web: 0.0.0.0:5555
path: /
message: "LDAP Login"
servers:
- ldaps://ldap1.example.com:636
- ldaps://ldap2.example.com:636
- ldaps://ldap3.example.com:636
auth:
  bindDN: cn=seviceaccount,cn=users,o=company
  bindPW: password
user:
  baseDN: ou=users,o=company
  filter: "(cn={0})"
  attr: cn
group:
  baseDN: ou=groups,o=company
  filter: "(member={0})"
  attr: cn
timeout:
  success: 24h
  group: 24h
  wrong: 5m
rules:
- match:
  - header: X-Sent-From
    value: nginx-ingress-controller
  - header: X-Auth-Request-Redirect
    regex: "^/dashboard"
  allow:
  - group: SysAdmin
  - group: AppAdmin
  - group: Operator
  - user: Jhon
  deny:
  - group: Guest
- match:
  - header: X-Sent-From
    value: nginx-ingress-controller
  - header: X-Original-Method
    value: GET
  - header: X-Original-URL
    regex: "^https?://server.domain/"
  allow:
  - group: Guest
- match:
  - header: X-Sent-From
    value: nginx-ingress-controller
  - header: X-Auth-Request-Redirect
    regex: /login
  allowAnonymous: true