Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F1841304
config.inc.php.dist
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
4 KB
Referenced Files
None
Subscribers
None
config.inc.php.dist
View Options
<?php
/**
* Kolab 2-Factor-Authentication plugin configuration
*
* Copyright (C) 2015, Kolab Systems AG <contact@kolabsys.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
// available methods/providers. Supported methods are: 'totp','hotp','yubikey'
$config['kolab_2fa_drivers'] = array('totp');
// backend for storing 2-factor-auth related per-user settings
// available backends are: 'roundcube', 'ldap', 'sql'
$config['kolab_2fa_storage'] = 'roundcube';
// additional config options for the above storage backend
// here an example for the LDAP backend:
$config['kolab_2fa_storage_config'] = array(
'debug' => false,
'hosts' => array('localhost'),
'port' => 389,
'bind_dn' => 'uid=kolab-auth-service,ou=Special Users,dc=example,dc=org',
'bind_pass' => 'Welcome2KolabSystems',
'base_dn' => 'ou=Tokens,dc=example,dc=org',
// filter used to list stored factors for a user
'filter' => '(&(objectClass=ipaToken)(objectclass=ldapSubEntry)(ipatokenOwner=%fu))',
'scope' => 'sub',
// translates driver properties to LDAP attributes
'fieldmap' => array(
'label' => 'cn',
'id' => 'ipatokenUniqueID',
'active' => 'ipatokenDisabled',
'created' => 'ipatokenNotBefore',
'userdn' => 'ipatokenOwner',
'secret' => 'ipatokenOTPkey',
// HOTP attributes
'counter' => 'ipatokenHOTPcounter',
'digest' => 'ipatokenOTPalgorithm',
'digits' => 'ipatokenOTPdigits',
),
// LDAP object classes derived from factor IDs (prefix)
// will be translated into the %c placeholder
'classmap' => array(
'totp:' => 'ipatokenTOTP',
'hotp:' => 'ipatokenHOTP',
'*' => 'ipaToken',
),
// translates property values into LDAP attribute values and vice versa
'valuemap' => array(
'active' => array(
false => 'TRUE',
true => 'FALSE',
),
),
// specify non-string data types for properties for implicit conversion
'attrtypes' => array(
'created' => 'datetime',
'counter' => 'integer',
'digits' => 'integer',
),
// apply these default values to factor records if not specified by the drivers
'defaults' => array(
'active' => false,
// these are required for ipatokenHOTP records and should match the kolab_2fa_hotp parameters
'digest' => 'sha1',
'digits' => 6,
),
// use this LDAP attribute to compose DN values for factor entries
'rdn' => 'ipatokenUniqueID',
// assign these object classes to new factor entries
'objectclass' => array(
'top',
'ipaToken',
'%c',
'ldapSubEntry',
),
// add these roles to the user's LDAP record if key prefix-matches a factor entry
'user_roles' => array(
'totp:' => 'cn=totp-user,dc=example,dc=org',
'hotp:' => 'cn=hotp-user,dc=example,dc=org',
),
);
// force a lookup for active authentication factors for this user.
// to be set by another plugin (e.g. kolab_auth based on LDAP roles)
// $config['kolab_2fa_check'] = true;
// timeout for 2nd factor auth submission (in seconds)
$config['kolab_2fa_timeout'] = 120;
// configuration parameters for TOTP (uncomment to adjust)
$config['kolab_2fa_totp'] = array(
// 'digits' => 6,
// 'interval' => 30,
// 'digest' => 'sha1',
// 'issuer' => 'Roundcube',
);
// configuration parameters for HOTP (uncomment to adjust)
$config['kolab_2fa_hotp'] = array(
// 'digits' => 6,
// 'window' => 4,
// 'digest' => 'sha1',
);
// configuration parameters for Yubikey (uncomment to adjust)
$config['kolab_2fa_yubikey'] = array(
'clientid' => '123456',
'apikey' => '<your-server-api-key>',
// 'hosts' => array('api.myhost1.com','api2.myhost.com'),
'use_https' => true, // connect via https if set to true
);
File Metadata
Details
Attached
Mime Type
text/x-php
Expires
Mon, Aug 25, 2:44 PM (18 h, 47 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
203606
Default Alt Text
config.inc.php.dist (4 KB)
Attached To
Mode
R14 roundcubemail-plugins-kolab
Attached
Detach File
Event Timeline
Log In to Comment