#
# RESALT
#

[auth.forward]
# Only if you use active OAuth2 Proxy where authentication happens before requests reach Resalt
#
# If you enable this, please remember to also change auth.ldap.user.filter and
# auth.ldap.user.attribute if LDAP sync is enabled.
enabled = false

# If you have LDAP authentication enabled
[auth.ldap]
enabled = false
host = "ldap.example.com"
port = "389"
basedn = "dc=example,dc=com"

[auth.ldap.tls]
ldaps = false
starttls = false
skipverify = true

[auth.ldap.bind]
dn = "cn=admin,dc=example,dc=com"
password = "secret"
passwordfile = ""

[auth.ldap.user]
# OpenLDAP: (&(objectClass=inetOrgPerson)(uid=%s))
# Active Directory: (&(objectClass=user)(sAMAccountName=%s))
# AD with username or email: (&(objectClass=user)(|(sAMAccountName=%s)(mail=%s)))
# OAuth2 Proxy: (userPrincipalName=%s)
filter = "(&(objectClass=inetOrgPerson)(uid=%s))"
# OpenLDAP: uid
# Active Directory: sAMAccountName
# OAuth2 Proxy: userPrincipalName
attribute = "uid"

[auth.session]
lifespan = 86400

[database]
username = "resalt"
password = "resalt"
passwordfile = ""
host = "db"
port = "3306"
database = "resalt"

[salt.api]
url = "https://master:8080"
# head /dev/urandom | tr -dc A-Za-z0-9 | head -c512; echo
#token = ""
tokenfile = ""
[salt.api.tls]
skipverify = true

[http]
port = 8000
[http.frontend.proxy]
enabled = false
target = "http://frontend:5555"
[http.frontend.theme]
enabled = true
color = "primary"