## Authorizations
# Uncomment out the merging for each enviornment that you'd like to include.
# You can also just copy and paste the tree (do not include the "authorizations") to each
# enviornment if you need something different per enviornment.
authorizations: &AUTHORIZATIONS
  group_base: ou=groups,dc=test,dc=com
  ## Requires config.ldap_check_group_membership in devise.rb be true
  # Can have multiple values, must match all to be authorized
  required_groups:
    # If only a group name is given, membership will be checked against "uniqueMember"
    - cn=admins,ou=groups,dc=test,dc=com
    - cn=users,ou=groups,dc=test,dc=com
    # If an array is given, the first element will be the attribute to check against, the second the group name
    - ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"]
  ## Requires config.ldap_check_attributes in devise.rb to be true
  ## Can have multiple attributes and values, must match all to be authorized
  require_attribute:
    objectClass: inetOrgPerson
    authorizationRole: postsAdmin

# Application specific attributes and changes.

    #attribute: => attribute of the ldap
    #attribute_to_compare => attribute of the ldap with which the knome specific field should be compared.
    #attributes_to_persist => attributes that need to be fed to the user table from ldap

## Enviornments

development:
  host: localhost
  port: 389
  attribute: cn
  base: ou=people,dc=test,dc=com
  #admin_user: cn=admin,dc=test,dc=com
  #admin_password: admin_password
  #attribute: mail
  #attribute_to_compare: mail
  #attributes_to_persist:
       #- ["mail", "email"]
       #- ["givenName", "first_name"]
       #- ["sn", "last_name"]
  ssl: false
  # <<: *AUTHORIZATIONS

test:
  host: localhost
  port: 3389
  attribute: cn
  base: ou=people,dc=test,dc=com
  #admin_user: cn=admin,dc=test,dc=com
  #admin_password: admin_password
  #attribute: mail
  #attribute_to_compare: mail
  #attributes_to_persist:
       #- ["mail", "email"]
       #- ["givenName", "first_name"]
       #- ["sn", "last_name"]
  ssl: false
  # <<: *AUTHORIZATIONS

production:
  host: localhost
  port: 636
  attribute: cn
  base: ou=people,dc=test,dc=com
  #admin_user: cn=admin,dc=test,dc=com
  #admin_password: admin_password
  #attribute: mail
  #attribute_to_compare: mail
  #attributes_to_persist:
       #- ["mail", "email"]
       #- ["givenName", "first_name"]
       #- ["sn", "last_name"]
  ssl: true
  # <<: *AUTHORIZATIONS