From f92035b6fd4c6d13ddb9d31e4aa617a527370c5c Mon Sep 17 00:00:00 2001
From: Christian Medel <dev@elbullazul.net>
Date: Mon, 25 Nov 2024 16:20:09 -0500
Subject: [PATCH] example_configs: Add Kimai

---
 README.md                  |  1 +
 example_configs/kimai.yaml | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 example_configs/kimai.yaml

diff --git a/README.md b/README.md
index 3e2ca65..7443b45 100644
--- a/README.md
+++ b/README.md
@@ -594,6 +594,7 @@ folder for help with:
 - [Jitsi Meet](example_configs/jitsi_meet.conf)
 - [Kasm](example_configs/kasm.md)
 - [KeyCloak](example_configs/keycloak.md)
+- [Kimai](example_configs/kimai.yaml)
 - [LibreNMS](example_configs/librenms.md)
 - [Maddy](example_configs/maddy.md)
 - [Mastodon](example_configs/mastodon.env.example)
diff --git a/example_configs/kimai.yaml b/example_configs/kimai.yaml
new file mode 100644
index 0000000..2d18df3
--- /dev/null
+++ b/example_configs/kimai.yaml
@@ -0,0 +1,36 @@
+# See https://www.kimai.org/documentation/local-yaml.html
+# this file should be renamed local.yaml
+kimai:
+  ldap:
+    activate: true
+    connection:
+      host: lldap
+      port: 3890       # 6360 for LDAPS
+      useSsl: false    # true for LDAPS
+      useStartTls: false
+      username: uid=admin,ou=people,dc=example,dc=com
+      password: <PASSWORD_HERE>
+      accountFilterFormat: (&(objectClass=person)(uid=%s))
+      bindRequiresDn: true
+      optReferrals: false
+
+    user:
+      baseDn: ou=people, dc=example, dc=com
+      usernameAttribute: uid
+      filter: (&(objectClass=person))   # to filter by group, add (memberof=cn=kimai,ou=groups,dc=example,dc=com) [group 'kimai' must be created in web UI]
+      attributes:
+        - { ldap_attr: "uid", user_method: setUserIdentifier }
+        - { ldap_attr: "mail", user_method: setEmail }
+        - { ldap_attr: "cn", user_method: setAlias }
+
+    role:
+      baseDn: ou=groups, dc=example, dc=com
+      filter: (&(objectClass=groupOfUniqueNames))
+      usernameAttribute: cn
+      nameAttribute: cn
+      userDnAttribute: member
+
+      # Convert LDAP group name (nameAttribute) to Kimai role. Available roles are listed here: https://www.kimai.org/documentation/permissions.html
+      groups:
+        - { ldap_value: lldap_admin, role: ROLE_SUPER_ADMIN }
+        # add additional group mappings here
\ No newline at end of file