LDAP server address. LDAP_SERVER=localhost
LDAP server port. LDAP_PORT=389
LDAP user query format. LDAP_USER_DN_FORMAT=uid=,ou=people,
There are a few configuration settings that can be set using environment variables for the reporter container. Your LDAP or AD export should understand them
| environment name | description | default value |
|---|---|---|
| LDAP_SERVER | host name LDAP server | |
| LDAP_SERVER_PORT | port of the LDAP server | 389 |
| LDAP_BIND | name to use when binding to the LDAP server on query page | cn=admin,dc=example,dc=org |
| LDAP_BIND_PASSWORD | password to use when binding to the LDAP server on query page | admin |
| LDAP_ROOT_DN | root name | dc=example,dc=org |
| LDAP_USER_DN_FORMAT | Python format string to get a user | cn=, |
| LDAP_USER_EMAIL_FORMAT | Python format string to make an email address if no mail attribute | @ldap.com |
| LDAP_ATTRIBUTES_FILTER | Filter for looking up login names | (objectClass=*) |
| LDAP_QUERY_GROUP_ATTR | Attribute for the group name | cn |
| LDAP_QUERY_GROUP_BASE | Base query for returning groups of a user | ou=groups,dc=example,dc=org |
| LDAP_QUERY_GROUP | Query for returning groups of a user | (&(objectClass=posixGroup)(uniqueMember=uid=,ou=people,dc=example,dc=org)) |
| CUSTOM_LOGIN_HTML | HTML to display on the login screen |
Login will be by a page in Prophund Reporter that requests the user name and password of the LDAP record.
The login page can be modified by using CUSTOM_LOGIN_HTML to provide your own login message.
Any login problems will return a custom message by setting CUSTOM_LOGIN_INFORMATION_HTML.
Once logged in the session will remain valid for a default of one year. Use the LOGIN_TIMEOUT_SECONDS setting to control this
Use the hidden page `/security/page_ldap_query` to test query strings, attributes and base names.
The LDAP_BIND_PASSWORD and LDAP_BIND environment variables are used to configure the query page.