psteinb/gist:a822fbec3f62b35f3282

## gistfile1.txt
excerpt from indico.log:
2015-01-15 11:51:40,939 indico.requestHandler: INFO     - Request <IndicoRequest 'https://indico.mpi-cbg.de/indico/user/login' [POST]> finished with TypeError: "bind_s() argument after * must be a sequence, not NoneType"
2015-01-15 11:52:56,844 indico.wsgi     : ERROR    - Connection unexpectedly closed
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/Flask-0.10-py2.7.egg/flask/app.py", line 1475, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python2.7/dist-packages/Flask-0.10-py2.7.egg/flask/app.py", line 1461, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/usr/local/lib/python2.7/dist-packages/indico-1.2-py2.7.egg/indico/web/flask/util.py", line 87, in wrapper
    return obj(None).process(params)
  File "/usr/local/lib/python2.7/dist-packages/indico-1.2-py2.7.egg/MaKaC/webinterface/rh/errors.py", line 65, in process
    self._sendReport()
  File "/usr/local/lib/python2.7/dist-packages/indico-1.2-py2.7.egg/MaKaC/webinterface/rh/errors.py", line 60, in _sendReport
    GenericMailer.send(GenericNotification(maildata), skipQueue=True)
  File "/usr/local/lib/python2.7/dist-packages/indico-1.2-py2.7.egg/MaKaC/common/mail.py", line 51, in send
    cls._send(mailData)
  File "/usr/local/lib/python2.7/dist-packages/indico-1.2-py2.7.egg/MaKaC/common/mail.py", line 119, in _send
    server=smtplib.SMTP(*Config.getInstance().getSmtpServer())
  File "/usr/lib/python2.7/smtplib.py", line 249, in __init__
    (code, msg) = self.connect(host, port)
  File "/usr/lib/python2.7/smtplib.py", line 310, in connect
    (code, msg) = self.getreply()
  File "/usr/lib/python2.7/smtplib.py", line 361, in getreply
    raise SMTPServerDisconnected("Connection unexpectedly closed")
SMTPServerDisconnected: Connection unexpectedly closed
2015-01-15 11:55:53,354 indico.requestHandler: INFO     - [pid=15532] from host 10.1.251.33
2015-01-15 12:00:53,390 indico.upcoming_events: INFO     - Regenerated upcoming event cache

my LDAP indico.conf:

#--------------------------
# Indico configuration file
#--------------------------
#
# This file is read on Apache startup. If you change any value you will need to
# restart Apache afterwards to have its changes take effect.
#
# Lines starting with "#" are comments and they will be ignored by Indico.

#------------------------------------------------------------------------------
# ZODB
#------------------------------------------------------------------------------

DBConnectionParams   = ('localhost', 9675)
DBUserName           = ""
DBPassword           = ""
DBRealm              = ""

#------------------------------------------------------------------------------
# REDIS
#------------------------------------------------------------------------------

# To enable redis, specify a valid redis connection string here.
# Example: redis://unused:password@localhost:6379/0
# You also need to install the python redis client (pip install redis hiredis)
# Note that the Redis server needs to run at least Redis 2.6 with LUA support.
#RedisConnectionURL = None

#------------------------------------------------------------------------------
# SECURITY
#------------------------------------------------------------------------------
# Possible values of SanitizationLevel:
#    0: Escape all HTML tags
#    1: Raise error if styles are used
#    2: Raise error if SCRIPT tag is used
#    3: No input filtering is done (DANGEROUS!)

SanitizationLevel    = 2

# AuthenticatedEnforceSecure controls whether HTTPS should be enforced for
# authentication and while logged in.
AuthenticatedEnforceSecure = "yes"

# Possible values of CSRFLevel:
#    0: Disable all CSRF checks (DANGEROUS!)
#    1: Check CSRF token for service requests
#    2: Check CSRF token for service requests and cookie-based API requests
#    3: The above & require an empty or valid referer for normal POST requests
CSRFLevel = 2

#------------------------------------------------------------------------------
# Development
#------------------------------------------------------------------------------
# You can force a certain number of (simulated) database conflicts on every
# by setting ForceConflicts to the number of conflict errors you want:
#ForceConflicts = 0
#
# You can cause all error-like exceptions (i.e. not something like AccessError)
# to be propagated outside the Indico WSGI app by enabling this option. This has
# the advantage of triggering the Werkzeug debugger of the embedded server even
# in case of e.g. a MaKaCError.
#PropagateAllExceptions = False

#------------------------------------------------------------------------------
# URLs
#------------------------------------------------------------------------------
# BaseURL is the url where Indico will be accessed:

BaseURL              = "http://indico.mpi-cbg.de/indico"

# BaseSecureURL is the HTTPS location of Indico. Set empty string if you want to use http.

BaseSecureURL        = "https://indico.mpi-cbg.de/indico"


# If you are using a custom user authentication system (see below) uncomment
# the following lines and specify the new URLs.
#
#   LoginURL             = ""
#   RegistrationURL      = ""

# Support the old mod_python-style URLs (conferenceDisplay.py?confId=123 etc.) by redirecting
# them to their new URL.
#RouteOldUrls = False


#------------------------------------------------------------------------------
# DIRECTORIES
#------------------------------------------------------------------------------
ArchiveDir           = "/opt/indico/archive"
BinDir               = "/opt/indico/bin"
ConfigurationDir     = "/opt/indico/etc"
DocumentationDir     = "/opt/indico/doc"
HtdocsDir            = "/opt/indico/htdocs"
LogDir               = "/opt/indico/log"
UploadedFilesTempDir = "/opt/indico/tmp"
XMLCacheDir          = "/opt/indico/cache"
# You can use 'redis', 'memcached' or 'files'. The files backend caches objects in
# XMLCacheDir while the Memcached backend uses one or more memcached servers.
#CacheBackend         = 'files'
# When using memcached, provide a tuple containing 'ip:port' entries for the
# memcached servers. Do not forget to firewall those servers as memcached has no
# authentication at all!
#MemcachedServers     = ('127.0.0.1:11211',)
# When using redis, provide a redis connection string for the Redis server.
#RedisCacheURL = 'redis://unused:password@localhost:6379/1'

#------------------------------------------------------------------------------
# SMTP
#------------------------------------------------------------------------------
# SmtpServer           = ('mail.mpi-cbg.de', 465)
# SmtpLogin            = "steinbac"
# SmtpPassword         = "XXXXX"

# # If your SMTP server is using TLS write "yes", otherwise write "no"

# SmtpUseTLS           = "no"

#------------------------------------------------------------------------------
# EMAIL ADDRESSES
#------------------------------------------------------------------------------
# SupportEmail is the email address where all automatically generated
# application errors will be sent to.

SupportEmail         = "steinbac@mpi-cbg.de"


# PublicSupportEmail is an email address that will be shown in Indico and where
# users are expected to find help when they have using the website.

PublicSupportEmail   = "steinbac@mpi-cbg.de"

# NoReplyEmail is the email address showed when we do not want the users to answer
# an automatically generated email.

NoReplyEmail	     = "noreply-root@indico.mpi-cbg.de"


#------------------------------------------------------------------------------
# FILE UPLOAD
#------------------------------------------------------------------------------
# Here you can limit the maximum size of all the uploaded files (in MB) in a
# request
# default: 0 (unlimited)

MaxUploadFilesTotalSize = 0

# Here you can limit the maximum size of an uploaded file (in MB)
# default: 0 (unlimited)

MaxUploadFileSize = 0

#------------------------------------------------------------------------------
# FILE CONVERSION
#------------------------------------------------------------------------------
# Indico has an interface to interact with an external file conversion system
# to convert from some formats to others but right now there is no publicly
# available file conversion software.
#
# If you are interested in this feature please contact us at:
#   indico-team@cern.ch
#
# FileConverter        = {"conversion_server": "localhost", "response_url": "http://localhost/conversion-finished"}


#------------------------------------------------------------------------------
# STATIC FILE DELIVERY
#------------------------------------------------------------------------------
# Indico supports the use of the X-Sendfile and X-Accel-Redirect headers:
#
# http://blog.lighttpd.net/articles/2006/07/02/x-sendfile
# http://wiki.nginx.org/X-accel
#
# If your webserver supports this feature and you want to activate it,
# you should enable it here
#
# X-Sendfile (apache with mod_xsendfile, lighttpd):
# StaticFileMethod = 'xsendfile'
#
# X-Accel-Redirect (nginx):
# StaticFileMethod = ('xaccelredirect', {
#     '/opt/indico/archive': '/.xsf/archive',
#     '/opt/indico/cache': '/.xsf/cache',
#     '/opt/indico/htdocs': '/.xsf/htdocs'
# })
# Because of the way nginx works (using URLs instead of paths) you also need to map the .xsf urls to
# the paths in your nginx config (for each entry in the dict above):
# location /.xsf/archive/ {
#     internal;
#     alias /opt/indico/archive/;
# }
# DO NOT forget the "internal;" statement - it prevents users from accessing those URLs directly.

#StaticFileMethod = None


#------------------------------------------------------------------------------
# AUTHENTICATION
#------------------------------------------------------------------------------
# Indico ships with a fully working user authentication system (Local) but you
# can use an external system.
#
# If you want to have all users authenticate only to an external user management
# system (for example: MyAuthSystem) you should write:
#
#     AuthenticatorList = [('MyAuthSystem', {})]
#
# Where the second element of the tuple is a dictionary with the configuration.
#
# If you want to authenticate users against more than one authentication system
# you can write them like this (systems will be queried about users from left
# to right):
#
#     AuthenticatorList = [('Local', {}), ('LDAP', {}), ('MyAuthSystem', {})]
#
# If you want to setup SSO in your authenticator you should setup the variable
# SSOActive to True.
#
# AuthenticatorList = [('MyAuthSystem', {'SSOActive': True})]
#
# You can also can configure the mapping of the SSO attributes with the variable SSOMapping. An example:
#
# AuthenticatorList = [ ('Local', {}),
#                        ('MyAuthSystem', {'SSOActive': True,
#                                          'LogoutCallbackURL': 'https://example.com/wsignout',
#                                          'SSOMapping': { 'email': 'ADFS_EMAIL',
#                                                           'login': 'ADFS_LOGIN',
#                                                           'personId': 'ADFS_PERSONID',
#                                                           'phone': 'ADFS_PHONENUMBER',
#                                                           'fax': 'ADFS_FAXNUMBER',
#                                                           'lastname': 'ADFS_LASTNAME',
#                                                           'firstname': 'ADFS_FIRSTNAME',
#                                                           'institute': 'ADFS_HOMEINSTITUTE'},
#                                          'ResetPasswordMessage': 'Please contact helpdesk or access this url: http://example.com'
#                                          })]
#
#
# Please note that some authentication systems may require extra dependency libs.
# For instance, for LDAP authentication, you will also need to install the python-ldap lib:
#
#  $ pip install python-ldap
#
#
# As an example if you want to setup the LDAP Authenticator you should define as following:
#
# AuthenticatorList  = [('LDAP', {# by default the port is 389 if you do not specify.
#                                 'uri': '[ldap|ldaps]://myldapserver.example.com:port',
#
#                                 # use TLS (do so, if your server allows)
#                                 'useTLS': True,
#
#                                 # filter parameters for users, base DN to use
#                                 'peopleDNQuery': ('uid={0}', 'DC=example,DC=com'),
#
#                                 # filter parameters for groups, base DN to use
#                                 'groupDNQuery': ('cn={0}', 'OU=Groups,DC=example,DC=com'),
#
#                                 # SLAPD or ActiveDirectory
#                                 'groupStyle': 'SLAPD',
#
#                                 # access credentials of a user with read access
#                                  'accessCredentials': ('CN=user,OU=Users,DC=example,DC=com','secret_password')
#
#                                 # custom user filter
#                                  'customUserFilter': "(objectCategory=user)"
#                                 }
#
#
# The default configuration will use only Indico's authentication system.

AuthenticatorList    = [('LDAP', {'peopleDNQuery': ('cn={0}', 'CN=users,DC=ldap-srv1,DC=mpi-cbg,DC=de'), 'groupDNQuery': ('cn={0}', 'CN=groups,DC=ldap-srv1,DC=mpi-cbg,DC=de'), 'uri': 'ldap://10.1.2.19', 'groupStyle': 'SLAPD', 'useTLS': False})]

# If you only want to allow users to login via SSO you can disable the normal login page.
# DisplayLoginPage = True

# Sessions are only stored for a certain time. You can modify the duration here. By setting
# the lifetime to 0 the cookie will expire when the browser is closed.
# SessionLifetime = 86400 * 31


#------------------------------------------------------------------------------
# OFFLINE WEBSITE PACKAGES CREATION
#------------------------------------------------------------------------------
# Indico allows users to download their event so they can run it offline.
#
# The OfflineStore variable points to a directory that Indico will use to store
# the offline website packages.
#
# If the OfflineStore variable is not set, the functionality will be disabled.
#
# OfflineStore         = "/opt/indico/archive"


#------------------------------------------------------------------------------
# LATEX/PDF GENERATION
#------------------------------------------------------------------------------
# Set the path to pdflatex if it's not within PATH:
# PDFLatexProgram = 'pdflatex'
#
# In strict mode, a non-zero status code is considered failure. Disable this if
# you have old contributions that contain invalid LaTeX and you prefer possibly
# weird-looking PDFs over an error and no PDF at all.
# StrictLatex = True


#------------------------------------------------------------------------------
# OAUTH PARAMETERS
#------------------------------------------------------------------------------

# Time to live of the OAuth Tokens
OAuthAccessTokenTTL = 10000


#------------------------------------------------------------------------------
# INDICO MOBILE
#------------------------------------------------------------------------------

# If you have an installation of the mobile version of Indico, you can enable the
# notification that encourages its usage when the user accesses the Desktop Indico
# from a mobile device. One only needs to add the URL of Indico mobile here:
# MobileURL = "http://m.indico.your.domain"

ShortEventTag = 'event/'
ExportACL = {}
CssStylesheetName = 'Default'
ShortCategTag = 'categ/'
ApacheGroup = 'www-data'
UseXSendFile = 'no'
ApacheUser = 'www-data'
	excerpt from indico.log:
	2015-01-15 11:51:40,939 indico.requestHandler: INFO - Request <IndicoRequest 'https://indico.mpi-cbg.de/indico/user/login' [POST]> finished with TypeError: "bind_s() argument after * must be a sequence, not NoneType"
	2015-01-15 11:52:56,844 indico.wsgi : ERROR - Connection unexpectedly closed
	Traceback (most recent call last):
	File "/usr/local/lib/python2.7/dist-packages/Flask-0.10-py2.7.egg/flask/app.py", line 1475, in full_dispatch_request
	rv = self.dispatch_request()
	File "/usr/local/lib/python2.7/dist-packages/Flask-0.10-py2.7.egg/flask/app.py", line 1461, in dispatch_request
	return self.view_functions[rule.endpoint](**req.view_args)
	File "/usr/local/lib/python2.7/dist-packages/indico-1.2-py2.7.egg/indico/web/flask/util.py", line 87, in wrapper
	return obj(None).process(params)
	File "/usr/local/lib/python2.7/dist-packages/indico-1.2-py2.7.egg/MaKaC/webinterface/rh/errors.py", line 65, in process
	self._sendReport()
	File "/usr/local/lib/python2.7/dist-packages/indico-1.2-py2.7.egg/MaKaC/webinterface/rh/errors.py", line 60, in _sendReport
	GenericMailer.send(GenericNotification(maildata), skipQueue=True)
	File "/usr/local/lib/python2.7/dist-packages/indico-1.2-py2.7.egg/MaKaC/common/mail.py", line 51, in send
	cls._send(mailData)
	File "/usr/local/lib/python2.7/dist-packages/indico-1.2-py2.7.egg/MaKaC/common/mail.py", line 119, in _send
	server=smtplib.SMTP(*Config.getInstance().getSmtpServer())
	File "/usr/lib/python2.7/smtplib.py", line 249, in __init__
	(code, msg) = self.connect(host, port)
	File "/usr/lib/python2.7/smtplib.py", line 310, in connect
	(code, msg) = self.getreply()
	File "/usr/lib/python2.7/smtplib.py", line 361, in getreply
	raise SMTPServerDisconnected("Connection unexpectedly closed")
	SMTPServerDisconnected: Connection unexpectedly closed
	2015-01-15 11:55:53,354 indico.requestHandler: INFO - [pid=15532] from host 10.1.251.33
	2015-01-15 12:00:53,390 indico.upcoming_events: INFO - Regenerated upcoming event cache

	my LDAP indico.conf:

	#--------------------------
	# Indico configuration file
	#--------------------------
	#
	# This file is read on Apache startup. If you change any value you will need to
	# restart Apache afterwards to have its changes take effect.
	#
	# Lines starting with "#" are comments and they will be ignored by Indico.

	#------------------------------------------------------------------------------
	# ZODB
	#------------------------------------------------------------------------------

	DBConnectionParams = ('localhost', 9675)
	DBUserName = ""
	DBPassword = ""
	DBRealm = ""

	#------------------------------------------------------------------------------
	# REDIS
	#------------------------------------------------------------------------------

	# To enable redis, specify a valid redis connection string here.
	# Example: redis://unused:password@localhost:6379/0
	# You also need to install the python redis client (pip install redis hiredis)
	# Note that the Redis server needs to run at least Redis 2.6 with LUA support.
	#RedisConnectionURL = None

	#------------------------------------------------------------------------------
	# SECURITY
	#------------------------------------------------------------------------------
	# Possible values of SanitizationLevel:
	# 0: Escape all HTML tags
	# 1: Raise error if styles are used
	# 2: Raise error if SCRIPT tag is used
	# 3: No input filtering is done (DANGEROUS!)

	SanitizationLevel = 2

	# AuthenticatedEnforceSecure controls whether HTTPS should be enforced for
	# authentication and while logged in.
	AuthenticatedEnforceSecure = "yes"

	# Possible values of CSRFLevel:
	# 0: Disable all CSRF checks (DANGEROUS!)
	# 1: Check CSRF token for service requests
	# 2: Check CSRF token for service requests and cookie-based API requests
	# 3: The above & require an empty or valid referer for normal POST requests
	CSRFLevel = 2

	#------------------------------------------------------------------------------
	# Development
	#------------------------------------------------------------------------------
	# You can force a certain number of (simulated) database conflicts on every
	# by setting ForceConflicts to the number of conflict errors you want:
	#ForceConflicts = 0
	#
	# You can cause all error-like exceptions (i.e. not something like AccessError)
	# to be propagated outside the Indico WSGI app by enabling this option. This has
	# the advantage of triggering the Werkzeug debugger of the embedded server even
	# in case of e.g. a MaKaCError.
	#PropagateAllExceptions = False

	#------------------------------------------------------------------------------
	# URLs
	#------------------------------------------------------------------------------
	# BaseURL is the url where Indico will be accessed:

	BaseURL = "http://indico.mpi-cbg.de/indico"

	# BaseSecureURL is the HTTPS location of Indico. Set empty string if you want to use http.

	BaseSecureURL = "https://indico.mpi-cbg.de/indico"


	# If you are using a custom user authentication system (see below) uncomment
	# the following lines and specify the new URLs.
	#
	# LoginURL = ""
	# RegistrationURL = ""

	# Support the old mod_python-style URLs (conferenceDisplay.py?confId=123 etc.) by redirecting
	# them to their new URL.
	#RouteOldUrls = False


	#------------------------------------------------------------------------------
	# DIRECTORIES
	#------------------------------------------------------------------------------
	ArchiveDir = "/opt/indico/archive"
	BinDir = "/opt/indico/bin"
	ConfigurationDir = "/opt/indico/etc"
	DocumentationDir = "/opt/indico/doc"
	HtdocsDir = "/opt/indico/htdocs"
	LogDir = "/opt/indico/log"
	UploadedFilesTempDir = "/opt/indico/tmp"
	XMLCacheDir = "/opt/indico/cache"
	# You can use 'redis', 'memcached' or 'files'. The files backend caches objects in
	# XMLCacheDir while the Memcached backend uses one or more memcached servers.
	#CacheBackend = 'files'
	# When using memcached, provide a tuple containing 'ip:port' entries for the
	# memcached servers. Do not forget to firewall those servers as memcached has no
	# authentication at all!
	#MemcachedServers = ('127.0.0.1:11211',)
	# When using redis, provide a redis connection string for the Redis server.
	#RedisCacheURL = 'redis://unused:password@localhost:6379/1'

	#------------------------------------------------------------------------------
	# SMTP
	#------------------------------------------------------------------------------
	# SmtpServer = ('mail.mpi-cbg.de', 465)
	# SmtpLogin = "steinbac"
	# SmtpPassword = "XXXXX"

	# # If your SMTP server is using TLS write "yes", otherwise write "no"

	# SmtpUseTLS = "no"

	#------------------------------------------------------------------------------
	# EMAIL ADDRESSES
	#------------------------------------------------------------------------------
	# SupportEmail is the email address where all automatically generated
	# application errors will be sent to.

	SupportEmail = "steinbac@mpi-cbg.de"


	# PublicSupportEmail is an email address that will be shown in Indico and where
	# users are expected to find help when they have using the website.

	PublicSupportEmail = "steinbac@mpi-cbg.de"

	# NoReplyEmail is the email address showed when we do not want the users to answer
	# an automatically generated email.

	NoReplyEmail = "noreply-root@indico.mpi-cbg.de"


	#------------------------------------------------------------------------------
	# FILE UPLOAD
	#------------------------------------------------------------------------------
	# Here you can limit the maximum size of all the uploaded files (in MB) in a
	# request
	# default: 0 (unlimited)

	MaxUploadFilesTotalSize = 0

	# Here you can limit the maximum size of an uploaded file (in MB)
	# default: 0 (unlimited)

	MaxUploadFileSize = 0

	#------------------------------------------------------------------------------
	# FILE CONVERSION
	#------------------------------------------------------------------------------
	# Indico has an interface to interact with an external file conversion system
	# to convert from some formats to others but right now there is no publicly
	# available file conversion software.
	#
	# If you are interested in this feature please contact us at:
	# indico-team@cern.ch
	#
	# FileConverter = {"conversion_server": "localhost", "response_url": "http://localhost/conversion-finished"}


	#------------------------------------------------------------------------------
	# STATIC FILE DELIVERY
	#------------------------------------------------------------------------------
	# Indico supports the use of the X-Sendfile and X-Accel-Redirect headers:
	#
	# http://blog.lighttpd.net/articles/2006/07/02/x-sendfile
	# http://wiki.nginx.org/X-accel
	#
	# If your webserver supports this feature and you want to activate it,
	# you should enable it here
	#
	# X-Sendfile (apache with mod_xsendfile, lighttpd):
	# StaticFileMethod = 'xsendfile'
	#
	# X-Accel-Redirect (nginx):
	# StaticFileMethod = ('xaccelredirect', {
	# '/opt/indico/archive': '/.xsf/archive',
	# '/opt/indico/cache': '/.xsf/cache',
	# '/opt/indico/htdocs': '/.xsf/htdocs'
	# })
	# Because of the way nginx works (using URLs instead of paths) you also need to map the .xsf urls to
	# the paths in your nginx config (for each entry in the dict above):
	# location /.xsf/archive/ {
	# internal;
	# alias /opt/indico/archive/;
	# }
	# DO NOT forget the "internal;" statement - it prevents users from accessing those URLs directly.

	#StaticFileMethod = None


	#------------------------------------------------------------------------------
	# AUTHENTICATION
	#------------------------------------------------------------------------------
	# Indico ships with a fully working user authentication system (Local) but you
	# can use an external system.
	#
	# If you want to have all users authenticate only to an external user management
	# system (for example: MyAuthSystem) you should write:
	#
	# AuthenticatorList = [('MyAuthSystem', {})]
	#
	# Where the second element of the tuple is a dictionary with the configuration.
	#
	# If you want to authenticate users against more than one authentication system
	# you can write them like this (systems will be queried about users from left
	# to right):
	#
	# AuthenticatorList = [('Local', {}), ('LDAP', {}), ('MyAuthSystem', {})]
	#
	# If you want to setup SSO in your authenticator you should setup the variable
	# SSOActive to True.
	#
	# AuthenticatorList = [('MyAuthSystem', {'SSOActive': True})]
	#
	# You can also can configure the mapping of the SSO attributes with the variable SSOMapping. An example:
	#
	# AuthenticatorList = [ ('Local', {}),
	# ('MyAuthSystem', {'SSOActive': True,
	# 'LogoutCallbackURL': 'https://example.com/wsignout',
	# 'SSOMapping': { 'email': 'ADFS_EMAIL',
	# 'login': 'ADFS_LOGIN',
	# 'personId': 'ADFS_PERSONID',
	# 'phone': 'ADFS_PHONENUMBER',
	# 'fax': 'ADFS_FAXNUMBER',
	# 'lastname': 'ADFS_LASTNAME',
	# 'firstname': 'ADFS_FIRSTNAME',
	# 'institute': 'ADFS_HOMEINSTITUTE'},
	# 'ResetPasswordMessage': 'Please contact helpdesk or access this url: http://example.com'
	# })]
	#
	#
	# Please note that some authentication systems may require extra dependency libs.
	# For instance, for LDAP authentication, you will also need to install the python-ldap lib:
	#
	# $ pip install python-ldap
	#
	#
	# As an example if you want to setup the LDAP Authenticator you should define as following:
	#
	# AuthenticatorList = [('LDAP', {# by default the port is 389 if you do not specify.
	# 'uri': '[ldap\|ldaps]://myldapserver.example.com:port',
	#
	# # use TLS (do so, if your server allows)
	# 'useTLS': True,
	#
	# # filter parameters for users, base DN to use
	# 'peopleDNQuery': ('uid={0}', 'DC=example,DC=com'),
	#
	# # filter parameters for groups, base DN to use
	# 'groupDNQuery': ('cn={0}', 'OU=Groups,DC=example,DC=com'),
	#
	# # SLAPD or ActiveDirectory
	# 'groupStyle': 'SLAPD',
	#
	# # access credentials of a user with read access
	# 'accessCredentials': ('CN=user,OU=Users,DC=example,DC=com','secret_password')
	#
	# # custom user filter
	# 'customUserFilter': "(objectCategory=user)"
	# }
	#
	#
	# The default configuration will use only Indico's authentication system.

	AuthenticatorList = [('LDAP', {'peopleDNQuery': ('cn={0}', 'CN=users,DC=ldap-srv1,DC=mpi-cbg,DC=de'), 'groupDNQuery': ('cn={0}', 'CN=groups,DC=ldap-srv1,DC=mpi-cbg,DC=de'), 'uri': 'ldap://10.1.2.19', 'groupStyle': 'SLAPD', 'useTLS': False})]

	# If you only want to allow users to login via SSO you can disable the normal login page.
	# DisplayLoginPage = True

	# Sessions are only stored for a certain time. You can modify the duration here. By setting
	# the lifetime to 0 the cookie will expire when the browser is closed.
	# SessionLifetime = 86400 * 31


	#------------------------------------------------------------------------------
	# OFFLINE WEBSITE PACKAGES CREATION
	#------------------------------------------------------------------------------
	# Indico allows users to download their event so they can run it offline.
	#
	# The OfflineStore variable points to a directory that Indico will use to store
	# the offline website packages.
	#
	# If the OfflineStore variable is not set, the functionality will be disabled.
	#
	# OfflineStore = "/opt/indico/archive"


	#------------------------------------------------------------------------------
	# LATEX/PDF GENERATION
	#------------------------------------------------------------------------------
	# Set the path to pdflatex if it's not within PATH:
	# PDFLatexProgram = 'pdflatex'
	#
	# In strict mode, a non-zero status code is considered failure. Disable this if
	# you have old contributions that contain invalid LaTeX and you prefer possibly
	# weird-looking PDFs over an error and no PDF at all.
	# StrictLatex = True



	#------------------------------------------------------------------------------
	# OAUTH PARAMETERS
	#------------------------------------------------------------------------------

	# Time to live of the OAuth Tokens
	OAuthAccessTokenTTL = 10000


	#------------------------------------------------------------------------------
	# INDICO MOBILE
	#------------------------------------------------------------------------------

	# If you have an installation of the mobile version of Indico, you can enable the
	# notification that encourages its usage when the user accesses the Desktop Indico
	# from a mobile device. One only needs to add the URL of Indico mobile here:
	# MobileURL = "http://m.indico.your.domain"

	ShortEventTag = 'event/'
	ExportACL = {}
	CssStylesheetName = 'Default'
	ShortCategTag = 'categ/'
	ApacheGroup = 'www-data'
	UseXSendFile = 'no'
	ApacheUser = 'www-data'