; Licensed to the Apache Software Foundation (ASF) under one or more
 ; contributor license agreements.  See the NOTICE file distributed with
 ; this work for additional information regarding copyright ownership.
 ; The ASF licenses this file to You under the Apache License, Version 2.0
 ; (the "License"); you may not use this file except in compliance with
 ; the License.  You may obtain a copy of the License at
 ;
 ;     http://www.apache.org/licenses/LICENSE-2.0
 ;
 ; Unless required by applicable law or agreed to in writing, software
 ; distributed under the License is distributed on an "AS IS" BASIS,
 ; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 ; See the License for the specific language governing permissions and
 ; limitations under the License.
 

; Profile module configuration file
; ---------------------------------------------------------------------------
;
; The Profile module simplifies the process of managing users of your web 
; application. The primary use case for this module involves authentication
; and authorization using LDAP, although it should be possible to support 
; additional back-ends with moderate customization.
;


; ***************************************************************************
; PROFILE AUTHENTICATION SETTINGS
; ***************************************************************************
;
; Responsibility for authentication is delegated to the class specified here.
; The only requirement of the delegated class is that it implement the 
; Org_Apache_Oodt_Balance_Interfaces_IApplicationAuthenticationProvider 
; interface.
;
; The following settings define both the class name (authentication_class) and
; the filesystem path to the class itself (authentication_class_path). Both 
; are required for authentication to function. 
;
; Tip: When specifying the authentication_class_path, the token [MODULE_PATH] 
; will be expanded to the root directory of this module (i.e.: the location of 
; this file)
;
; If authentication is not required, both of these settings should be left 
; blank.
;
authentication_class      = LDAPAuthenticationProvider
authentication_class_path = [MODULE_PATH]/classes/LDAPAuthenticationProvider.class.php


; LDAP authentication server connection details
ldap_host            = "host"
ldap_port            = 686
ldap_base_dn         = "dc=people,dc=project"
cookie_key           = "__ac__sc__"


; Encryption method used to encrypt user passwords 
; Supported options are:
; 		1. SHA
; 		2. MD5
auth_encryption_method 	= SHA


; ***************************************************************************
; PROFILE AUTHORIZATION SETTINGS
; ***************************************************************************
;
; Responsibility for authorization is delegated to the class specified here. 
; The only requirement of the delegated class is that it implement the
; Org_Apache_Oodt_Balance_Interfaces_IApplicationAuthorizationProvider
; interface. 
;
; The following settings define both the class name (authorization_class) and
; the filesystem path to the class itself (authorization_class_path). Both 
; are required for authentication to function. 
;
; Tip: When specifying the authorization_class_path, the token [MODULE_PATH] 
; will be expanded to the root directory of this module (i.e.: the location
; of this file)
;
; If authorization is not required, both of these settings should be left 
; blank.
;
authorization_class		 = LDAPAuthorizationProvider
authorization_class_path = [MODULE_PATH]/classes/LDAPAuthorizationProvider.class.php


; LDAP authorization filter details
authorization_ldap_filter = '&(objectClass=groupOfUniqueNames)'
authorization_ldap_filter_userid = 'uniqueMember=uid'

; LDAP authorization server connection details
authorization_ldap_host            = 'host'
authorization_ldap_port            = 686
authorization_ldap_base_dn         = 'dc=people,dc=project'
authorization_ldap_group_dn        = 'dc=group,dc=project'
authorization_cookie_key           = '__ac__sc__'

; Page to redirect users to when authorization is required
authorization_redirect_url = [MODULE_ROOT]/login



; ***************************************************************************
; PROFILE ATTRIBUTE SETTINGS
; ***************************************************************************
; User profiles consist of various attributes (name, telephone, email, etc.).
; This section defines the attributes that the profile will expose.

; Attribute Mapping
; The profile module natively understands the following profile attributes, 
; which are widely applicable across projects. This section defines a mapping
; between these profile attributes and your specific environment. 
;
; commonname_attr: The common name of the user (usually first and last name)
commonname_attr = cn
; firstname_attr: The first (given) name of the user
firstname_attr  = givenname
; lastname_attr: The last (surname) name of the user
lastname_attr   = sn
; username_attr: The unique id/name of the user
username_attr   = uid
; email_attr: The email address of the user
email_attr      = mail

; Visible Attributes
; The profile module will expose the profile attributes specified here. 
; These attributes will be displayed for the user to view.
; 
; Specify the profile attributes to expose here:
profile_attributes[] = givenname
profile_attributes[] = sn
profile_attributes[] = uid
profile_attributes[] = mail

; Attributes allowed to modify
; The profile module will expose the profile attributes specified here. 
; These attributes will be displayed for the user to view and the user 
; will be allowed to change values in the ldap directory.
; 
; Specify the profile attributes to modify here:
profile_modify_attributes[] = givenname
profile_modify_attributes[] = sn
profile_modify_attributes[] = mail

; When displaying the attributes specified above, a human readable label can
; be defined. This will help users better understand which values they are
; seeing and/or modifying. 
;
; Specify an attribute-to-label mapping for each of the above attributes here:
attr_titles[ 'First name' ] = givenname
attr_titles[ 'Last name' ]  = sn
attr_titles[ 'Username' ]   = uid
attr_titles[ 'Email' ]      = mail


; ***************************************************************************
; PASSWORD VALIDATION SETTINGS
; ***************************************************************************
; In the event that there are requirements that define a valid password, they
; can be specified here as an array of 'tests'. These tests will be invoked
; whenever the user attempts to set / change his or her password.
;
; The general format of these rules is a regular expression followed by a
; pipe (|) followed by the human-readable exception to display when a password
; fails to validate.
; 
; EXAMPLES:
; - To require passwords with length of 5 or greater:
;   security_password_rules[] = "/.{5,}/|Password must have a length of 5 or greater"
; - To enfoce the presence of at least one uppercase letter
;   security_password_rules[] = "/[A-Z]+/|Password must contain at least one uppercase letter"
;
; The security rules will be enforced in series, and processing will halt
; after the first failure.
;
security_password_rules[] =