92 lines
		
	
	
		
			2.7 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			92 lines
		
	
	
		
			2.7 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| server:
 | |
| 
 | |
|   # Indicate on which port the Identity Server will listen.
 | |
|   #
 | |
|   # This is be default an unencrypted port.
 | |
|   # HTTPS can be configured using Tomcat configuration properties.
 | |
|   port: 8090
 | |
| 
 | |
|   # Realm under which this Identity Server is authoritative.
 | |
|   #
 | |
|   # This is used to avoid unnecessary connections and endless recursive lookup.
 | |
|   # e.g. domain name in e-mails.
 | |
|   name: 'example.org'
 | |
| 
 | |
| 
 | |
| 
 | |
| key:
 | |
| 
 | |
|   # Where the Identity Server signing key will be stored.
 | |
|   #
 | |
|   # /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\
 | |
|   # /!\  CHANGE THIS TO A MORE PERMANENT LOCATION!  /!\
 | |
|   # /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\
 | |
|   path: '/var/tmp/mxis-signing.key'
 | |
| 
 | |
| 
 | |
| 
 | |
| # This element contains all the configuration item for lookup strategies
 | |
| lookup:
 | |
| 
 | |
|   # Configuration items for recursion-type of lookup
 | |
|   #
 | |
|   # Lookup access are divided into two types:
 | |
|   # - Local
 | |
|   # - Remote
 | |
|   #
 | |
|   # This is similar to DNS lookup and recursion and is therefore prone to the same vulnerabilities.
 | |
|   # By default, only non-public hosts are allowed to perform recursive lookup.
 | |
|   # This will also prevent basic endless loops where:
 | |
|   # host A ask host B, which in turn is configured to ask host B, etc.
 | |
|   recursive:
 | |
| 
 | |
|     # Enable recursive lookup globally
 | |
|     enabled: true
 | |
| 
 | |
|     # Whitelist of CIDR that will trigger a recursive lookup
 | |
|     allowedCidr:
 | |
|       - '127.0.0.0/8'
 | |
|       - '10.0.0.0/8'
 | |
|       - '172.16.0.0/12'
 | |
|       - '192.168.0.0/16'
 | |
| 
 | |
| 
 | |
| 
 | |
| ldap:
 | |
|   host: 'localhost'
 | |
|   port: 389
 | |
|   bindDn: 'CN=Matrix Identity Server,CN=Users,DC=example,DC=org'
 | |
|   bindPassword: 'password'
 | |
|   baseDn: 'CN=Users,DC=example,DC=org'
 | |
|   query: '(|(mailPrimaryAddress=%3pid)(mail=%3pid)(otherMailbox=%3pid))'
 | |
| 
 | |
|   # How should we resolve the Matrix ID in case of a match using the attribute.
 | |
|   #
 | |
|   # The following type are supported:
 | |
|   # - uid : the attribute only contains the UID part of the Matrix ID. e.g. 'john.doe' in @john.doe:example.org
 | |
|   # - mxid : the attribute contains the full Matrix ID - e.g. '@john.doe:example.org'
 | |
|   type: 'uid'
 | |
| 
 | |
|   # The attribute containing the binding itself. This value will be used differently depending on the type.
 | |
|   #
 | |
|   # Typical values:
 | |
|   # - For type 'uid':
 | |
|   #   - Samba/AD: sAMAccountName
 | |
|   #   - LDAP: If someone knows the most appropriate value, please open an issue
 | |
|   #
 | |
|   # - For type 'mxid', regardless of the directory type, we recommend using 'pager' as it is a standard attribute but
 | |
|   #   shouldn't be used in infrastructures.
 | |
|   attribute: 'sAMAccountName'
 | |
| 
 | |
| 
 | |
| 
 | |
| forward:
 | |
| 
 | |
|   # List of forwarders to use to try to match a 3PID.
 | |
|   #
 | |
|   # Each server will be tried in the given order, going to the next if no binding was found or an error occurred.
 | |
|   # There are the current root Identity Servers of the Matrix network.
 | |
|   servers:
 | |
|     - "https://matrix.org"
 | |
|     - "https://vector.im"
 |