Created
June 25, 2015 21:19
-
-
Save cam8001/cb4b9cc65e84a2918785 to your computer and use it in GitHub Desktop.
Example simplesamlphp IdP config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
$config = array( | |
// Example of a LDAP authentication source. | |
'example-ldap' => array( | |
'ldap:LDAP', | |
// Give the user an option to save their username for future login attempts | |
// And when enabled, what should the default be, to save the username or not | |
//'remember.username.enabled' => FALSE, | |
//'remember.username.checked' => FALSE, | |
// The hostname of the LDAP server. | |
'hostname' => 'ldap.example.org', | |
// Whether SSL/TLS should be used when contacting the LDAP server. | |
'enable_tls' => TRUE, | |
// Whether debug output from the LDAP library should be enabled. | |
// Default is FALSE. | |
'debug' => FALSE, | |
// The timeout for accessing the LDAP server, in seconds. | |
// The default is 0, which means no timeout. | |
'timeout' => 0, | |
// Set whether to follow referrals. AD Controllers may require FALSE to function. | |
'referrals' => TRUE, | |
// Which attributes should be retrieved from the LDAP server. | |
// This can be an array of attribute names, or NULL, in which case | |
// all attributes are fetched. | |
'attributes' => NULL, | |
// The pattern which should be used to create the users DN given the username. | |
// %username% in this pattern will be replaced with the users username. | |
// | |
// This option is not used if the search.enable option is set to TRUE. | |
'dnpattern' => 'uid=%username%,ou=people,dc=example,dc=org', | |
// As an alternative to specifying a pattern for the users DN, it is possible to | |
// search for the username in a set of attributes. This is enabled by this option. | |
'search.enable' => FALSE, | |
// The DN which will be used as a base for the search. | |
// This can be a single string, in which case only that DN is searched, or an | |
// array of strings, in which case they will be searched in the order given. | |
'search.base' => 'ou=people,dc=example,dc=org', | |
// The attribute(s) the username should match against. | |
// | |
// This is an array with one or more attribute names. Any of the attributes in | |
// the array may match the value the username. | |
'search.attributes' => array('uid', 'mail'), | |
// The username & password the simpleSAMLphp should bind to before searching. If | |
// this is left as NULL, no bind will be performed before searching. | |
'search.username' => NULL, | |
'search.password' => NULL, | |
// If the directory uses privilege separation, | |
// the authenticated user may not be able to retrieve | |
// all required attribures, a privileged entity is required | |
// to get them. This is enabled with this option. | |
'priv.read' => FALSE, | |
// The DN & password the simpleSAMLphp should bind to before | |
// retrieving attributes. These options are required if | |
// 'priv.read' is set to TRUE. | |
'priv.username' => NULL, | |
'priv.password' => NULL, | |
), | |
); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment