This file is indexed.

/etc/obs/api/config/options.yml is in obs-api 2.7.4-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
#
# This file contains the default configuration of the Open Build Service API.
#

#read_only_hosts: [ "build.opensuse.org", "software.opensuse.org" ]

# Make use of mod_xforward module in apache
#use_xforward: true

# Make use of X-Accel-Redirect for Nginx.
# http://kovyrin.net/2010/07/24/nginx-fu-x-accel-redirect-remote
#use_nginx_redirect: /internal_redirect 

# Minimum count of rating votes a project/package needs to # be taken in account
# for global statistics:
min_votes_for_rating: 3

# Set to true to verify XML reponses comply to the schema
response_schema_validation: false

# backend source server
source_host: localhost
# NOTE: the source_port setting is ignored and hardcoded for "test" and "development" env
source_port: 5352
#source_protocol: https

# api access to this instance
frontend_host: localhost
frontend_port: 443
frontend_protocol: https
#api_relative_url_root: /obs
# if your users access the hosts through a proxy (or just a different name, use this to
# overwrite the settings for users)
#external_frontend_host: api.opensuse.org
#external_frontend_port: 443
#external_frontend_protocol: https


extended_backend_log: false

# proxy_auth_mode can be :off, :on or :simulate
proxy_auth_mode: :off

# ATTENTION: If proxy_auth_mode'is :on, the frontend takes the user
# name that is coming as headervalue X-username as a
# valid user does no further authentication. So take care...
proxy_auth_test_user: coolguy
proxy_auth_test_email: coolguy@example.com

#schema_location

#version

# if set to false, the API will only fake writes to backend (useful in testing)
# global_write_through: true

# see http://colszowka.heroku.com/2011/02/22/setting-up-your-custom-hoptoad-notifier-endpoint-for-free-using-errbit-on-heroku
#errbit_api_key: api_key_of_your_app
#errbit_host: installation.of.errbit.com

##################
# LDAP options
##################

#### WARNING: LDAP mode is not official supported by OBS!
ldap_mode: :off
#### WARNING: LDAP mode is not official supported by OBS!

# LDAP Servers separated by ':'.
# OVERRIDE with your company's ldap servers. Servers are picked randomly for
# each connection to distribute load.
ldap_servers: ldap1.mycompany.com:ldap2.mycompany.com

# Max number of times to attempt to contact the LDAP servers
ldap_max_attempts: 15

# The attribute the user memberof is stored in
ldap_user_memberof_attr: memberof

# Perform the group_user search with the member attribute of group entry or memberof attribute of user entry
# It depends on your ldap define
# The attribute the group member is stored in
ldap_group_member_attr: member

# If you're using ldap_authenticate=:ldap then you should ensure that
# ldaps is used to transfer the credentials over SSL or use the StartTLS extension
ldap_ssl: :on

# Use StartTLS extension of LDAP
ldap_start_tls: :off

# LDAP port defaults to 636 for ldaps and 389 for ldap and ldap with StartTLS
#ldap_port:
# Authentication with Windows 2003 AD requires
ldap_referrals: :off

# OVERRIDE with your company's ldap search base for the users who will use OBS
ldap_search_base: OU=Organizational Unit,DC=Domain Component
# Sam Account Name is the login name for LDAP
ldap_search_attr: sAMAccountName
# The attribute the users name is stored in
ldap_name_attr: cn
# The attribute the users email is stored in
ldap_mail_attr: mail
# Credentials to use to search ldap for the username
ldap_search_user: ""
ldap_search_auth: ""

# By default any LDAP user can be used to authenticate to the OBS
# In some deployments this may be too broad and certain criteria should
# be met; eg group membership
#
# To allow only users in a specific group uncomment this line:
#ldap_user_filter: (memberof=CN=group,OU=Groups,DC=Domain Component)
#
# Note this is joined to the normal selection like so:
# (&(#{ldap_search_attr}=#{login})#{ldap_user_filter})
# giving an ldap search of:
#  (&(sAMAccountName=#{login})(memberof=CN=group,OU=Groups,DC=Domain Component))
#
# Also note that openLDAP must be configured to use the memberOf overlay

# ldap_authenticate says how the credentials are verified:
#   :ldap = attempt to bind to ldap as user using supplied credentials
#   :local = compare the credentials supplied with those in
#            LDAP using #{ldap_auth_attr} & #{ldap_auth_mech}
#       if :local is used then ldap_auth_mech can be
#       :md5
#       :cleartext
ldap_authenticate: :ldap
ldap_auth_mech: :md5
# This is a string
ldap_auth_attr: userPassword

# Whether to update the user info to LDAP server, it does not take effect
# when ldap_mode is not set.
# Since adding new entry operation are more depend on your slapd db define, it might not
# compatiable with all LDAP server settings, you can use other LDAP client tools for your specific usage
ldap_update_support: :off
# ObjectClass, used for adding new entry
ldap_object_class: inetOrgPerson
# Base dn for the new added entry
ldap_entry_base: ou=OBSUSERS,dc=EXAMPLE,dc=COM
# Does sn attribute required, it is a necessary attribute for most of people objectclass,
# used for adding new entry
ldap_sn_attr_required: :on

# Whether to search group info from ldap, it does not take effect
# when LDAP_GROUP_SUPPOR is not set.
# Please also set below LDAP_GROUP_* configs correctly to ensure the operation works properly
ldap_group_support: :off
# OVERRIDE with your company's ldap search base for groups
ldap_group_search_base: ou=OBSGROUPS,dc=EXAMPLE,dc=COM
# The attribute the group name is stored in
ldap_group_title_attr: cn
# The value of the group objectclass attribute, leave it as "" if objectclass attr doesn't exist
ldap_group_objectclass_attr: groupOfNames

# This is to prevent fdupes from hardlinking