LDAP server address. LDAP_SERVER=localhost
LDAP server port. LDAP_PORT=389
LDAP user query format. LDAP_USER_DN_FORMAT=uid={cn},ou=people,{LDAP_ROOT_DN}
There are a few configuration settings that can be set using environment variables for the reporter container. Your LDAP or AD export should understand them
environment name | description | default value |
---|---|---|
LDAP_SERVER | host name LDAP server | |
LDAP_SERVER_PORT | port of the LDAP server | 389 |
LDAP_BIND | name to use when binding to the LDAP server on query page | cn=admin,dc=example,dc=org |
LDAP_BIND_PASSWORD | password to use when binding to the LDAP server on query page | admin |
LDAP_ROOT_DN | root name | dc=example,dc=org |
LDAP_USER_DN_FORMAT | Python format string to get a user | cn={cn},{LDAP_ROOT_DN} |
LDAP_USER_EMAIL_FORMAT | Python format string to make an email address if no mail attribute | {uid}@ldap.com |
LDAP_ATTRIBUTES_FILTER | Filter for looking up login names | (objectClass=*) |
LDAP_QUERY_GROUP_ATTR | Attribute for the group name | cn |
LDAP_QUERY_GROUP_BASE | Base query for returning groups of a user | ou=groups,dc=example,dc=org |
LDAP_QUERY_GROUP | Query for returning groups of a user | (&(objectClass=posixGroup)(uniqueMember=uid={cn},ou=people,dc=example,dc=org)) |
CUSTOM_LOGIN_HTML | HTML to display on the login screen |
Login will be by a page in Prophund Reporter that requests the user name and password of the LDAP record.
The login page can be modified by using CUSTOM_LOGIN_HTML to provide your own login message.
Any login problems will return a custom message by setting CUSTOM_LOGIN_INFORMATION_HTML.
Once logged in the session will remain valid for a default of one year. Use the LOGIN_TIMEOUT_SECONDS setting to control this
Use the hidden page `/security/page_ldap_query` to test query strings, attributes and base names.
The LDAP_BIND_PASSWORD and LDAP_BIND environment variables are used to configure the query page.