aboutsummaryrefslogtreecommitdiff
path: root/modules/hydra/hydra.conf
diff options
context:
space:
mode:
Diffstat (limited to 'modules/hydra/hydra.conf')
-rw-r--r--modules/hydra/hydra.conf47
1 files changed, 47 insertions, 0 deletions
diff --git a/modules/hydra/hydra.conf b/modules/hydra/hydra.conf
new file mode 100644
index 0000000..27a1046
--- /dev/null
+++ b/modules/hydra/hydra.conf
@@ -0,0 +1,47 @@
+<ldap>
+ <config>
+ <credential>
+ class = Password
+ password_field = password
+ password_type = self_check
+ </credential>
+ <store>
+ class = LDAP
+ ldap_server = 10.10.0.1
+ <ldap_server_options>
+ timeout = 30
+ debug = 2
+ </ldap_server_options>
+ binddn = "cn=hydra,ou=users,dc=hydra,dc=vapor,dc=systems"
+ include ldap-password.conf
+ start_tls = 0
+ <start_tls_options>
+ verify = none
+ </start_tls_options>
+ user_basedn = "ou=users,dc=hydra,dc=vapor,dc=systems"
+ user_filter = "(&(objectClass=inetOrgPerson)(cn=%s))"
+ user_scope = one
+ user_field = cn
+ <user_search_options>
+ deref = always
+ </user_search_options>
+ # Important for role mappings to work:
+ use_roles = 1
+ role_basedn = "ou=groups,dc=hydra,dc=vapor,dc=systems"
+ role_filter = "(&(objectClass=groupOfNames)(member=%s))"
+ role_scope = one
+ role_field = cn
+ role_value = dn
+ <role_search_options>
+ deref = always
+ </role_search_options>
+ </store>
+ </config>
+ <role_mapping>
+ # Make all users in the hydra_admin group Hydra admins
+ admin = admin
+ # Allow all users in the dev group to restart jobs and cancel builds
+ dev = restart-jobs
+ dev = cancel-build
+ </role_mapping>
+</ldap>
generated by cgit v1.2.3 (git 2.46.0) at 2026-02-15 03:37:37 +0000