[ 'Server' => 'server.domain.tld', // FQDN of the LDAP-server 'Port' => 389, // Port of the LDAP-server; default port is 389 'BaseDN' => 'OU=Users,DC=domain,DC=tld', // Location of your useraccounts // Syntax: // 'OU=container,DC=domain,DC=tld' 'Domain' => 'domain' // Specify the NetBios name of the domain; to allow users to log on with just their usernames. ], '2FA' => [ 'Protocol' => 'TOTP', // Possible options are HOTP (sequential codes) and TOTP (timebased codes) 'TOTP' => [ 'Secret' => 'NULL', // By default, a 512 bits secret is generated. If you need, you can provide your own secret here. 'Age' => '30', // The duration that each OTP code is valid for. 'Length' => '6', // Number of digits the OTP code will consist of. 'Algorithm' => 'SHA256' // The hashing algorithm used. ], ], 'Sqlite' => [ 'Path' => '../data/lucidAuth.sqlite.db' // Relative path to the location where the database should be stored ], 'JWT' => [ 'PrivateKey_base64' => '', // A base64-encoded random (preferably long) string (see https://www.base64encode.org/) 'Algorithm' => [ 'HS256', ] ], 'Session' => [ 'Duration' => 2592000, // In seconds (2592000 is equivalent to 30 days) 'CrossDomainLogin' => False, // Set this to True if SingleSignOn (albeit rudementary) is desired // (cookies are inheritently unaware of each other; clearing cookies for one domain does not affect other domains) // Important! // If you leave this set to False, the domainname where lucidAuth will be running on, // needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing the authentication proxy. 'CookieDomains' => [ 'domain1.tld' #, 'domain2.tld', 'subdomain.domain3.tld' ] // Domain(s) that will be used to set cookie-domains to // (multiple domains are allowed; remove the '#' above) ], 'Debug' => [ 'Verbose' => False, 'LogToFile' => False ] ); ?>