Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
84 lines (71 sloc) 3.14 KB
http.host: 0.0.0.0
http.type: ssl_netty4
#transport.type: local
readonlyrest:
ssl:
enable: true
keystore_file: "keystore.jks"
keystore_pass: readonlyrest
key_pass: readonlyrest
enable: true
# HTTP response body in case of forbidden request.
# If this is null or omitted, the name of the first violated access control rule is returned (useful for debugging!)
response_if_req_forbidden: <h1>Forbidden</h1>
# Default policy is to forbid everything, so let's define a whitelist
access_control_rules:
# ES containter initializer need this rule to configure ES instance after startup
- name: "CONTAINER ADMIN"
type: allow
auth_key: admin:container
- name: "::Tweets::"
type: allow
methods: GET
ldap_authentication:
name: "ldap1"
ldap_authorization:
name: "ldap1"
groups: ["group1"]
indices: ["twitter"]
- name: "::Facebook posts::"
type: allow
methods: GET
ldap_authentication:
name: "ldap2"
ldap_authorization:
name: "ldap2"
groups: ["group3"]
indices: ["facebook"]
######### LDAP1 SERVER CONFIGURATION ########################
# group1: cartman, bong
# group2: morgan
# group3: morgan, cartman, bong
#############################################################
ldaps:
- name: ldap1
host: "{LDAP1}"
port: 389 # default 389
ssl_enabled: false # default true
ssl_trust_all_certs: true # default false
bind_dn: "cn=admin,dc=example,dc=com" # skip for anonymous bind
bind_password: "password" # skip for anonymous bind
search_user_base_DN: "ou=People,dc=example,dc=com"
search_groups_base_DN: "ou=Groups,dc=example,dc=com"
user_id_attribute: "uid" # default "uid"
unique_member_attribute: "uniqueMember" # default "uniqueMember"
connection_pool_size: 10 # default 30
connection_timeout_in_sec: 10 # default 1
request_timeout_in_sec: 10 # default 1
cache_ttl_in_sec: 60 # default 0 - cache disabled
- name: ldap2
host: "{LDAP2}"
port: 389 # default 389
ssl_enabled: false # default true
ssl_trust_all_certs: true # default false
bind_dn: "cn=admin,dc=example,dc=com" # skip for anonymous bind
bind_password: "password" # skip for anonymous bind
search_user_base_DN: "ou=People,dc=example,dc=com"
search_groups_base_DN: "ou=Groups,dc=example,dc=com"
connection_pool_size: 10 # default 30
connection_timeout_in_sec: 10 # default 1
request_timeout_in_sec: 10 # default 1
cache_ttl_in_sec: 60 # default 0 - cache disabled
You can’t perform that action at this time.