mirror of
https://github.com/kanidm/kanidm.git
synced 2025-02-23 20:47:01 +01:00
f25bd5bb65
* the log_level config option works in kanidmd now * anon event -> debug * some more debuggy things * removing some dupe events for the same thing
98 lines
3.4 KiB
TOML
98 lines
3.4 KiB
TOML
# The webserver bind address. Will use HTTPS if tls_* is provided.
|
|
# Defaults to "127.0.0.1:8443"
|
|
bindaddress = "[::]:443"
|
|
#
|
|
# The read-only ldap server bind address. The server will use LDAPS if tls_* is provided.
|
|
# Defaults to "" (disabled)
|
|
# ldapbindaddress = "[::]:636"
|
|
#
|
|
# The path to the kanidm database.
|
|
db_path = "/var/lib/kanidm/kanidm.db"
|
|
#
|
|
# If you have a known filesystem, kanidm can tune database operations to match. Valid choices are:
|
|
# [zfs, other]
|
|
# If you are unsure about this leave it as the default (other). After changing this
|
|
# value you must run a vacuum task.
|
|
# - zfs:
|
|
# * sets database pagesize to 64k. You must set recordsize=64k on the zfs filesystem.
|
|
# - other:
|
|
# * sets database pagesize to 4k, matching most filesystems block sizes.
|
|
# db_fs_type = "zfs"
|
|
#
|
|
# The number of entries to store in the in-memory cache. Minimum value is 256. If unset
|
|
# an automatic heuristic is used to scale this.
|
|
# db_arc_size = 2048
|
|
#
|
|
# TLS chain and key in pem format. Both must be present
|
|
tls_chain = "/data/chain.pem"
|
|
tls_key = "/data/key.pem"
|
|
#
|
|
# The log level of the server. May be one of info, debug, trace
|
|
#
|
|
# NOTE: this is overridden by environment variables
|
|
#
|
|
# Defaults to "info"
|
|
# log_level = "info"
|
|
|
|
# The DNS domain name of the server. This is used in a
|
|
# number of security-critical contexts
|
|
# such as webauthn, so it *must* match your DNS
|
|
# hostname. It is used to create
|
|
# security principal names such as `william@idm.example.com`
|
|
# so that in a (future)
|
|
# trust configuration it is possible to have unique Service
|
|
# Principal Names (spns) throughout the topology.
|
|
# ⚠️ WARNING ⚠️
|
|
# Changing this value WILL break many types of registered
|
|
# credentials for accounts
|
|
# including but not limited to webauthn, oauth tokens, and more.
|
|
# If you change this value you *must* run
|
|
# `kanidmd domain_name_change` immediately after.
|
|
domain = "idm.example.com"
|
|
#
|
|
# The origin for webauthn. This is the url to the server, with the port included if
|
|
# it is non-standard (any port except 443)
|
|
# origin = "https://idm.example.com"
|
|
origin = "https://idm.example.com:8443"
|
|
#
|
|
# The role of this server. This affects features available and how replication may interact.
|
|
# Valid roles are:
|
|
# - WriteReplica
|
|
# This server provides all functionality of Kanidm. It allows authentication, writes, and
|
|
# the web user interface to be served.
|
|
# - WriteReplicaNoUI
|
|
# This server is the same as a write_replica, but does NOT offer the web user interface.
|
|
# - ReadOnlyReplica
|
|
# This server will not writes initiated by clients. It supports authentication and reads,
|
|
# and must have a replication agreement as a source of it's data.
|
|
# Defaults to "WriteReplica".
|
|
# role = "WriteReplica"
|
|
#
|
|
# This section if uncommented will enable online - automatic backups of your database.
|
|
# [online_backup]
|
|
#
|
|
# The path to the output folder for online backups
|
|
# Defaults to "" (no path set)
|
|
# path = "/var/lib/kanidm/backups/"
|
|
#
|
|
# The schedule to run online backups. All times are interpreted in UTC.
|
|
# The format of the cron expression is:
|
|
#
|
|
# sec min hour day of month month day of week year
|
|
#
|
|
# - to run a 6:09 pm every day.
|
|
# "0 9 6 * * * * "
|
|
# "0 9 6 * * * *"
|
|
#
|
|
# - to run at midnight daily
|
|
# @daily
|
|
#
|
|
# - to run every hour
|
|
# @hourly
|
|
#
|
|
# Defaults to "@daily"
|
|
# schedule = "@daily"
|
|
# Number of backups to keep (default 7)
|
|
# versions = 7
|
|
|