Environments Using IIJ GIO Secure Apps Service
This section describes a sample of the configuration file needed when using the "SSL Gateway IIJ ID Link Option" that is one of the IIJ GIO Secure Apps.
The entitlements attribute for IIJ ID users must be configured to use the SSL Gateway IIJ ID Link Option.
In this sample configuration, the userPrincipalName is assigned as the value of the entitlements attribute for synchronization with the IIJ ID Service.
The following configuration files are provided as reference examples. Configure actual settings in accordance with your environment.
config.yml sample
log: loglevel: info ad: ldap: server: addresses: - 127.0.0.1 user: 'CN=administrator,CN=Users,DC=example,DC=co,DC=jp' base_dn: 'DC=example,DC=co,DC=jp' filter: user: 'memberOf:1.2.840.113556.1.4.1941:=CN=IIJ ID Service User Group,OU=Groups,DC=example,DC=co,DC=jp' group: 'memberOf:1.2.840.113556.1.4.1941:=CN=IIJ ID Service User Group,OU=Groups,DC=example,DC=co,DC=jp' iid: scim: http: proxy: use: true address: proxy.example.co.jp port: 8080 user: iij-taro attribute: user: default: entitlements: - display: userPrincipalName type: userPrincipalName primary: true emails: - primary: true ad_bind: externalId: objectGUID userName: userPrincipalName name: familyName: sn givenName: givenName localNames: familyName: msDS-PhoneticLastName givenName: msDS-PhoneticFirstName active: - userAccountControl - accountExpires emails: - value: mail entitlements: - value: userPrincipalName group: ad_bind: externalId: objectGUID displayName: name
secret.yml sample
ad: ldap: server: password: ldap_password iid: scim: token: scim_token http: proxy: password: proxy_password