X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;ds=sidebyside;f=docs%2Fdocs%2Fconfiguration%2Fcheatsheet.md;h=83d943c51d07fe95a04916a7a089109b4c681e1d;hb=8bca9a7dbe3cbf603882953dc54fd9639ee248ce;hp=7b0934fcf65afe25f42213f9234303b9c63cb61c;hpb=c4e9c4bc95c5012a6d33fa4a69d613c672fd130d;p=akkoma diff --git a/docs/docs/configuration/cheatsheet.md b/docs/docs/configuration/cheatsheet.md index 7b0934fcf..83d943c51 100644 --- a/docs/docs/configuration/cheatsheet.md +++ b/docs/docs/configuration/cheatsheet.md @@ -34,7 +34,7 @@ To add configuration to your config file, you can copy it from the base config. * `federation_reachability_timeout_days`: Timeout (in days) of each external federation target being unreachable prior to pausing federating to it. * `allow_relay`: Permits remote instances to subscribe to all public posts of your instance. This may increase the visibility of your instance. * `public`: Makes the client API in authenticated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network. Note that there is a dependent setting restricting or allowing unauthenticated access to specific resources, see `restrict_unauthenticated` for more details. -* `quarantined_instances`: ActivityPub instances where private (DMs, followers-only) activities will not be send. +* `quarantined_instances`: *DEPRECATED* ActivityPub instances where activities will not be sent. They can still reach there via other means, we just won't send them. * `allowed_post_formats`: MIME-type list of formats allowed to be posted (transformed into HTML). * `extended_nickname_format`: Set to `true` to use extended local nicknames format (allows underscores/dashes). This will break federation with older software for theses nicknames. @@ -131,7 +131,7 @@ To add configuration to your config file, you can copy it from the base config. * `media_removal`: List of instances to strip media attachments from and the reason for doing so. * `media_nsfw`: List of instances to tag all media as NSFW (sensitive) from and the reason for doing so. * `federated_timeline_removal`: List of instances to remove from the Federated Timeline (aka The Whole Known Network) and the reason for doing so. -* `reject`: List of instances to reject activities (except deletes) from and the reason for doing so. +* `reject`: List of instances to reject activities (except deletes) from and the reason for doing so. Additionally prevents activities from being sent to that instance. * `accept`: List of instances to only accept activities (except deletes) from and the reason for doing so. * `followers_only`: Force posts from the given instances to be visible by followers only and the reason for doing so. * `report_removal`: List of instances to reject reports from and the reason for doing so. @@ -891,6 +891,28 @@ Authentication / authorization settings. ### Pleroma.Web.Auth.Authenticator * `Pleroma.Web.Auth.PleromaAuthenticator`: default database authenticator. +* `Pleroma.Web.Auth.LDAPAuthenticator`: LDAP authentication. + +### :ldap + +Use LDAP for user authentication. When a user logs in to the Akkoma +instance, the name and password will be verified by trying to authenticate +(bind) to an LDAP server. If a user exists in the LDAP directory but there +is no account with the same name yet on the Akkoma instance then a new +Akkoma account will be created with the same name as the LDAP user name. + +* `enabled`: enables LDAP authentication +* `host`: LDAP server hostname +* `port`: LDAP port, e.g. 389 or 636 +* `ssl`: true to use SSL, usually implies the port 636 +* `sslopts`: additional SSL options +* `tls`: true to start TLS, usually implies the port 389 +* `tlsopts`: additional TLS options +* `base`: LDAP base, e.g. "dc=example,dc=com" +* `uid`: LDAP attribute name to authenticate the user, e.g. when "cn", the filter will be "cn=username,base" + +Note, if your LDAP server is an Active Directory server the correct value is commonly `uid: "cn"`, but if you use an +OpenLDAP server the value may be `uid: "uid"`. ### :oauth2 (Akkoma as OAuth 2.0 provider settings)