-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.env.example
67 lines (60 loc) · 3.28 KB
/
.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# These are part of BookStack standard settings, refer to BookStack
# documentation for more info
LDAP_SERVER=ldap://ldap.example.com
LDAP_DN=cn=bookstack,ou=Services,dc=example,dc=com
LDAP_PASS=s3cret
LDAP_TLS_INSECURE=false
LDAP_START_TLS=true
# The next variables are specific to this script. Most of them are mandatory.
# Base DN and filter for users
LDAP_PROVISION_USERS_BASE_DN=ou=People,dc=example,dc=com
LDAP_PROVISION_USERS_BASE_DN="(&(objectClass=inetOrgPerson)(!(nsAccountLock=true)))"
# Attribute for users external ID, this will be used to pair a BookStack user
# with a LDAP user and update other attributes if they have changed, so it must
# be as stable as possible. 389DS for example provides a UUID in attribute
# nsUniqueId, which doesn't change even when other attributes or dn are
# modified, which is perfect for this.
LDAP_PROVISION_EXTERNAL_ID_ATTR=nsUniqueId
# Attribute for users display name
LDAP_PROVISION_NAME_ATTR=uid
# Attribute for users email address, mandatory and must be unique
LDAP_PROVISION_EMAIL_ATTR=mail
# Base DN and filter for groups.
# Groups must have "member" attributes.
LDAP_PROVISION_GROUPS_BASE_DN=ou=Groups,dc=example,dc=com
LDAP_PROVISION_GROUPS_FILTER=(objectClass=groupOfNames)
# Same as LDAP_PROVISION_EXTERNAL_ID_ATTR but for groups/roles
LDAP_PROVISION_GROUPS_EXTERNAL_ID_ATTR=nsUniqueId
# Attribute for groups/roles display name
LDAP_PROVISION_GROUPS_NAME_ATTR=cn
# Attribute for groups/roles description, optional. If none is provided, a
# default description is generated.
LDAP_PROVISION_GROUPS_DESCRIPTION_ATTR=description
# Allows deletion of all synced users or groups, if none are found in LDAP.
# Set to true only if you anticipate to delete all users or all groups at some
# point, otherwise this will prevent disasters if you mess up filters or LDAP
# permissions or similar and the LDAP server suddenly returns no users or groups
LDAP_PROVISION_ALLOW_DISASTERS=false
# If enabled, deleted accounts are renamed to "Deleted" and a random id. Their
# email address is also replaced similarly. Otherwise, their accounts are
# completely deleted. Deleting accounts doesn't delete books or anything else,
# so it should be safe to do a hard delete in any case. Soft deleted users
# keep their external ID, so they will be recovered and un-deleted automatically
# if they are found again. However, take care that they cannot log in via SAML
# when they are soft deleted!
LDAP_PROVISION_SOFT_DELETE=false
# Create groups that have no members in LDAP
LDAP_PROVISION_CREATE_EMPTY_GROUPS=true
# This group will be given some default permissions, usually admin permissions,
# so its users can set up permissions for the rest of the instance. Optional,
# if none is set then no additional permissions are given by the script. You can
# always add permissions to any role with the default "admin" account provided
# by BookStack or other means.
LDAP_PROVISION_ADMIN_GROUP_NAME=Admins
# Which permissions to give, comma separated, optional.
# The default value is settings-manage,users-manage,user-roles-manage
LDAP_PROVISION_ADMIN_GROUP_PERMISSIONS=settings-manage,users-manage,user-roles-manage
# Add all synced users to these roles. They must be existing roles, either
# default ones (Public) or manually created.
# Optional and empty by default.
LDAP_PROVISION_COMMON_ROLES=Public,AllUsers