@@ -27,6 +27,56 @@ You can run cerebro listening on a different host and port(defaults to 0.0.0.0:9
2727bin/cerebro -Dhttp.port=1234 -Dhttp.address=127.0.0.1
2828```
2929
30+ #### LDAP config
31+
32+ LDAP can be configured using environment variables. If you typically run cerebro using docker,
33+ you can pass a file with all the env vars. The file would look like:
34+
35+ ``` bash
36+ # Set it to ldap to activate ldap authorization
37+ AUTH_TYPE=ldap
38+
39+ # Your ldap url
40+ LDAP_URL=ldap://exammple.com:389
41+
42+ LDAP_BASE_DN=OU=users,DC=example,DC=com
43+
44+ # Usually method should be "simple" otherwise, set it to the SASL mechanisms
45+ LDAP_METHOD=simple
46+
47+ # user-template executes a string.format() operation where
48+ # username is passed in first, followed by base-dn. Some examples
49+ # - %s => leave user untouched
50+ # - %s@domain.com => append "@domain.com" to username
51+ # - uid=%s,%s => usual case of OpenLDAP
52+ LDAP_USER_TEMPLATE=%s@example.com
53+
54+ # User identifier that can perform searches
55+ LDAP_BIND_DN=admin@example.com
56+ LDAP_BIND_PWD=adminpass
57+
58+ # Group membership settings (optional)
59+
60+ # If left unset LDAP_BASE_DN will be used
61+ # LDAP_GROUP_BASE_DN=OU=users,DC=example,DC=com
62+
63+ # Attribute that represent the user, for example uid or mail
64+ # LDAP_USER_ATTR=mail
65+
66+ # Filter that tests membership of the group. If this property is empty then there is no group membership check
67+ # AD example => memberOf=CN=mygroup,ou=ouofthegroup,DC=domain,DC=com
68+ # OpenLDAP example => CN=mygroup
69+ # LDAP_GROUP=memberOf=memberOf=CN=mygroup,ou=ouofthegroup,DC=domain,DC=com
70+
71+ ```
72+
73+ You can the pass this file as argument using:
74+
75+ ``` bash
76+ docker run -p 9000:9000 --env-file env-ldap lmenezes/cerebro
77+ ```
78+
79+
3080#### Other settings
3181
3282Other settings are exposed through the ** conf/application.conf** file found on the application directory.
0 commit comments