92 lines
2.7 KiB
YAML
92 lines
2.7 KiB
YAML
server:
|
|
|
|
# Indicate on which port the Identity Server will listen.
|
|
#
|
|
# This is be default an unencrypted port.
|
|
# HTTPS can be configured using Tomcat configuration properties.
|
|
port: 8090
|
|
|
|
# Realm under which this Identity Server is authoritative.
|
|
#
|
|
# This is used to avoid unnecessary connections and endless recursive lookup.
|
|
# e.g. domain name in e-mails.
|
|
name: 'example.org'
|
|
|
|
|
|
|
|
key:
|
|
|
|
# Where the Identity Server signing key will be stored.
|
|
#
|
|
# /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\
|
|
# /!\ CHANGE THIS TO A MORE PERMANENT LOCATION! /!\
|
|
# /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\
|
|
path: '/var/tmp/mxis-signing.key'
|
|
|
|
|
|
|
|
# This element contains all the configuration item for lookup strategies
|
|
lookup:
|
|
|
|
# Configuration items for recursion-type of lookup
|
|
#
|
|
# Lookup access are divided into two types:
|
|
# - Local
|
|
# - Remote
|
|
#
|
|
# This is similar to DNS lookup and recursion and is therefore prone to the same vulnerabilities.
|
|
# By default, only non-public hosts are allowed to perform recursive lookup.
|
|
# This will also prevent basic endless loops where:
|
|
# host A ask host B, which in turn is configured to ask host B, etc.
|
|
recursive:
|
|
|
|
# Enable recursive lookup globally
|
|
enabled: true
|
|
|
|
# Whitelist of CIDR that will trigger a recursive lookup
|
|
allowedCidr:
|
|
- '127.0.0.0/8'
|
|
- '10.0.0.0/8'
|
|
- '172.16.0.0/16'
|
|
- '192.168.0.0/16'
|
|
|
|
|
|
|
|
ldap:
|
|
host: 'localhost'
|
|
port: 389
|
|
bindDn: 'CN=Matrix Identity Server,CN=Users,DC=example,DC=org'
|
|
bindPassword: 'password'
|
|
baseDn: 'CN=Users,DC=example,DC=org'
|
|
query: '(|(mailPrimaryAddress=%3pid)(mail=%3pid)(otherMailbox=%3pid))'
|
|
|
|
# How should we resolve the Matrix ID in case of a match using the attribute.
|
|
#
|
|
# The following type are supported:
|
|
# - uid : the attribute only contains the UID part of the Matrix ID. e.g. 'john.doe' in @john.doe:example.org
|
|
# - mxid : the attribute contains the full Matrix ID - e.g. '@john.doe:example.org'
|
|
type: 'uid'
|
|
|
|
# The attribute containing the binding itself. This value will be used differently depending on the type.
|
|
#
|
|
# Typical values:
|
|
# - For type 'uid':
|
|
# - Samba/AD: sAMAccountName
|
|
# - LDAP: If someone knows the most appropriate value, please open an issue
|
|
#
|
|
# - For type 'mxid', regardless of the directory type, we recommend using 'pager' as it is a standard attribute but
|
|
# shouldn't be used in infrastructures.
|
|
attribute: 'sAMAccountName'
|
|
|
|
|
|
|
|
forward:
|
|
|
|
# List of forwarders to use to try to match a 3PID.
|
|
#
|
|
# Each server will be tried in the given order, going to the next if no binding was found or an error occurred.
|
|
# There are the current root Identity Servers of the Matrix network.
|
|
servers:
|
|
- "https://matrix.org"
|
|
- "https://vector.im"
|