config.yml
Log Settings
The following table describes log settings items.
| Parameter Name | Description | Required | Possible Values | Default | Example Configuration | Comments | |
|---|---|---|---|---|---|---|---|
| log | loglevel |
Level of output log entry |
Yes | One of the following possible values
|
info |
Refer to "Logs" for more information on log levels. |
|
Active Directory Settings
The following table describes the Active Directory settings items.
| Parameter Name | Description | Required | Possible Values | Default | Example Configuration | Comments | ||||
|---|---|---|---|---|---|---|---|---|---|---|
| ad |
ldap |
server | user |
AD DS login user | Yes |
DN (distinguished name) |
'CN=administrator,CN=Users,DC=example,DC=co,DC=jp' |
|||
| encryption | Encrypts connections with AD DS | none or start_tls | none | Example 1: Not using encryption - none Example 2: Using STARTTLS |
To use LDAPS connection, specify start_tls. | |||||
| base_dn |
Base distinguished name |
Yes |
DN (distinguished name) | 'DC=example,DC=co,DC=jp' |
||||||
| filter | user | Specifies the filter used to search users via LDAP |
Search filter format usable by ldapsearch (compliant with RFC 1558) |
'cn=IIJ Taro' |
||||||
IIJ ID Server Settings
The following table describes IIJ ID SCIM server connection settings items.
Parameter Name |
Description |
Required |
Possible Values |
Default |
Example Configuration |
Comments |
||||
|---|---|---|---|---|---|---|---|---|---|---|
| iid |
scim |
http |
proxy |
use |
Enables use of a proxy for communication with the SCIM server |
One of the following possible values
|
false | true | ||
address |
IP address or host name of the proxy server |
IP address or host name | proxy.example.co.jp | |||||||
| port | Port number of the proxy server |
Value from 1 to 65535 |
8080 |
8080 |
||||||
| user | User name used for proxy authentication | iij-taro | Enabled when iid.scim.http.proxy.password (secret.yml) is also described |
|||||||
| server | dial_timeout | Timeout value regarding establishing communication with the SCIM server | Value from 1 to 36000 | 30 | 60 | |||||
| tls_handshake_timeout | Timeout value regarding a TLS handshake with the SCIM server | Value from 1 to 36000 | 10 | 60 | ||||||
| timeout | Timeout value regarding overall communication with the SCIM server | Value from 1 to 36000 | 3600 | 7200 | ||||||
User Settings
These settings are used to configure Active Directory attributes tied to IIJ ID users.
| Parameter Name | Description |
Required |
Possible Values |
Default |
Example Configuration |
Comments |
|||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| iid | scim | attribute | user | ad_bind | externalId |
External ID |
Yes | Any of the following values
|
Example 1) Example 2) - mS-DS-ConsistencyGuid |
When these parameters are specified in an array, the first element in the array is applied preferentially. |
|
[ Note ]
If using the software together with Directory Sync, make sure that the external IDs (users) are configured the same in both Directory Sync and Password Sync.
[ Reference ]
External IDs configured here function as attributes to create correspondence between Active Directory and the IIJ ID Service.