Initial commit (history squashed)

etc/authority.plugins/ldap.yaml

@@ -0,0 +1,17 @@
+# Placeholder configuration for the LDAP identity provider plug-in.
+# Replace values with your directory settings before enabling the plug-in.
+connection:
+  host: "ldap.example.com"
+  port: 636
+  useTls: true
+  bindDn: "cn=service,dc=example,dc=com"
+  bindPassword: "CHANGE_ME"
+
+queries:
+  userFilter: "(uid={username})"
+  groupFilter: "(member={distinguishedName})"
+  groupAttribute: "cn"
+
+capabilities:
+  supportsPassword: true
+  supportsMfa: false

etc/authority.plugins/standard.yaml

@@ -0,0 +1,22 @@
+# Standard plugin configuration (Mongo-backed identity store).
+bootstrapUser:
+  username: "admin"
+  password: "changeme"
+
+passwordPolicy:
+  minimumLength: 12
+  requireUppercase: true
+  requireLowercase: true
+  requireDigit: true
+  requireSymbol: true
+
+lockout:
+  enabled: true
+  maxAttempts: 5
+  windowMinutes: 15
+
+tokenSigning:
+  # Path to the directory containing signing keys (relative paths resolve
+  # against the location of this manifest, environment variables are expanded,
+  # and the final value is normalised to an absolute path during startup.
+  keyDirectory: "../keys"