-
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathauthproxy.cfg
41 lines (38 loc) · 1.14 KB
/
authproxy.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
;
; Config File:: authproxy.cfg
;
; Copyright 2020, Matthew Ahrenstein, All Rights Reserved.
;
; Maintainers:
; - Matthew Ahrenstein: @ahrenstein
;
; See LICENSE
;
; This Duo LDAP Proxy config sets up JumpCloud as the upstream LDAP server for authentication
; The ldapbind user gets exempted from 2FA via Duo by setting it to bypass mode
; This burns a user license in Duo but it's the only way to get both pfSense and Jamf to
; properly authenticate via Duo protected JumpCloud
; Make sure the ldapbind user is set as a bypass user in Duo
[ad_client]
host=ldap.jumpcloud.com
service_account_username=ldapbind
service_account_password=[REDACTED]
bind_dn=uid=ldapbind,ou=Users,o=[REDACTED],dc=jumpcloud,dc=com
username_attribute=uid
transport=ldaps
auth_type=plain
ssl_verify_hostname=false
search_dn=ou=Users,o=[REDACTED],dc=jumpcloud,dc=com
; Make sure to create the approprate SSL cert and key for LDAP use
[ldap_server_auto]
ikey=[REDACTED]
skey=[REDACTED]
api_host=[REDACTED]
factors=push
failmode=secure
client=ad_client
ssl_key_path=/data/duo/ssl.key
ssl_cert_path=/data/duo/ssl.pem
prompt_format=short
exempt_primary_bind=false
allow_unlimited_binds=true