = [500000]
    userPassword = ["$2y$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe"]

[[users]]
  name = "robert"
  sn = "@catchall.org"
  mail = "robert@catchall.org"
  uidnumber = 7
  [[users.customattributes]]
    principalName = ["Robect Foobar"]
    userPassword = ["nopass"]

[[users]]
  name = "serviceuser"
  mail = "serviceuser@example.org"
  uidnumber = 5003
  primarygroup = 5502
  passsha256 = "652c7dc687d98c9889304ed2e408c74b611e86a40caa51c4b43f1dd5913c5cd0" # mysecret
    [[users.capabilities]]
    action = "search"
    object = "*"


#################
# The groups section contains a hardcoded list of valid users.
[[groups]]
  name = "sales"
  gidnumber = 5

[[groups]]
  name = "support"
  gidnumber = 6

[[groups]]
  name = "svcaccts"
  gidnumber = 5502


#################
# Enable and configure the optional REST API here.
[api]
  enabled = false
  internals = true # debug application performance
  tls = false # enable TLS for production!!
  listen = "0.0.0.0:5555"
  cert = "cert.pem"
  key = "key.pem"
Directory implementation - part 3 2023-06-02 01:08:48 +08:00			`#################`
			`# LDAP test config`

			`#################`
			`# General configuration.`
			`debug = true`
			`watchconfig = true`

			`#################`
			`# Server configuration.`
			`[ldap]`
			`enabled = true`
			`# run on a non privileged port`
			`listen = "0.0.0.0:3893"`

			`[ldaps]`
			`# to enable ldaps genrerate a certificate, eg. with:`
			# openssl req -x509 -newkey rsa:4096 -keyout example.key -out example.crt -days 365 -nodes -subj '/CN=`hostname`'
			`enabled = false`
			`listen = "0.0.0.0:3894"`
			`cert = "example.crt"`
			`key = "example.key"`

			`#################`
			`# The backend section controls the data store.`
			`[backend]`
			`datastore = "config"`
			`baseDN = "dc=example,dc=org"`
			`nameformat = "cn"`
			`groupformat = "ou"`

			`[behaviors]`
			`# Ignore all capabilities restrictions, for instance allowing every user to perform a search`
			`IgnoreCapabilities = false`
			`# Enable a "fail2ban" type backoff mechanism temporarily banning repeated failed login attempts`
			`LimitFailedBinds = true`
			`# How many failed login attempts are allowed before a ban is imposed`
			`NumberOfFailedBinds = 3`
			`# How long (in seconds) is the window for failed login attempts`
			`PeriodOfFailedBinds = 10`
			`# How long (in seconds) is the ban duration`
			`BlockFailedBindsFor = 60`
			`# Clean learnt IP addresses every N seconds`
			`PruneSourceTableEvery = 600`
			`# Clean learnt IP addresses not seen in N seconds`
			`PruneSourcesOlderThan = 600`

			`#################`
			`# The users section contains a hardcoded list of valid users.`
			`[[users]]`
			`name = "john"`
			`givenname = "john.doe@example.org"`
			`sn = "info@example.org"`
			`uidnumber = 2`
			`primarygroup = 5`
			`mail = "john@example.org"`
			`[[users.customattributes]]`
			`principalName = ["John Doe"]`
			`userPassword = ["12345"]`

			`[[users]]`
			`name = "jane"`
			`sn = "info@example.org"`
			`mail = "jane@example.org"`
			`uidnumber = 3`
			`primarygroup = 5`
			`[[users.customattributes]]`
			`otherGroups = ["support"]`
			`principalName = ["Jane Doe"]`
			`userPassword = ["abcde"]`

			`[[users]]`
			`name = "bill"`
			`sn = "info@example.org"`
			`mail = "bill@example.org"`
			`uidnumber = 4`
			`[[users.customattributes]]`
			`principalName = ["Bill Foobar"]`
			`diskQuota = [500000]`
			`userPassword = ["$2y$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe"]`

Subaddressing and catch-all addresses support. 2023-06-08 22:54:09 +08:00			`[[users]]`
			`name = "robert"`
			`sn = "@catchall.org"`
			`mail = "robert@catchall.org"`
			`uidnumber = 7`
			`[[users.customattributes]]`
			`principalName = ["Robect Foobar"]`
			`userPassword = ["nopass"]`

Directory implementation - part 3 2023-06-02 01:08:48 +08:00			`[[users]]`
			`name = "serviceuser"`
			`mail = "serviceuser@example.org"`
			`uidnumber = 5003`
			`primarygroup = 5502`
			`passsha256 = "652c7dc687d98c9889304ed2e408c74b611e86a40caa51c4b43f1dd5913c5cd0" # mysecret`
			`[[users.capabilities]]`
			`action = "search"`
			`object = "*"`


			`#################`
			`# The groups section contains a hardcoded list of valid users.`
			`[[groups]]`
			`name = "sales"`
			`gidnumber = 5`

			`[[groups]]`
			`name = "support"`
			`gidnumber = 6`

			`[[groups]]`
			`name = "svcaccts"`
			`gidnumber = 5502`


			`#################`
			`# Enable and configure the optional REST API here.`
			`[api]`
			`enabled = false`
			`internals = true # debug application performance`
			`tls = false # enable TLS for production!!`
			`listen = "0.0.0.0:5555"`
			`cert = "cert.pem"`
			`key = "key.pem"`