Environments Using IIJ GIO Secure Apps Service
This section describes a sample of the configuration file needed when using the "SSL Gateway IIJ ID Link Option" that is one of the IIJ GIO Secure Apps.
The entitlements attribute for IIJ ID users must be configured to use the SSL Gateway IIJ ID Link Option.
In this sample configuration, the userPrincipalName is assigned as the value of the entitlements attribute for synchronization with the IIJ ID Service.
The following configuration files are provided as reference examples. Configure actual settings in accordance with your environment.
config.yml sample
log:
loglevel: info
ad:
ldap:
server:
addresses:
- 127.0.0.1
user: 'CN=administrator,CN=Users,DC=example,DC=co,DC=jp'
base_dn: 'DC=example,DC=co,DC=jp'
filter:
user: 'memberOf:1.2.840.113556.1.4.1941:=CN=IIJ ID Service User Group,OU=Groups,DC=example,DC=co,DC=jp'
group: 'memberOf:1.2.840.113556.1.4.1941:=CN=IIJ ID Service User Group,OU=Groups,DC=example,DC=co,DC=jp'
iid:
scim:
http:
proxy:
use: true
address: proxy.example.co.jp
port: 8080
user: iij-taro
attribute:
user:
default:
entitlements:
- display: userPrincipalName
type: userPrincipalName
primary: true
emails:
- primary: true
ad_bind:
externalId: objectGUID
userName: userPrincipalName
name:
familyName: sn
givenName: givenName
localNames:
familyName: msDS-PhoneticLastName
givenName: msDS-PhoneticFirstName
active:
- userAccountControl
- accountExpires
emails:
- value: mail
entitlements:
- value: userPrincipalName
group:
ad_bind:
externalId: objectGUID
displayName: name
secret.yml sample
ad:
ldap:
server:
password: ldap_password
iid:
scim:
token: scim_token
http:
proxy:
password: proxy_password