mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2025-05-28 05:54:43 -04:00
docs: restructure documentation
This rewrite follows the principles of https://diataxis.fr/ Co-authored-by: Erik Michelson <github@erik.michelson.eu> Signed-off-by: Philip Molares <philip.molares@udo.edu> Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Philip Molares
Tilman Vatteroth
parent
e0dd24ed29
commit
e07cd62596
68 changed files with 1163 additions and 315 deletions
24
docs/content/references/config/auth/ldap.md
Normal file
24
docs/content/references/config/auth/ldap.md
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
# LDAP
|
||||
|
||||
HedgeDoc can use one or multiple LDAP servers to authenticate users. To do this,
|
||||
you first need to tell HedgeDoc the names of servers you want to use (`HD_AUTH_LDAPS`),
|
||||
and then you need to provide the configuration for those LDAP servers
|
||||
depending on how you want to use them.
|
||||
Each of those variables will contain the given name for this LDAP server.
|
||||
For example if you named your LDAP server `MY_LDAP` all variables for this server
|
||||
will start with `HD_AUTH_LDAP_MY_LDAP`.
|
||||
|
||||
| environment variable | default | example | description |
|
||||
| ------------------------------------------ | -------------------- | -------------------------------------------------- | ------------------------------------------------------------------------------------------------------------- |
|
||||
| `HD_AUTH_LDAPS` | - | `MY_LDAP` | A comma-seperated list of names of LDAP servers HedgeDoc should use. |
|
||||
| `HD_AUTH_LDAP_$NAME_PROVIDER_NAME` | `LDAP` | `My LDAP` | The display name for the LDAP server, that is shown in the UI of HegdeDoc. |
|
||||
| `HD_AUTH_LDAP_$NAME_URL` | - | `ldaps://ldap.example.com` | The url with which the LDAP server can be accessed. |
|
||||
| `HD_AUTH_LDAP_$NAME_SEARCH_BASE` | - | `ou=users,dc=LDAP,dc=example,dc=com` | The LDAP search base which contains the user accounts on the LDAP server. |
|
||||
| `HD_AUTH_LDAP_$NAME_SEARCH_FILTER` | `(uid={{username}})` | `(&(uid={{username}})(objectClass=inetOrgPerson))` | A LDAP search filter that filters the users that should have access. |
|
||||
| `HD_AUTH_LDAP_$NAME_SEARCH_ATTRIBUTES` | - | `username,cn` | A comma-seperated list of attributes that the search filter from the LDAP server should access. |
|
||||
| `HD_AUTH_LDAP_$NAME_USERID_FIELD` | `uid` | `uid`, `uidNumber`, `sAMAccountName` | The attribute of the user account which should be used as an id for the user. |
|
||||
| `HD_AUTH_LDAP_$NAME_DISPLAY_NAME_FIELD` | `displayName` | `displayName`, `name`, `cn` | The attribute of the user account which should be used as the display name for the user. |
|
||||
| `HD_AUTH_LDAP_$NAME_PROFILE_PICTURE_FIELD` | `jpegPhoto` | `jpegPhoto`, `thumbnailPhoto` | The attribute of the user account which should be used as the user image for the user. |
|
||||
| `HD_AUTH_LDAP_$NAME_BIND_DN` | - | `cn=admin,dc=LDAP,dc=example,dc=com` | The dn which is used to perform the user search. If this is omitted then HedgeDoc will use an anonymous bind. |
|
||||
| `HD_AUTH_LDAP_$NAME_BIND_CREDENTIALS` | - | `MyLdapPassword` | The credential to access the LDAP server. |
|
||||
| `HD_AUTH_LDAP_$NAME_TLS_CERT_PATHS` | - | `LDAP-ca.pem` | A comma-seperated list of paths to TLS certificates for the LDAP server.
|
||||
25
docs/content/references/config/auth/local.md
Normal file
25
docs/content/references/config/auth/local.md
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
# Local
|
||||
|
||||
HedgeDoc provides local accounts, handled internally. This feature only provides basic
|
||||
functionality, so for most environments we recommend using an external authentication mechanism,
|
||||
which also enable more secure authentication like 2FA or WebAuthn.
|
||||
|
||||
| environment variable | default | example | description |
|
||||
|-------------------------------------------|---------|-------------------------|-----------------------------------------------------------------------------------------------------|
|
||||
| `HD_AUTH_LOCAL_ENABLE_LOGIN` | `false` | `true`, `false` | This makes it possible to use the local accounts in HedgeDoc. |
|
||||
| `HD_AUTH_LOCAL_ENABLE_REGISTER` | `false` | `true`, `false` | This makes it possible to register new local accounts in HedgeDoc. |
|
||||
| `HD_AUTH_LOCAL_MINIMAL_PASSWORD_STRENGTH` | `2` | `0`, `1`, `2`, `3`, `4` | The minimum password score, that passwords need to have. See the table below for more explanations. |
|
||||
|
||||
## Password score
|
||||
|
||||
The password score is calculated with [zxcvbn-ts][zxcvbn-ts-score].
|
||||
|
||||
| score | meaning | minimum number of guesses required (approximated) |
|
||||
|:-----:|-------------------------------------------------------------------|---------------------------------------------------|
|
||||
| 0 | All passwords are allowed | - |
|
||||
| 1 | Only `too guessable` passwords are disallowed | 1.000 |
|
||||
| 2 | `too guessable` and `very guessable` passwords are disallowed | 1.000.000 |
|
||||
| 3 | `safely unguessable` and `very unguessable` passwords are allowed | 100.000.000 |
|
||||
| 4 | Only `very unguessable` passwords are allowed | 10.000.000.000 |
|
||||
|
||||
[zxcvbn-ts-score]: https://zxcvbn-ts.github.io/zxcvbn/guide/getting-started/#output
|
||||
Loading…
Add table
Add a link
Reference in a new issue