# work. If false, only the primary email address will be used.
AlternateEmailAddresses: true
+ OpenIDConnect:
+ # Authenticate with an OpenID Connect provider.
+ Enable: false
+
+ # Issuer URL, e.g., "https://login.example.com".
+ #
+ # This must be exactly equal to the URL returned by the issuer
+ # itself in its config response ("isser" key). If the
+ # configured value is "https://example" and the provider
+ # returns "https://example:443" or "https://example/" then
+ # login will fail, even though those URLs are equivalent
+ # (RFC3986).
+ Issuer: ""
+
+ # Your client ID and client secret (supplied by the provider).
+ ClientID: ""
+ ClientSecret: ""
+
PAM:
# (Experimental) Use PAM to authenticate users.
Enable: false
# "ou=Users,dc=example,dc=com"
SearchBase: ""
- # Additional filters for username lookup. Special characters
- # in assertion values must be escaped (see RFC4515). Example:
- # "(objectClass=person)"
+ # Additional filters to apply when looking up users' LDAP
+ # entries. This can be used to restrict access to a subset of
+ # LDAP users, or to disambiguate users from other directory
+ # entries that have the SearchAttribute present.
+ #
+ # Special characters in assertion values must be escaped (see
+ # RFC4515).
+ #
+ # Example: "(objectClass=person)"
SearchFilters: ""
# LDAP attribute to use as the user's email address.
# work. If false, only the primary email address will be used.
AlternateEmailAddresses: true
+ OpenIDConnect:
+ # Authenticate with an OpenID Connect provider.
+ Enable: false
+
+ # Issuer URL, e.g., "https://login.example.com".
+ #
+ # This must be exactly equal to the URL returned by the issuer
+ # itself in its config response ("isser" key). If the
+ # configured value is "https://example" and the provider
+ # returns "https://example:443" or "https://example/" then
+ # login will fail, even though those URLs are equivalent
+ # (RFC3986).
+ Issuer: ""
+
+ # Your client ID and client secret (supplied by the provider).
+ ClientID: ""
+ ClientSecret: ""
+
PAM:
# (Experimental) Use PAM to authenticate users.
Enable: false
# "ou=Users,dc=example,dc=com"
SearchBase: ""
- # Additional filters for username lookup. Special characters
- # in assertion values must be escaped (see RFC4515). Example:
- # "(objectClass=person)"
+ # Additional filters to apply when looking up users' LDAP
+ # entries. This can be used to restrict access to a subset of
+ # LDAP users, or to disambiguate users from other directory
+ # entries that have the SearchAttribute present.
+ #
+ # Special characters in assertion values must be escaped (see
+ # RFC4515).
+ #
+ # Example: "(objectClass=person)"
SearchFilters: ""
# LDAP attribute to use as the user's email address.