By default, `gobottin` connects to the Consul server on localhost.
Change this by specifying the `consul_host` key in the json config file.
## Bind address
By default, `gobottin` listens on all interfaces on port 389.
Change this by setting the `bind_address` key in the json config file.
## TLS
`gobottin` supports SSL connections using the STARTTLS LDAP functionnality.
To use it, specify the following three keys in the json config file:
-`ssl_server_name`: the host name that clients will use to reach your LDAP server
-`ssl_cert_file`: path to your SSL certificate (a `.pem` file)
-`ssl_key_file`: path to your SSL key (a `.pem` file)
## Access control list
`gobottin` supports a flexible syntax to specify access rights to items in the database.
The ACL is specified as a list of rules. A request will be allowed if there exists a rule that allows it. Otherwise an insufficient permission error will be returned.
The list of ACL rules are specified in the `acl` key of the json config file, as a list of strings whose structure is defined in the next paragraph.
### Rule format
A rule is a string composed of five fields separated by `:`. The fields are the following:
1. The name of the user that must be bound (logged in) for the rule to apply. May contain wildcards such as `*` (see the format used by Go's `path.Match`). The special name `ANONYMOUS` applies to clients before they bind to an LDAP entity.
2. The groups that the user must be a part of, separated by spaces. Wildcards may also be used. If several groups (or wildcard group patterns) are specified, for each pattern the user must be part of a group that matches it.
4. The target entity of the action as a pattern that may contain wildcards. The special word `SELF` is replaced by the entity name of the bound user before trying to match.
5. The allowed attributes for a read, add or modify operation. This is specified as a list of patterns to include and exclude attributes, separated by spaces. A pattern that starts by `!` is an exclude pattern, otherwise it is an include pattern. To read/write an attribute, it has to match at least one include pattern and not match any exclude pattern. Delete operations do not check for any attribute, thus as soon as `delete` is included in the allowed actions, the right to delete entities is granted.