forked from jbeorse/sync-endpoint-default-setup
-
Notifications
You must be signed in to change notification settings - Fork 33
/
Copy pathsecurity.properties
77 lines (69 loc) · 3.47 KB
/
security.properties
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
security.server.secureChannelType=ANY_CHANNEL
security.server.channelType=ANY_CHANNEL
# currently supported options are activeDirectory, ldap and dhis2
security.server.authenticationMethod=ldap
#
# Settings for both Active Directory (ldap) and LDAP Authentication
#
# Username and password for doing read-only queries.
# For activeDirectory, use username@domain
# For LDAP, use dn
security.server.ldapQueryUsername=cn=readonly,dc=example,dc=org
security.server.ldapQueryPassword=readonly
#
# Exclude Active Directory (ldap) and LDAP groups that don't begin with groupPrefix + space + ...
# For those that do, replace all punctuation and spaces with underscore and replace
# the groupPrefix with GROUP_ The resulting group membership will be propagated down
# to the device during a sync.
security.server.groupPrefix=default_prefix
#
# Settings for ActiveDirectory Domain Controller
# NOTE: the DC Url should ALWAYS be ldaps
# The bind authentication uses basic auth and therefore is not
# secure unless a TLS channel is used (i.e., ldaps).
#
security.server.ldapDomainDClevel2=YOURLDAPDOMAIN2
security.server.ldapDomainDClevel1=YOURLDAPDOMAIN1
security.server.ldapDomain=${security.server.ldapDomainDClevel2}.${security.server.ldapDomainDClevel1}
security.server.ldapDomainControllerUrl=ldaps://${security.server.ldapDomainDClevel2}.${security.server.ldapDomainDClevel1}
security.server.ldapDomainDC=DC=${security.server.ldapDomainDClevel2},DC=${security.server.ldapDomainDClevel1}
#
# Settings for LDAP Authentication
#
# enter in this format ldaps://LDAP_ADDRESS:636/
security.server.ldapUrl=ldap://ldap-service:389
security.server.ldapBaseDn=dc=example,dc=org
security.server.ldapPooled=false
security.server.userSearchBase=ou=people
security.server.groupSearchBase=ou=${security.server.groupPrefix},ou=groups
security.server.groupRoleAttribute=cn
security.server.userFullnameAttribute=givenName
security.server.usernameAttribute=uid
# {0} is username entered during basic auth
security.server.userDnPattern=${security.server.usernameAttribute}={0},${security.server.userSearchBase}
# {0} is user dn, {1} is username, this filter is for searching groups that a user belongs to
security.server.memberOfGroupSearchFilter=(memberUid={1})
# {0} is groupPrefix, {1} is groupRoleAttribute, this filter is for searching all groups
security.server.serverGroupSearchFilter=(&(objectClass=posixGroup)({1}={0} *))
#
# Settings for DHIS2 Authentication
#
security.server.dhis2ApiUrl=http://YOUR_DHIS2_SERVER/api/VERSION
# a DHIS2 user with privilege to enumerate organizaion units, groups and users
security.server.dhis2AdminUsername=YOUR_ADMIN_USERNAME
security.server.dhis2AdminPassword=YOUR_ADMIN_PASSWORD
# name of a DHIS2 orgnaization unit / group to assign Sync Endpoint Site Admins role to
security.server.dhis2SiteAdmins=ODK_SITE_ADMIN
security.server.dhis2AdministerTables=ODK_ADMIN_TABLES
security.server.dhis2SuperUserTables=ODK_SUPER_USER_TABLES
security.server.dhis2SyncTables=ODK_SYNC_TABLES
security.server.dhis2FormManagers=ODK_FORM_MNGR
security.server.dhis2DataViewers=ODK_DATA_VIEWERS
security.server.dhis2DataCollectors=ODK_DATA_COLLECTORS
wink.handlersFactoryClass=org.opendatakit.aggregate.odktables.impl.api.wink.AppEngineHandlersFactory
# realm definition
# realmString -- what should be sent to users when BasicAuth or DigestAuth is done
security.server.realm.realmString=opendatakit.org ODK Sync Endpoint
sync.preference.appName=default
sync.preference.anonymousTablesSync=false
sync.preference.anonymousAttachmentAccess=false