-
-
Notifications
You must be signed in to change notification settings - Fork 173
Configuration Variables
The following environment variables are available to tune your configuration (particularly useful with the docker container):
| Variable | Value | Default | Purpose |
|---|---|---|---|
| Required Variables | |||
| APP_KEY | (value from artisan key:generate) |
not defined | This is used to encrypt data used internally. It should only need to be set once for the life of the application |
| APP_URL | http[s]://URL | not defined | The URL used to get to your PLA instance, eg: https://demo.phpldapadmin.org
|
| LDAP_HOST | hostname to your LDAP server | not defined | A resolvable hostname to your LDAP server |
| Other Optional Variables | |||
| APP_TIMEZONE | An applicable timezone | UTC | This is used to timezone used, mostly for, logging. eg: Australia/Melbourne
|
| CACHE_DRIVER | preferred caching driver | file | You can use memcached here, memcached is included in the image |
| LDAP_ALLOW_GUEST | true/false | false | Used to determine if users must login with their own details instead of using LDAP_USERNAME to search the LDAP server[2] |
| LDAP_CACHE | true/false | false | We use internal caching to reduce the impact to your LDAP server, this enables that caching |
| LDAP_CONNECTION | string | ldap |
config/ldap.php can have definitions for multiple LDAP servers, this determines the default ldap server to use[3]
|
| LDAP_BASE_DN | Base DN | undefined | Base DN to your LDAP server, if unset, PLA will try to work it out |
| LDAP_LOGIN_ATTR | LDAP Attribute | uid | Attribute used to login, if you dont want to use a DN[1] |
| LDAP_LOGIN_ATTR_DESC | Description of login attribute | User ID | Shown in the login box, this is a friendly description for the login attribute |
| LDAP_LOGIN_OBJECTCLASS | comma delimited list of objectclasses | posixAccount | Objectclass that must be on the user's DN to login. This is a comma delimited list, but any match is sufficient to login, eg: posixAccount,inetOrgPerson |
| LDAP_NAME | text | LDAP Server | Free form text name for your ldap server |
| LDAP_PORT | int | 389 | TCP port used to query ldap server |
| LDAP_PASSWORD | text | undefined | Password to ldap server[2] |
| LDAP_USERNAME | dn | undefined | Authentication DN to connect to ldap server[2] |
| MEMCACHED_START | TRUE or FALSE | [undefined] (false) | Whether to start memcached when the container starts. You'll need to set this to true, if your CACHE_DRIVER is set to memcached
|
1 | Your LDAP server LDAP_USERNAME and LDAP_PASSWORD will need to be set - to enable searching the LDAP server to return the DN associated with the LDAP_LOGIN_ATTR. Only one result match must be returned with the query.
2 | Your LDAP server LDAP_USERNAME and LDAP_PASSWORD is mostly used to connect to your LDAP server and obtain the schema (it must have the access to read the schema). If you do use LDAP_ALLOW_GUEST=TRUE, then this LDAP_USERNAME will enable you to browse the LDAP tree and return records that this DN has access to. If LDAP_ALLOW_GUEST=FALSE (the default), then a login box will be presented. When LDAP_LOGIN_ATTR is not DN, then LDAP_USERNAME is used to search the directory to obtain the DN for the attribute value used enable logging into the LDAP server.
3 | PLA comes configured to connect to an LDAP server over an unsecure port ldap, a SSL enabled port ldaps, or with starttls (STARTTLS over an unsecure port). The hostname and port to connect to is configured with LDAP_HOSTNAME/LDAP_PORT respectively for the type of connection you want to use. (In PLA v2.0.0 these values were called openldap/openldaps/openldaptls respectively, but will be changed to ldap/ldaps/starttls in v2.0.1+). See config/ldap.php.