1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
# Configure authentication by saving this file as authentication.yml One section
# for each RAILS_ENV, like database.yml
#
# If you just want straight database backed authentication you don't need this
# file at all.
#
development:
# Disable database authentication altogether
#disable_default: true
# additional methods, an array of hashes
#methods:
# An adapter is a class that implements an authentication mechanism. You
# can roll your own, or use one of Gitorious' prepackaged ones.
# Available implementations are:
# Gitorious::Authentication::LDAPAuthentication
# Gitorious::Authentication::Crowd
############################################################################
# Example of configuring LDAP authentication
#- adapter: Gitorious::Authentication::LDAPAuthentication
# IP/hostname to LDAP server
#host: ldap.example
# Override the default port (389)
#port: 1999
# The base DN to search
#base_dn: DC=gitorious,DC=org
# The base DN when searching for groups (for authorization)
# If unspecified, base_dn is used
# group_search_dn: OU=groups,dc=gitorious,dc=org
# What LDAP attribute to use for user authentication. Default is CN
#login_attribute: uid
# How to build a user's DN. Default: $LOGIN_ATTRIBUTE={},$BASE_DN,
# e.g. CN=chris,DC=gitorious,DC=org
#distinguished_name_template: "{}@gitorious.org"
# Map LDAP fields to database fields.
# Default: displayname => fullname, mail => email
# attribute_mapping:
# givenName: fullname
# publicEmail: email
# See Net-LDAP for other options, or use "none" for no encryption.
# Defaults to "simple_tls" if not set.
#encryption: simple_tls
# A class/object that will be called after successful authentication
# through LDAP. Will be "constantized", post_authenticate will be called
# with an options hash. See LdapAuthenticationTest.
#callback_class: SampleCallback
# Specify a username/password to use for authenticated bind
# NOTE: This is required when using LDAP for authorization
#bind_user:
# username: boss
# password: sikret
# When using LDAP authorization: which attribute in a user
# record specifies groups a user is member of
# This will depend on your schema/LDAP server implementation
# but in 9/10 cases, it will be memberof
#membership_attribute_name: memberof
# When using LDAP authorization: which attribute in a group
# record specifies users that are member of the group
# This will depend on your LDAP schema, but will usually be
# member or uniquemember
#members_attribute_name: member
# To increase performance, Gitorious supports caching the result
# of group lookups. Enter how many minutes these results should
# be cached, default is 0 (no caching)
#cache_expiry: 60
# End LDAP configuration example
############################################################################
############################################################################
# Example of configuring Atlassian Crowd authentication
#- adapter: Gitorious::Authentication::CrowdAuthentication
# IP/hostname to Crowd server
#host: crowd.example
# Override default port (8095)
#port: 80
# Set context path for Crowd installation
#context: /crowd
# The application name
#application: gitorious
# Application password
#password: 123456789
# End Crowd configuration example
############################################################################
############################################################################
# Example of configuring Kerberos authentication
#- adapter: Gitorious::Authentication::KerberosAuthentication
# Set the Kerberos realm (should be uppercase)
#realm: EXAMPLE.COM
# The default email domain for users in this realm. If you do not
# specify any email_domain, the default is to use the lowercase
# realm value.
#email_domain: example.com
# Note that you must also set up Apache's mod_auth_kerb within
# httpd.conf. For example:
# # Enable SSO authentication via Kerberos
# <Location /sessions/http>
# AuthType Kerberos
# AuthName "Gitorious Web UI"
# KrbMethodNegotiate on
# KrbMethodK5Passwd off
# KrbServiceName HTTP
# KrbAuthRealm EXAMPLE.COM
# Krb5Keytab /etc/httpd/http.keytab
# Require valid-user
# ErrorDocument 401 /401.html
# </Location>
# End Kerberos configuration example
############################################################################
############################################################################
# Example of configuring SSL client certificate authentication
#- adapter: Gitorious::Authentication::SSLAuthentication
# What certificate field to use as login name. Default is CN.
#login_field: Email
# Whether the domain should be stripped, if the email address is
# used as login name. Default is false.
#login_strip_domain: true
# Character used to replace forbidden characters in login names.
# Set to '' to strip forbidden characters. Default is '-'.
#login_replace_char: ''
# Note that you must also set up Apache to create SSL related
# environment variables for the http auth controller:
# <Location /sessions/http>
# SSLOptions +StdEnvVars
# </Location>
# End SSL client certificate configuration example
############################################################################
# production:
|
