Parameter list

Click on a column header to sort table. The attribute key name can be used directly in lemonldap-ng.ini or in Perl scripts to override configuration parameters (see configuration location).

Main parameters

Key name Documentation Portal Handler Manager ini file only
ADPwdExpireWarning AD password expire warning
ADPwdMaxAge AD password max age
AuthLDAPFilter LDAP filter for auth search
LDAPFilter Default LDAP filter
SMTPAuthPass Password to use to send mails
SMTPAuthUser Login to use to send mails
SMTPPort Fix SMTP port
SMTPServer SMTP Server
SMTPTLS TLS protocol to use with SMTP
SMTPTLSOpts TLS/SSL options for SMTP
SSLAuthnLevel SSL authentication level
activeTimer Enable timers on portal pages
apacheAuthnLevel Apache authentication level
applicationList Applications list
authChoiceAuthBasic Auth module used by AuthBasic handler
authChoiceModules Hash list of Choice strings
authChoiceParam Applications list
authentication Authentication module
autoSigninRules List of auto signin rules
available2F Available second factor modules
available2FSelfRegistration Available self-registration modules for second factor
browsersDontStorePassword Avoid browsers to store users password
bruteForceProtection Enable brute force attack protection
bruteForceProtectionIncrementalTempo Enable incremental lock time for brute force attack protection
bruteForceProtectionLockTimes Incremental lock time values for brute force attack protection
bruteForceProtectionMaxAge Brute force attack protection -> Max age between last and first allowed failed login
bruteForceProtectionMaxFailed Brute force attack protection -> Max allowed failed login
bruteForceProtectionMaxLockTime Brute force attack protection -> Max lock time
bruteForceProtectionTempo Brute force attack protection -> Tempo before try again
captcha_login_enabled Captcha on login page
captcha_mail_enabled Captcha on password reset page
captcha_register_enabled Captcha on account creation page
captcha_size Captcha size
casAccessControlPolicy CAS access control policy
casAppMetaDataOptions Root of CAS app options [1]
casAttr Pivot attribute for CAS
casAttributes CAS exported attributes
casAuthnLevel CAS authentication level
casSrvMetaDataOptions Root of CAS server options [1]
casStorage Apache::Session module to store CAS user data
casStorageOptions Apache::Session module parameters
cda Enable Cross Domain Authentication
certificateResetByMailStep1Body Custom Certificate reset mail body
certificateResetByMailStep1Subject Mail subject for certificate reset email
certificateResetByMailStep2Body Custom confirm Certificate reset mail body
certificateResetByMailStep2Subject Mail subject for reset confirmation
certificateResetByMailURL URL of certificate reset page
cfgAuthor Name of the author of the current configuration
cfgAuthorIP Uploader IP address of the current configuration
cfgDate Timestamp of the current configuration
cfgLog Configuration update log
cfgNum Enable Cross Domain Authentication
cfgVersion Version of LLNG which build configuration
checkState Enable CheckState plugin
checkStateSecret Secret token for CheckState plugin
checkTime Timeout to check new configuration in local cache
checkUser Enable check user
checkUserDisplayEmptyHeaders Display empty headers rule
checkUserDisplayEmptyValues Display session empty values rule
checkUserDisplayPersistentInfo Display persistent session info rule
checkUserHiddenAttributes Attributes to hide in CheckUser plugin
checkUserIdRule checkUser identities rule
checkUserSearchAttributes Attributes used for retrieving sessions in user DataBase
checkXSS Check XSS
combModules Combination module description
combination Combination rule
compactConf Compact configuration
configStorage Configuration storage
confirmFormMethod HTTP method for confirm page form
contextSwitchingIdRule Context switching identities rule
contextSwitchingPrefix Prefix to store real session Id
contextSwitchingRule Context switching activation rule
contextSwitchingStopWithLogout Stop context switching by logout
cookieExpiration Cookie expiration
cookieName Name of the main cookie
corsAllow_Credentials Allow credentials for Cross-Origin Resource Sharing
corsAllow_Headers Allowed headers for Cross-Origin Resource Sharing
corsAllow_Methods Allowed methods for Cross-Origin Resource Sharing
corsAllow_Origin Allowed origine for Cross-Origin Resource Sharing
corsEnabled Enable Cross-Origin Resource Sharing
corsExpose_Headers Exposed headers for Cross-Origin Resource Sharing
corsMax_Age MAx-age for Cross-Origin Resource Sharing
cspConnect Authorized Ajax destination for Content-Security-Policy
cspDefault Default value for Content-Security-Policy
cspFont Font source for Content-Security-Policy
cspFormAction Form action destination for Content-Security-Policy
cspFrameAncestors Frame-Ancestors for Content-Security-Policy
cspImg Image source for Content-Security-Policy
cspScript Javascript source for Content-Security-Policy
cspStyle Style source for Content-Security-Policy
customAddParams Custom additional parameters
customAuth Custom auth module
customFunctions List of custom functions
customPassword Custom password module
customPlugins Custom plugins
customPluginsParams Custom plugins parameters
customRegister Custom register module
customResetCertByMail Custom certificateResetByMail module
customToTrace Session parameter used to fill REMOTE_CUSTOM
customUserDB Custom user DB module
dbiAuthnLevel DBI authentication level
dbiExportedVars DBI exported variables
decryptValueFunctions Custom function used for decrypting values
decryptValueRule Decrypt value activation rule
demoExportedVars Demo exported variables
disablePersistentStorage Enabled persistent storage
domain DNS domain
exportedAttr List of attributes to export by SOAP or REST servers
exportedVars Main exported variables
ext2FSendCommand Send command of External second factor
ext2FValidateCommand Validation command of External second factor
ext2fActivation External second factor activation
ext2fAuthnLevel Authentication level for users authentified by External second factor
ext2fCodeActivation OTP generated by Portal
ext2fLabel Portal label for External second factor
ext2fLogo Custom logo for External 2F
facebookAuthnLevel Facebook authentication level
facebookExportedVars Facebook exported variables
failedLoginNumber Number of failures stored in login history
forceGlobalStorageIssuerOTT Force Issuer tokens to be stored into Global Storage
forceGlobalStorageUpgradeOTT Force Upgrade tokens be stored into Global Storage
formTimeout Token timeout for forms
githubAuthnLevel GitHub authentication level
globalLogoutCustomParam Custom session parameter to display
globalLogoutRule Global logout activation rule
globalLogoutTimer Global logout auto accept time
globalStorage Session backend module
globalStorageOptions Session backend module options
gpgAuthnLevel GPG authentication level
gpgDb GPG keys database
grantSessionRules Rules to grant sessions
groups Groups
groupsBeforeMacros Compute groups before macros
handlerInternalCache Handler internal cache timeout
handlerServiceTokenTTL Handler ServiceToken timeout
hiddenAttributes Name of attributes to hide in logs
hideOldPassword Hide old password in portal
httpOnly Enable httpOnly flag in cookie
https Use HTTPS for redirection from portal
impersonationHiddenAttributes Attributes to skip
impersonationIdRule Impersonation identities rule
impersonationMergeSSOgroups Merge spoofed and real SSO groups
impersonationPrefix Prefix to rename real session attributes
impersonationRule Impersonation activation rule
impersonationSkipEmptyValues Skip session empty values
infoFormMethod HTTP method for info page form
issuerDBCASActivation CAS server activation
issuerDBCASPath CAS server request path
issuerDBCASRule CAS server rule
issuerDBGetActivation Get issuer activation
issuerDBGetParameters List of virtualHosts with their get parameters
issuerDBGetPath Get issuer request path
issuerDBGetRule Get issuer rule
issuerDBOpenIDActivation OpenID server activation
issuerDBOpenIDConnectActivation OpenID Connect server activation
issuerDBOpenIDConnectPath OpenID Connect server request path
issuerDBOpenIDConnectRule OpenID Connect server rule
issuerDBOpenIDPath OpenID server request path
issuerDBOpenIDRule OpenID server rule
issuerDBSAMLActivation SAML IDP activation
issuerDBSAMLPath SAML IDP request path
issuerDBSAMLRule SAML IDP rule
issuersTimeout Token timeout for issuers
jsRedirect Use javascript for redirections
key Secret key
krbAuthnLevel Null authentication level
krbByJs Launch Kerberos authentication by Ajax
krbKeytab Kerberos keytab
krbRemoveDomain Remove domain in Kerberos username
ldapAllowResetExpiredPassword Allow a user to reset his expired password
ldapAuthnLevel LDAP authentication level
ldapBase LDAP search base
ldapExportedVars LDAP exported variables
ldapGroupAttributeName LDAP attribute name for member in groups
ldapGroupAttributeNameGroup LDAP attribute name in group entry referenced as member in groups
ldapGroupAttributeNameSearch LDAP attributes to search in groups
ldapGroupAttributeNameUser LDAP attribute name in user entry referenced as member in groups
ldapGroupDecodeSearchedValue Decode value before searching it in LDAP groups
ldapGroupObjectClass LDAP object class of groups
ldapGroupRecursive LDAP recursive search in groups
ldapITDS Support for IBM Tivoli Directory Server
ldapPasswordResetAttribute LDAP password reset attribute
ldapPasswordResetAttributeValue LDAP password reset value
ldapPort LDAP port
ldapPwdEnc LDAP password encoding
ldapSearchDeref "deref" param of Net::LDAP::search()
ldapServer LDAP server (host or URI)
ldapTimeout LDAP connection timeout
ldapUsePasswordResetAttribute LDAP store reset flag in an attribute
ldapVersion LDAP protocol version
linkedInAuthnLevel LinkedIn authentication level
localSessionStorage Local sessions cache module
localSessionStorageOptions Sessions cache module options
localStorage Local cache
localStorageOptions Local cache parameters
log4perlConfFile Log4Perl logger configuration file
logLevel Log level, must be set in .ini
logger technical logger
loginHistoryEnabled Enable login history
logoutServices Send logout trough GET request to these services
lwpOpts Options given to LWP::UserAgent
lwpSslOpts SSL options given to LWP::UserAgent
macros Macros
mail2fActivation Mail second factor activation
mail2fAuthnLevel Authentication level for users authenticated by Mail second factor
mail2fBody Mail body for second factor authentication
mail2fCodeRegex Regular expression to create a mail OTP code
mail2fLabel Portal label for Mail second factor
mail2fLogo Custom logo for Mail 2F
mail2fSubject Mail subject for second factor authentication
mail2fTimeout Second factor code timeout
mailBody Custom password reset mail body
mailCharset Mail charset
mailConfirmBody Custom confirm password reset mail body
mailConfirmSubject Mail subject for reset confirmation
mailFrom Sender email
mailLDAPFilter LDAP filter for mail search
mailOnPasswordChange Send a mail when password is changed
mailReplyTo Reply-To address
mailSessionKey Session parameter where mail is stored
mailSubject Mail subject for new password email
mailTimeout Mail password reset session timeout
mailUrl URL of password reset page
maintenance Maintenance mode for all virtual hosts
managerDn LDAP manager DN
managerPassword LDAP manager Password
max2FDevices Maximum registered 2F devices
max2FDevicesNameLength Maximum 2F devices name length
multiValuesSeparator Separator for multiple values
mySessionAuthorizedRWKeys Alterable session keys by user itself
nginxCustomHandlers Custom Nginx handler (deprecated)
noAjaxHook Avoid replacing 302 by 401 for Ajax responses
notification Notification activation
notificationDefaultCond Notification default condition
notificationServer Notification server activation
notificationServerDELETE Notification server activation
notificationServerGET Notification server activation
notificationServerPOST Notification server activation
notificationServerSentAttributes Prameters to send with notification server GET method
notificationStorage Notification backend
notificationStorageOptions Notification backend options
notificationWildcard Notification string to match all users
notificationXSLTfile Custom XSLT document for notifications
notificationsExplorer Notifications explorer activation
notificationsMaxRetrieve Max number of displayed notifications
notifyDeleted Show deleted sessions in portal
notifyOther Show other sessions in portal
nullAuthnLevel Null authentication level
oidcAuthnLevel OpenID Connect authentication level
oidcOPMetaDataOptions [1]
oidcRPCallbackGetParam OpenID Connect Callback GET URLparameter
oidcRPMetaDataOptions [1]
oidcRPStateTimeout OpenID Connect Timeout of state sessions
oidcServiceAccessTokenExpiration OpenID Connect global access token TTL
oidcServiceAllowAuthorizationCodeFlow OpenID Connect allow authorization code flow
oidcServiceAllowDynamicRegistration OpenID Connect allow dynamic client registration
oidcServiceAllowHybridFlow OpenID Connect allow hybrid flow
oidcServiceAllowImplicitFlow OpenID Connect allow implicit flow
oidcServiceAuthorizationCodeExpiration OpenID Connect global code TTL
oidcServiceDynamicRegistrationExportedVars OpenID Connect exported variables for dynamic registration
oidcServiceDynamicRegistrationExtraClaims OpenID Connect extra claims for dynamic registration
oidcServiceIDTokenExpiration OpenID Connect global ID token TTL
oidcServiceKeyIdSig OpenID Connect Signature Key ID
oidcServiceMetaDataAuthnContext OpenID Connect Authentication Context Class Ref
oidcServiceMetaDataAuthorizeURI OpenID Connect authorizaton endpoint
oidcServiceMetaDataBackChannelURI OpenID Connect Front-Channel logout endpoint
oidcServiceMetaDataCheckSessionURI OpenID Connect check session iframe
oidcServiceMetaDataEndSessionURI OpenID Connect end session endpoint
oidcServiceMetaDataFrontChannelURI OpenID Connect Front-Channel logout endpoint
oidcServiceMetaDataIntrospectionURI OpenID Connect introspection endpoint
oidcServiceMetaDataIssuer OpenID Connect issuer
oidcServiceMetaDataJWKSURI OpenID Connect JWKS endpoint
oidcServiceMetaDataRegistrationURI OpenID Connect registration endpoint
oidcServiceMetaDataTokenURI OpenID Connect token endpoint
oidcServiceMetaDataUserInfoURI OpenID Connect user info endpoint
oidcServiceOfflineSessionExpiration OpenID Connect global offline session TTL
oidcStorage Apache::Session module to store OIDC user data
oidcStorageOptions Apache::Session module parameters
oldNotifFormat Use old XML format for notifications
openIdAuthnLevel OpenID authentication level
openIdExportedVars OpenID exported variables
openIdSreg_email OpenID SREG email session parameter
openIdSreg_fullname OpenID SREG fullname session parameter
openIdSreg_nickname OpenID SREG nickname session parameter
openIdSreg_timezone OpenID SREG timezone session parameter
pamAuthnLevel PAM authentication level
pamService PAM service
passwordDB Password module
passwordPolicyMinDigit Password policy: minimal digit characters
passwordPolicyMinLower Password policy: minimal lower characters
passwordPolicyMinSize Password policy: minimal size
passwordPolicyMinSpeChar Password policy: minimal special characters
passwordPolicyMinUpper Password policy: minimal upper characters
passwordPolicySpecialChar Password policy: allowed special characters
passwordResetAllowedRetries Maximum number of retries to reset password
pdataDomain pdata cookie DNS domain
persistentSessionAttributes Persistent session attributes to hide
persistentStorage Storage module for persistent sessions
persistentStorageOptions Options for persistent sessions storage module
port Force port in redirection
portal Portal URL
portalAntiFrame Avoid portal to be displayed inside frames
portalCheckLogins Display login history checkbox in portal
portalCustomCss Path to custom CSS file
portalDisplayAppslist Display applications tab in portal
portalDisplayCertificateResetByMail Display Certificate Reset by mail tab in portal
portalDisplayChangePassword Display password tab in portal
portalDisplayGeneratePassword Display password generate box in reset password form
portalDisplayLoginHistory Display login history tab in portal
portalDisplayLogout Display logout tab in portal
portalDisplayOidcConsents Display OIDC consent tab in portal
portalDisplayPasswordPolicy Display policy in password form
portalDisplayRefreshMyRights Displays the link to refresh the user session
portalDisplayRegister Display register button in portal
portalDisplayResetPassword Display reset password button in portal
portalErrorOnExpiredSession Show error if session is expired
portalErrorOnMailNotFound Show error if mail is not found in password reset process
portalForceAuthn Enable force to authenticate when displaying portal
portalForceAuthnInterval Maximum interval in seconds since last authentication to force reauthentication
portalMainLogo Portal main logo path
portalOpenLinkInNewWindow Open applications in new windows
portalPingInterval Interval in ms between portal Ajax pings
portalRequireOldPassword Rule to require old password to change the password
portalSkin Name of portal skin
portalSkinBackground Background image of portal skin
portalSkinRules Rules to choose portal skin
portalStatus Enable portal status
portalUserAttr Session parameter to display connected user in portal
protection Manager protection method
proxyAuthnLevel Proxy authentication level
proxyUseSoap Use SOAP instead of REST
radius2fActivation Radius second factor activation
radius2fAuthnLevel Authentication level for users authenticated by Radius second factor
radius2fLabel Portal label for Radius 2F
radius2fLogo Custom logo for Radius 2F
radius2fTimeout Radius 2f verification timeout
radius2fUsernameSessionKey Session key used as Radius login
radiusAuthnLevel Radius authentication level
randomPasswordRegexp Regular expression to create a random password
redirectFormMethod HTTP method for redirect page form
refreshSessions Refresh sessions plugin
registerConfirmSubject Mail subject for register confirmation
registerDB Register module
registerDoneSubject Mail subject when register is done
registerTimeout Register session timeout
registerUrl URL of register page
reloadTimeout Configuration reload timeout
reloadUrls URL to call on reload
remoteGlobalStorage Remote session backend
remoteGlobalStorageOptions Apache::Session module parameters
requireToken Enable token for forms
rest2fActivation REST second factor activation
rest2fAuthnLevel Authentication level for users authentified by REST second factor
rest2fInitArgs Args for REST 2F init
rest2fInitUrl REST 2F init URL
rest2fLabel Portal label for REST second factor
rest2fLogo Custom logo for REST 2F
rest2fVerifyArgs Args for REST 2F init
rest2fVerifyUrl REST 2F init URL
restAuthnLevel REST authentication level
restClockTolerance How tolerant the REST session server will be to clock dift
restConfigServer Enable REST config server
restExportSecretKeys Allow to export secret keys in REST session server
restSessionServer Enable REST session server
sameSite Cookie SameSite value
samlAttributeAuthorityDescriptorAttributeServiceSOAP SAML Attribute Authority SOAP
samlAuthnContextMapKerberos SAML authn context kerberos level
samlAuthnContextMapPassword SAML authn context password level
samlAuthnContextMapPasswordProtectedTransport SAML authn context password protected transport level
samlAuthnContextMapTLSClient SAML authn context TLS client level
samlCommonDomainCookieActivation SAML CDC activation
samlDiscoveryProtocolActivation SAML Discovery Protocol activation
samlDiscoveryProtocolIsPassive SAML Discovery Protocol Is Passive
samlDiscoveryProtocolPolicy SAML Discovery Protocol Policy
samlDiscoveryProtocolURL SAML Discovery Protocol EndPoint URL
samlEntityID SAML service entityID
samlIDPMetaDataOptions [1]
samlIDPSSODescriptorArtifactResolutionServiceArtifact SAML IDP artifact resolution service
samlIDPSSODescriptorSingleLogoutServiceHTTPPost SAML IDP SLO HTTP POST
samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect SAML IDP SLO HTTP Redirect
samlIDPSSODescriptorSingleLogoutServiceSOAP SAML IDP SLO SOAP
samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact SAML IDP SSO HTTP Artifact
samlIDPSSODescriptorSingleSignOnServiceHTTPPost SAML IDP SSO HTTP POST
samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect SAML IDP SSO HTTP Redirect
samlIDPSSODescriptorWantAuthnRequestsSigned SAML IDP want authn request signed
samlMetadataForceUTF8 SAML force metadata UTF8 conversion
samlNameIDFormatMapEmail SAML session parameter for NameID email
samlNameIDFormatMapKerberos SAML session parameter for NameID kerberos
samlNameIDFormatMapWindows SAML session parameter for NameID windows
samlNameIDFormatMapX509 SAML session parameter for NameID x509
samlOrganizationDisplayName SAML service organization display name
samlOrganizationName SAML service organization name
samlOrganizationURL SAML service organization URL
samlOverrideIDPEntityID Override SAML EntityID when acting as an IDP
samlRelayStateTimeout SAML timeout of relay state
samlSPMetaDataOptions [1]
samlSPSSODescriptorArtifactResolutionServiceArtifact SAML SP artifact resolution service
samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact SAML SP ACS HTTP artifact
samlSPSSODescriptorAssertionConsumerServiceHTTPPost SAML SP ACS HTTP POST
samlSPSSODescriptorAuthnRequestsSigned SAML SP AuthnRequestsSigned
samlSPSSODescriptorSingleLogoutServiceHTTPPost SAML SP SLO HTTP POST
samlSPSSODescriptorSingleLogoutServiceHTTPRedirect SAML SP SLO HTTP Redirect
samlSPSSODescriptorSingleLogoutServiceSOAP SAML SP SLO SOAP
samlSPSSODescriptorWantAssertionsSigned SAML SP WantAssertionsSigned
samlServicePrivateKeyEnc SAML encryption private key
samlServicePrivateKeySig SAML signature private key
samlServicePrivateKeySigPwd SAML signature private key password
samlServicePublicKeyEnc SAML encryption public key
samlServicePublicKeySig SAML signature public key
samlServiceUseCertificateInResponse Use certificate instead of public key in SAML responses
samlStorage Apache::Session module to store SAML user data
samlStorageOptions Apache::Session module parameters
samlUseQueryStringSpecific SAML use specific method for query_string
secureTokenAllowOnError Secure Token allow requests in error
secureTokenAttribute Secure Token attribute
secureTokenExpiration Secure Token expiration
secureTokenHeader Secure Token header
secureTokenMemcachedServers Secure Token Memcached servers
securedCookie Cookie securisation method
sentryDsn Sentry logger DSN
sessionDataToRemember Data to remember in login history
sfEngine Second factor engine
sfExtra Extra second factors
sfManagerRule Rule to display second factor Manager link
sfRemovedMsgRule Display a message if at leat one expired SF has been removed
sfRemovedNotifMsg Notification message
sfRemovedNotifRef Notification reference
sfRemovedNotifTitle Notification title
sfRemovedUseNotif Use Notifications plugin to display message
sfRequired Second factor required
showLanguages Display langs icons
singleIP Allow only one session per IP
singleSession Allow only one session per user
singleUserByIP Allow only one user per IP
skipRenewConfirmation Avoid asking confirmation when an Issuer asks to renew auth
slaveAuthnLevel Slave authentication level
slaveDisplayLogo Display Slave authentication logo
slaveExportedVars Slave exported variables
soapConfigServer Enable SOAP config server
soapProxyUrn SOAP URN for Proxy
soapSessionServer Enable SOAP session server
sslByAjax Use Ajax request for SSL
sslHost URL for SSL Ajax request
staticPrefix Prefix of static files for HTML templates
status Status daemon activation
stayConnected Enable StayConnected plugin
storePassword Store password in session
successLoginNumber Number of success stored in login history
syslogFacility Syslog logger technical facility
timeout Session timeout on server side
timeoutActivity Session activity timeout on server side
timeoutActivityInterval Update session timeout interval on server side
tokenUseGlobalStorage Enable global token storage
totp2fActivation TOTP activation
totp2fAuthnLevel Authentication level for users authentified by password+TOTP
totp2fDigits Number of digits for TOTP code
totp2fDisplayExistingSecret Display existing TOTP secret in registration form
totp2fInterval TOTP interval
totp2fIssuer TOTP Issuer
totp2fLabel Portal label for TOTP 2F
totp2fLogo Custom logo for TOTP 2F
totp2fRange TOTP range (number of interval to test)
totp2fSelfRegistration TOTP self registration activation
totp2fTTL TOTP device time to live
totp2fUserCanChangeKey Authorize users to change existing TOTP secret
totp2fUserCanRemoveKey Authorize users to remove existing TOTP secret
trustedDomains Trusted domains
twitterAuthnLevel Twitter authentication level
u2fActivation U2F activation
u2fAuthnLevel Authentication level for users authentified by password+U2F
u2fLabel Portal label for U2F
u2fLogo Custom logo for U2F
u2fSelfRegistration U2F self registration activation
u2fTTL U2F device time to live
u2fUserCanRemoveKey Authorize users to remove existing U2F key
upgradeSession Upgrade session activation
useRedirectOnError Use 302 redirect code for error (500)
useRedirectOnForbidden Use 302 redirect code for forbidden (403)
useSafeJail Activate Safe jail
userControl Regular expression to validate login
userDB User module
userLogger User actions logger
userSyslogFacility Syslog logger user-actions facility
utotp2fActivation UTOTP activation (mixed U2F/TOTP module)
utotp2fAuthnLevel Authentication level for users authentified by password+(U2F or TOTP)
utotp2fLabel Portal label for U2F+TOTP
utotp2fLogo Custom logo for U2F+TOTP
vhostOptions [1]
viewerAllowBrowser Allow configuration browser
viewerAllowDiff Allow configuration diff
viewerHiddenKeys Hidden Conf keys
webIDAuthnLevel WebID authentication level
webIDExportedVars WebID exported variables
whatToTrace Session parameter used to fill REMOTE_USER
wsdlServer Enable /portal.wsdl server
yubikey2fActivation Yubikey second factor activation
yubikey2fAuthnLevel Authentication level for users authentified by Yubikey second factor
yubikey2fClientID Yubico client ID
yubikey2fLabel Portal label for Yubikey second factor
yubikey2fLogo Custom logo for Yubikey 2F
yubikey2fNonce Yubico nonce
yubikey2fPublicIDSize Yubikey public ID size
yubikey2fSecretKey Yubico secret key
yubikey2fSelfRegistration Yubikey self registration activation
yubikey2fTTL Yubikey device time to live
yubikey2fUrl Yubico server
yubikey2fUserCanRemoveKey Authorize users to remove existing Yubikey
zimbraAccountKey Zimbra account session key
zimbraBy Zimbra account type
zimbraPreAuthKey Zimbra preauthentication key
zimbraSsoUrl Zimbra local SSO URL pattern
zimbraUrl Zimbra preauthentication URL

[1]: complex nodes

Configuration backend parameters

Full name Key name Configuration backend
Configuration load timeout confTimeout all backends (default: 10)
Directory dirName File
DBI connection string dbiChain CDBI / RDBI
DBI user dbiUser
DBI password dbiPassword
DBI table name dbiTable
Storage directory dirName File / YAML
LDAP server ldapServer LDAP
LDAP port ldapPort
LDAP base ldapConfBase
LDAP bind dn ldapBindDN
LDAP bind password ldapBindPassword
LDAP ObjectClass ldapObjectClass
LDAP ID attribute ldapAttributeId
LDAP content attribute ldapAttributeContent
Certificate authorities file caFile
Certificate authorities directory caPath
MongoDB database dbName MongoDB
MongoDB collection collectionName
REST base URL baseUrl REST
REST realm realm
REST user user
REST password password
SOAP server location (URL) proxy SOAP
LWP::UserAgent parameters proxyOptions
SOAP user User
SOAP password Password