7be680cbe5
* docs: initial migration to docusaurus * website: add custom font, update blurbs and icons * website: update splash * root: update links to docs * flows: use .pbflow extension so docusaurus doesn't mangle the files * e2e: workaround prospector * Squashed commit of the following: commit1248585dcaAuthor: Jens Langhammer <jens.langhammer@beryju.org> Date: Sun Nov 15 20:46:53 2020 +0100 e2e: attempt to fix prospector error again commit1319c480c4Author: Jens Langhammer <jens.langhammer@beryju.org> Date: Sun Nov 15 20:41:35 2020 +0100 ci: install previous python version for upgrade testing * web: update accent colours and format * website: format markdown files * website: fix colours for text * website: switch to temporary accent colour to improve readability * flows: fix path for TestTransferDocs * flows: fix formatting of tests
2.6 KiB
2.6 KiB
| title |
|---|
| Sources |
Sources allow you to connect passbook to an existing user directory. They can also be used for social logins, using external providers such as Facebook, Twitter, etc.
Generic OAuth Source
All Integration-specific Sources are documented in the Integrations Section
This source allows users to enroll themselves with an external OAuth-based Identity Provider. The generic provider expects the endpoint to return OpenID-Connect compatible information. Vendor-specific implementations have their own OAuth Source.
- Policies: Allow/Forbid users from linking their accounts with this provider.
- Request Token URL: This field is used for OAuth v1 implementations and will be provided by the provider.
- Authorization URL: This value will be provided by the provider.
- Access Token URL: This value will be provided by the provider.
- Profile URL: This URL is called by passbook to retrieve user information upon successful authentication.
- Consumer key/Consumer secret: These values will be provided by the provider.
SAML Source
This source allows passbook to act as a SAML Service Provider. Just like the SAML Provider, it supports signed requests. Vendor-specific documentation can be found in the Integrations Section.
LDAP Source
This source allows you to import users and groups from an LDAP Server.
- Server URI: URI to your LDAP server/Domain Controller.
- Bind CN: CN of the bind user. This can also be a UPN in the format of
user@domain.tld. - Bind password: Password used during the bind process.
- Enable StartTLS: Enables StartTLS functionality. To use LDAPS instead, use port
636. - Base DN: Base DN used for all LDAP queries.
- Addition User DN: Prepended to the base DN for user queries.
- Addition Group DN: Prepended to the base DN for group queries.
- User object filter: Consider objects matching this filter to be users.
- Group object filter: Consider objects matching this filter to be groups.
- User group membership field: This field contains the user's group memberships.
- Object uniqueness field: This field contains a unique identifier.
- Sync groups: Enable/disable group synchronization. Groups are synced in the background every 5 minutes.
- Sync parent group: Optionally set this group as the parent group for all synced groups. An example use case of this would be to import Active Directory groups under a root
imported-from-adgroup. - Property mappings: Define which LDAP properties map to which passbook properties. The default set of property mappings is generated for Active Directory. See also LDAP Property Mappings