一:下载cas的源码 gradle编译
git clone https://github.com/apereo/cas.git
未认证授权的服务 不允许使用CAS来认证您访问的目标应用。
下载 openldap
wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.45.tgz
下载 berkeley-db
wget http://download.oracle.com/berkeley-db/db-4.8.30.tar.gz
tar zxvf db-4.8.30.tar.gz
cd db-4.8.30/build_unix/
../dist/configure --prefix=/usr/local/berkeleydb --enable-cxx
make&make install
echo '/usr/local/berkeleydb/lib/' >> /etc/ld.so.conf
ldconfig
cd /root/openldap-2.4.45
export CPPFLAGS="-I/usr/local/berkeleydb/include"
export BERKELEYDB_HOME="/usr/local/berkeleydb"
export CPPFLAGS="-I$BERKELEYDB_HOME/include"
export LDFLAGS="-L$BERKELEYDB_HOME/lib"
export LD_LIBRARY_PATH="$BERKELEYDB_HOME/lib"
export LDAP_HOME="/usr/local/openldap-2.4.45"
export PATH="$PATH:$BERKELEYDB_HOME/bin:$LDAP_HOME/bin:$LDAP_HOME/sbin:$LDAP_HOME/libexec"
./configure -prefix=/usr/local/openldap-2.4.45
make depend
make&make install
keytool -genkey -alias ssodemo -keyalg RSA -keysize 1024 -keypass michaelpwd -validity 365 -keystore /root/ssodemo.keystore -storepass michaelpwd
keytool -export -alias ssodemo -keystore g:\sso\ssodemo.keystore -file g:\sso\ssodemo.crt -storepass michaelpwd
keytool -export -alias ssodemo -keystore /root/ssodemo.keystore -file /root/ssodemo.crt -storepass michaelpwd
keytool -printcert -file /root/ssodemo.crt
keytool -import -keystore /usr/local/java/jre/lib/security/cacerts -file /root/ssodemo.crt -alias ssodemo
mv cas-server-webapp-4.2.8-SNAPSHOT cas
mv cas-server-support-ldap-4.2.8-SNAPSHOT.jar webapps/cas/WEB-INF/lib/
wget http://central.maven.org/maven2/org/springframework/ldap/spring-ldap-core/2.0.2.RELEASE/spring-ldap-core-2.0.2.RELEASE.jar
wget http://central.maven.org/maven2/org/ldaptive/ldaptive/1.0.5/ldaptive-1.0.5.jar
[root@op01 openldap]# cat slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/openldap-2.4.45/etc/openldap/schema/core.schema
include /usr/local/openldap-2.4.45/etc/openldap/schema/collective.schema
include /usr/local/openldap-2.4.45/etc/openldap/schema/corba.schema
include /usr/local/openldap-2.4.45/etc/openldap/schema/cosine.schema
include /usr/local/openldap-2.4.45/etc/openldap/schema/duaconf.schema
include /usr/local/openldap-2.4.45/etc/openldap/schema/dyngroup.schema
include /usr/local/openldap-2.4.45/etc/openldap/schema/inetorgperson.schema
include /usr/local/openldap-2.4.45/etc/openldap/schema/java.schema
include /usr/local/openldap-2.4.45/etc/openldap/schema/misc.schema
include /usr/local/openldap-2.4.45/etc/openldap/schema/nis.schema
include /usr/local/openldap-2.4.45/etc/openldap/schema/openldap.schema
include /usr/local/openldap-2.4.45/etc/openldap/schema/pmi.schema
include /usr/local/openldap-2.4.45/etc/openldap/schema/ppolicy.schema
# Define global ACLs to disable default read access.
#
#新增日志级别和路径
loglevel 256
logfile /usr/local/openldap-2.4.45/var/slapd.log
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/openldap-2.4.45/var/run/slapd.pid
argsfile /usr/local/openldap-2.4.45/var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/openldap-2.4.45/libexec/openldap
# moduleload back_mdb.la
# moduleload back_ldap.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# MDB database definitions
#######################################################################
database bdb
#maxsize 1073741824
suffix "dc=zjl,dc=com"
rootdn "cn=root,dc=zjl,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw 123456
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/openldap-2.4.45/var/openldap-data
# Indices to maintain
index objectClass eq
cat /opt/tomcat/webapps/cas/WEB-INF/classes/services/HTTPSandIMAPS-10000001.json
"serviceId" : "^(https|imaps|http)://.*", ##需要修改的地方
[root@op01 WEB-INF]# more deployerConfigContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<util:map id="authenticationHandlersResolvers">
<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver"/>
<!-- <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver"/> -->
<entry key-ref="ldapAuthHandler" value-ref="proxyPrincipalResolver"/>
</util:map>
<util:list id="authenticationMetadataPopulators">
<ref bean="successfulHandlerMetaDataPopulator"/>
<ref bean="rememberMeAuthenticationMetaDataPopulator"/>
<!--
<bean class="org.jasig.cas.extension.clearpass.CacheCredentialsMetaDataPopulator"
c:credentialCache-ref="encryptedMap" />
-->
</util:list>
<bean id="attributeRepository" class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao"
p:backingMap-ref="attrRepoBackingMap"/>
<alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler"/>
<alias name="personDirectoryPrincipalResolver" alias="primaryPrincipalResolver"/>
<util:map id="attrRepoBackingMap">
<entry key="uid" value="uid"/>
<entry key="eduPersonAffiliation" value="eduPersonAffiliation"/>
<entry key="groupMembership" value="groupMembership"/>
<entry>
<key>
<value>memberOf</value>
</key>
<list>
<value>faculty</value>
<value>staff</value>
<value>org</value>
</list>
</entry>
</util:map>
<alias name="serviceThemeResolver" alias="themeResolver"/>
<alias name="jsonServiceRegistryDao" alias="serviceRegistryDao"/>
<alias name="defaultTicketRegistry" alias="ticketRegistry"/>
<alias name="ticketGrantingTicketExpirationPolicy" alias="grantingTicketExpirationPolicy"/>
<alias name="multiTimeUseOrTimeoutExpirationPolicy" alias="serviceTicketExpirationPolicy"/>
<alias name="anyAuthenticationPolicy" alias="authenticationPolicy"/>
<alias name="acceptAnyAuthenticationPolicyFactory" alias="authenticationPolicyFactory"/>
<bean id="auditTrailManager"
class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager"
p:entrySeparator="${cas.audit.singleline.separator:|}"
p:useSingleLine="${cas.audit.singleline:false}"/>
<bean id="authenticator" class="org.ldaptive.auth.Authenticator"
c:resolver-ref="dnResolver"
c:handler-ref="authHandler" />
<bean id="ldapAuthHandler"
class="org.jasig.cas.authentication.LdapAuthenticationHandler"
p:principalIdAttribute="uid"
c:authenticator-ref="authenticator">
<property name="principalAttributeMap">
<map>
<!--
| This map provides a simple attribute resolution mechanism.
| Keys are LDAP attribute names, values are CAS attribute names.
| Use this facility instead of a PrincipalResolver if LDAP is
| the only attribute source.
-->
<entry key="member" value="member" />
<entry key="mail" value="mail" />
<entry key="uid" value="uid" />
</map>
</property>
</bean>
<!--
| The following DN format works for many directories, but may need to be
| customized.
-->
<bean id="dnResolver"
class="org.ldaptive.auth.FormatDnResolver"
c:format="uid=%s,ou=people,dc=zjl,dc=com" /> <!--根据自己的LDAP内容来配置-->
<bean id="authHandler" class="org.ldaptive.auth.PooledBindAuthenticationHandler"
p:connectionFactory-ref="pooledLdapConnectionFactory" />
<bean id="pooledLdapConnectionFactory"
class="org.ldaptive.pool.PooledConnectionFactory"
p:connectionPool-ref="connectionPool" />
<bean id="connectionPool"
class="org.ldaptive.pool.BlockingConnectionPool"
init-method="initialize"
p:poolConfig-ref="ldapPoolConfig"
p:blockWaitTime="3000"
p:validator-ref="searchValidator"
p:pruneStrategy-ref="pruneStrategy"
p:connectionFactory-ref="connectionFactory" />
<bean id="ldapPoolConfig" class="org.ldaptive.pool.PoolConfig"
p:minPoolSize="3"
p:maxPoolSize="10"
p:validateOnCheckOut="false"
p:validatePeriodically="true"
p:validatePeriod="300" />
<bean id="connectionFactory" class="org.ldaptive.DefaultConnectionFactory"
p:connectionConfig-ref="connectionConfig" />
<bean id="connectionConfig" class="org.ldaptive.ConnectionConfig"
p:ldapUrl="ldap://127.0.0.1:389"
p:connectTimeout="3000"
p:useStartTLS="false"
p:sslConfig-ref="sslConfig" /><!--上面内容根据自己的LDAP内容来配置-->
<bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
<property name="credentialConfig">
<bean class="org.ldaptive.ssl.X509CredentialConfig"
p:trustCertificates="/root/ssodemo.keystore" /> <!--证书地址-->
</property>
</bean>
<bean id="pruneStrategy" class="org.ldaptive.pool.IdlePruneStrategy"
p:prunePeriod="300"
p:idleTime="600" />
<bean id="searchValidator" class="org.ldaptive.pool.SearchValidator" />
<alias name="neverThrottle" alias="authenticationThrottle"/>
<util:list id="monitorsList">
<ref bean="memoryMonitor"/>
<ref bean="sessionMonitor"/>
</util:list>
<alias name="defaultPrincipalFactory" alias="principalFactory"/>
<alias name="defaultAuthenticationTransactionManager" alias="authenticationTransactionManager"/>
<alias name="defaultPrincipalElectionStrategy" alias="principalElectionStrategy"/>
<alias name="tgcCipherExecutor" alias="defaultCookieCipherExecutor"/>
</beans>
[root@bigdata-db01-pre config]# cat /var/opt/gitlab/gitlab-rails/etc/gitlab.yml
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
production: &base
#
# 1. GitLab app settings
# ==========================
## GitLab settings
gitlab:
## Web server settings (note: host is the FQDN, do not include http://)
host: 139.224.235.103
port: 80
https: false
# Uncommment this line below if your ssh host is different from HTTP/HTTPS one
# (you'd obviously need to replace ssh.host_example.com with your own host).
# Otherwise, ssh host will be set to the `host:` value above
ssh_host:
# WARNING: See config/application.rb under "Relative url support" for the list of
# other files that need to be changed for relative url support
relative_url_root:
# Trusted Proxies
# Customize if you have GitLab behind a reverse proxy which is running on a different machine.
# Add the IP address for your reverse proxy to the list, otherwise users will appear signed in from that address.
trusted_proxies:
# Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
user: git
## Date & Time settings
time_zone:
## Email settings
# Uncomment and set to false if you need to disable email sending from GitLab (default: true)
email_enabled:
# Email address used in the "From" field in mails sent by GitLab
email_from: gitlab@bigdata-db01-pre
email_display_name:
email_reply_to:
email_subject_suffix:
# Email server smtp settings are in [a separate file](initializers/smtp_settings.rb.sample).
## User settings
default_can_create_group: # default: true
username_changing_enabled: # default: true - User can change her username/namespace
## Default theme
## 1 - Graphite
## 2 - Charcoal
## 3 - Green
## 4 - Gray
## 5 - Violet
## 6 - Blue
default_theme: # default: 2
## Automatic issue closing
# If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
# This happens when the commit is pushed or merged into the default branch of a project.
# When not specified the default issue_closing_pattern as specified below will be used.
# Tip: you can test your closing pattern at http://rubular.com
issue_closing_pattern:
## Default project features settings
default_projects_features:
issues:
merge_requests:
wiki:
snippets:
builds:
container_registry:
## Webhook settings
# Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
webhook_timeout:
## Repository downloads directory
# When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory.
# The default is 'tmp/repositories' relative to the root of the Rails app.
repository_downloads_path:
usage_ping_enabled:
## Reply by email
# Allow users to comment on issues and merge requests by replying to notification emails.
# For documentation on how to set this up, see https://docs.gitlab.com/ce/administration/reply_by_email.html
incoming_email:
enabled: false
# The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
# The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`).
address:
# Email account username
# With third party providers, this is usually the full email address.
# With self-hosted email servers, this is usually the user part of the email address.
user:
# Email account password
password:
# IMAP server host
host:
# IMAP server port
port:
# Whether the IMAP server uses SSL
ssl:
# Whether the IMAP server uses StartTLS
start_tls:
# The mailbox where incoming mail will end up. Usually "inbox".
mailbox: 'inbox'
# The IDLE command timeout.
idle_timeout:
## Build Artifacts
artifacts:
enabled: true
# The location where Build Artifacts are stored (default: shared/artifacts).
path: /var/opt/gitlab/gitlab-rails/shared/artifacts
object_store:
enabled: false
remote_directory: 'artifacts'
connection: {}
## Git LFS
lfs:
enabled:
# The location where LFS objects are stored (default: shared/lfs-objects).
storage_path: /var/opt/gitlab/gitlab-rails/shared/lfs-objects
## Container Registry
registry:
enabled: false
host:
port:
api_url: # internal address to the registry, will be used by GitLab to directly communicate with API
path:
key: /var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key
issuer: omnibus-gitlab-issuer
mattermost:
enabled: false
host:
## GitLab Pages
pages:
enabled: false
path: /var/opt/gitlab/gitlab-rails/shared/pages
host:
port:
https: false
external_http: nil
external_https: nil
## Gravatar
## For Libravatar see: https://docs.gitlab.com/ce/customization/libravatar.html
gravatar:
# gravatar urls: possible placeholders: %{hash} %{size} %{email}
plain_url: # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
ssl_url: # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
## Auxiliary jobs
# Periodically executed jobs, to self-heal GitLab, do external synchronizations, etc.
# Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
cron_jobs:
# Flag stuck CI builds as failed
stuck_ci_jobs_worker:
cron:
# Remove expired build artifacts
expire_build_artifacts_worker:
cron:
# Schedule pipelines in the near future
pipeline_schedule_worker:
cron:
# Periodically run 'git fsck' on all repositories. If started more than
# once per hour you will have concurrent 'git fsck' jobs.
repository_check_worker:
cron:
# Send admin emails once a week
admin_email_worker:
cron:
# Remove outdated repository archives
repository_archive_cache_worker:
cron:
##
# GitLab EE only jobs:
# Snapshot active users statistics
# In addition to refreshing users when they log in,
# periodically refresh LDAP users membership.
# NOTE: This will only take effect if LDAP is enabled
# GitLab LDAP group sync worker
# NOTE: This will only take effect if LDAP is enabled
# Gitlab Geo nodes notification worker
# NOTE: This will only take effect if Geo is enabled
# GitLab Geo repository sync worker
# NOTE: This will only take effect if Geo is enabled
# GitLab Geo file download dispatch worker
# NOTE: This will only take effect if Geo is enabled
#
# 2. GitLab CI settings
# ==========================
gitlab_ci:
# Default project notifications settings:
#
# Send emails only on broken builds (default: true)
all_broken_builds:
#
# Add pusher to recipients list (default: false)
add_pusher:
# The location where build traces are stored (default: builds/). Relative paths are relative to Rails.root
builds_path: /var/opt/gitlab/gitlab-ci/builds
#
# 3. Auth settings
# ==========================
## LDAP settings
# You can inspect a sample of the LDAP users with login access by running:
# bundle exec rake gitlab:ldap:check RAILS_ENV=production
ldap:
enabled: false
sync_time:
host:
port:
uid:
method: # "tls" or "ssl" or "plain"
bind_dn:
password:
active_directory:
allow_username_or_email_login:
base:
user_filter:
## EE only
group_base:
admin_group:
sync_ssh_keys:
sync_time:
## Kerberos settings
kerberos:
# Allow the HTTP Negotiate authentication method for Git clients
enabled:
# Kerberos 5 keytab file. The keytab file must be readable by the GitLab user,
# and should be different from other keytabs in the system.
# (default: use default keytab from Krb5 config)
keytab:
# The Kerberos service name to be used by GitLab.
# (default: accept any service name in keytab file)
service_principal_name:
# Dedicated port: Git before 2.4 does not fall back to Basic authentication if Negotiate fails.
# To support both Basic and Negotiate methods with older versions of Git, configure
# nginx to proxy GitLab on an extra port (e.g. 8443) and uncomment the following lines
# to dedicate this port to Kerberos authentication. (default: false)
use_dedicated_port:
port:
https:
## OmniAuth settings
omniauth:
# Allow login via Twitter, Google, etc. using OmniAuth providers
enabled: true
# Uncomment this to automatically sign in with a specific omniauth provider's without
# showing GitLab's sign-in page (default: show the GitLab sign-in page)
auto_sign_in_with_provider: cas3
# Sync user's email address from the specified Omniauth provider every time the user logs
# in (default: nil). And consequently make this field read-only.
# CAUTION!
# This allows users to login without having a user account first. Define the allowed
# providers using an array, e.g. ["saml", "twitter"]
# User accounts will be created automatically when authentication was successful.
allow_single_sign_on: ["saml","cas3"]
# Locks down those users until they have been cleared by the admin (default: true).
block_auto_created_users:
# Look up new users in LDAP servers. If a match is found (same uid), automatically
# link the omniauth identity with the LDAP account. (default: false)
auto_link_ldap_user:
# Allow users with existing accounts to login and auto link their account via SAML
# login, without having to do a manual login first and manually add SAML
# (default: false)
auto_link_saml_user: null
# Set different Omniauth providers as external so that all users creating accounts
# via these providers will not be able to have access to internal projects. You
# will need to use the full name of the provider, like `google_oauth2` for Google.
# Refer to the examples below for the full names of the supported providers.
# (default: [])
external_providers: null
## Auth providers
# Uncomment the following lines and fill in the data of the auth provider you want to use
# If your favorite auth provider is not listed you can use others:
# see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations
# The 'app_id' and 'app_secret' parameters are always passed as the first two
# arguments, followed by optional 'args' which can be either a hash or an array.
# Documentation for this is available at https://docs.gitlab.com/ce/integration/omniauth.html
providers:
# - { name: 'google_oauth2', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET',
# args: { access_type: 'offline', approval_prompt: '' } }
# - { name: 'twitter', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET'}
# - { name: 'github', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET',
# args: { scope: 'user:email' } }
#
- { name: 'cas3',
label: 'cas3',
args: {
url: 'http://sso.zjl.com:8080',
disable_ssl_verification: true,
login_url: '/cas/login',
service_validate_url: '/cas/p3/serviceValidate',
logout_url: '/cas/logout'} }
# Shared file storage settings
shared:
path: /var/opt/gitlab/gitlab-rails/shared
# Gitaly settings
# This setting controls whether GitLab uses Gitaly
# Eventually Gitaly use will become mandatory and
# this option will disappear.
gitaly:
enabled: true
#
# 4. Advanced settings
# ==========================
## Repositories settings
repositories:
# Paths where repositories can be stored. Give the canonicalized absolute pathname.
# NOTE: REPOS PATHS MUST NOT CONTAIN ANY SYMLINK!!!
storages: {"default":{"path":"/var/opt/gitlab/git-data/repositories","gitaly_address":"unix:/var/opt/gitlab/gitaly/gitaly.socket"}}
## Backup settings
backup:
path: "/var/opt/gitlab/backups" # Relative paths are relative to Rails.root (default: tmp/backups/)
archive_permissions: # Permissions for the resulting backup.tar file (default: 0600)
keep_time: # default: 0 (forever) (in seconds)
pg_schema: # default: nil, it means that all schemas will be backed up
upload:
# Fog storage connection settings, see http://fog.io/storage/ .
connection:
# The remote 'directory' to store your backups. For S3, this would be the bucket name.
remote_directory:
multipart_chunk_size:
encryption:
storage_class:
## GitLab Shell settings
gitlab_shell:
path: /opt/gitlab/embedded/service/gitlab-shell/
hooks_path: /opt/gitlab/embedded/service/gitlab-shell/hooks/
# Git over HTTP
upload_pack:
receive_pack:
# If you use non-standard ssh port you need to specify it
ssh_port:
# Git import/fetch timeout
git_timeout: 800
## Git settings
# CAUTION!
# Use the default values unless you really know what you are doing
git:
bin_path: /opt/gitlab/embedded/bin/git
# The next value is the maximum memory size grit can use
# Given in number of bytes per git object (e.g. a commit)
# This value can be increased if you have very large commits
max_size:
# Git timeout to read a commit, in seconds
timeout:
## GitLab Geo settings (EE-only)
geo_primary_role:
enabled: false
geo_secondary_role:
enabled: false
#
# 5. Extra customization
# ==========================
extra:
rack_attack:
git_basic_auth:
development:
<<: *base
test:
<<: *base
gravatar:
enabled: true
gitlab:
host: localhost
port: 80
# When you run tests we clone and setup gitlab-shell
# In order to setup it correctly you need to specify
# your system username you use to run GitLab
# user: YOUR_USERNAME
repositories:
storages:
default: { "path": "tmp/tests/repositories/" }
gitlab_shell:
path: tmp/tests/gitlab-shell/
hooks_path: tmp/tests/gitlab-shell/hooks/
issues_tracker:
redmine:
title: "Redmine"
project_url: "http://redmine/projects/:issues_tracker_id"
issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
jira:
title: "JIRA"
url: https://samplecompany.example.net
project_key: PROJECT
ldap:
enabled: true
servers:
main:
label: ldap
host: 172.19.8.5
port: 389
uid: 'uid'
method: 'plain' # "tls" or "ssl" or "plain"
base: 'dc=zjl,dc=com'
user_filter: ''
group_base: 'ou=people,dc=zjl,dc=com'
admin_group: ''
sync_ssh_keys: false
staging:
<<: *base
