Configuration¶
AuthTool uses the standard CherryPy configuration mechanism. In keeping with the standard, there are two configuration files included: server.cfg and app.cfg.
Application Configuration¶
The application config consists of a few sections, each pertaining to a plugin or area of functionality within the application.
Branding¶
[branding]
appname: "Password & Key Utility"
domain: "example.com"
appname
The human readable name for the application. This overrides “AuthTool” as the name displayed in the web UI.
domain
When provided, adds functionality for input-group addons in the login forms. Also sets the default email domain so users aren’t required to enter full email addresses for password resets or username reminders.
LDAP¶
[ldap]
uri: "ldaps://ldap.example.com/"
tls: True
no_verify: False
bind_dn: "cn=admin"
bind_pw: "admin"
base_dn: "ou=people,dc=example,dc=com"
uri
A valid LDAP url for the server.
tls
Negotiate TLS with the server.
no_verify
Don’t perform certificate validation on TLS connections.
Sets OPT_X_TLS_REQUIRE_CERT
and OPT_X_TLS_NEVER
on the ldap library.
bind_dn
The administrative dn to bind as. This dn should have permissions to write password attributes.
bind_pw
The password for the above dn.
base_dn
The dn where users will be found.
All searches are performed with a scope of ONE_LEVEL
, so be sure to set this accurately.
E-Mail¶
[email]
html_template: "email.html"
txt_template: "email.txt"
Note
The templates will be passed the user object as its input.
The cn
, reset_url
, uid
, and login_url
attributes will be relvant to the templates.
html_template
A jinja templated html email template to be used in multi-part messaging for password resets and username reminders.
txt_template
A jinja templated plaintext email template to be used in multi-part messaging for password resets and username reminders.
SMTP¶
[smtp]
server: "localhost.com"
port: 25
user: "user"
password: "password"
from: "noreply@example.com"
server
The SMTP server to use to send email.
port
The port to connect to to send mail.
user
The optional user to authenticate as with the smtp server. If omitted, authentication is not used.
password
The password for the optional user. If user is supplied, this is required.
from
The “from” address to send mail from.
Token¶
[token]
secret: "s3kuR1ty"
expiry: 86400
secret
The secret to use to hash password reset tokens.
Warning
Changing this invalidates all previously generated tokens.
expiry
The time, in seconds, to allow a token to exist. Default is 86400 (24 hours).