From 446faf78fb7185b88b3caaf3bfafb9105e025cff Mon Sep 17 00:00:00 2001 From: Deon George Date: Tue, 21 Jun 2011 13:44:00 +1000 Subject: [PATCH] FIX SASL configuration example --- config/config.php.example | 34 +++++++++++++++++----------------- lib/ds_ldap.php | 2 ++ 2 files changed, 19 insertions(+), 17 deletions(-) diff --git a/config/config.php.example b/config/config.php.example index fb66364..95d2499 100644 --- a/config/config.php.example +++ b/config/config.php.example @@ -340,19 +340,19 @@ $servers->setValue('server','name','My LDAP Server'); // $servers->setValue('login','auth_type','sasl'); /* SASL auth mechanism */ -// $servers->setValue('server','sasl_mech','PLAIN'); +// $servers->setValue('sasl','mech','GSSAPI'); /* SASL authentication realm name */ -// $servers->setValue('server','sasl_realm',''); -# $servers->setValue('server','sasl_realm','example.com'); +// $servers->setValue('sasl','realm',''); +# $servers->setValue('sasl','realm','EXAMPLE.COM'); /* SASL authorization ID name If this option is undefined, authorization id will be computed from bind DN, - using sasl_authz_id_regex and sasl_authz_id_replacement. */ -// $servers->setValue('server','sasl_authz_id', null); + using authz_id_regex and authz_id_replacement. */ +// $servers->setValue('sasl','authz_id', null); /* SASL authorization id regex and replacement - When sasl_authz_id property is not set (default), phpLDAPAdmin will try to + When authz_id property is not set (default), phpLDAPAdmin will try to figure out authorization id by itself from bind distinguished name (DN). This procedure is done by calling preg_replace() php function in the @@ -364,14 +364,14 @@ $servers->setValue('server','name','My LDAP Server'); For info about pcre regexes, see: - pcre(3), perlre(3) - http://www.php.net/preg_replace */ -// $servers->setValue('server','sasl_authz_id_regex',null); -// $servers->setValue('server','sasl_authz_id_replacement',null); -# $servers->setValue('server','sasl_authz_id_regex','/^uid=([^,]+)(.+)/i'); -# $servers->setValue('server','sasl_authz_id_replacement','$1'); +// $servers->setValue('sasl','authz_id_regex',null); +// $servers->setValue('sasl','authz_id_replacement',null); +# $servers->setValue('sasl','authz_id_regex','/^uid=([^,]+)(.+)/i'); +# $servers->setValue('sasl','authz_id_replacement','$1'); /* SASL auth security props. See http://beepcore-tcl.sourceforge.net/tclsasl.html#anchor5 for explanation. */ -// $servers->setValue('server','sasl_props',null); +// $servers->setValue('sasl','props',null); /* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5, blowfish, crypt or leave blank for now default algorithm. */ @@ -532,12 +532,12 @@ $servers->setValue('server','tls',false); # SASL auth $servers->setValue('login','auth_type','sasl'); -$servers->setValue('server','sasl_mech','GSSAPI'); -$servers->setValue('server','sasl_realm','EXAMPLE.COM'); -$servers->setValue('server','sasl_authz_id',null); -$servers->setValue('server','sasl_authz_id_regex','/^uid=([^,]+)(.+)/i'); -$servers->setValue('server','sasl_authz_id_replacement','$1'); -$servers->setValue('server','sasl_props',null); +$servers->setValue('sasl','mech','GSSAPI'); +$servers->setValue('sasl','realm','EXAMPLE.COM'); +$servers->setValue('sasl','authz_id',null); +$servers->setValue('sasl','authz_id_regex','/^uid=([^,]+)(.+)/i'); +$servers->setValue('sasl','authz_id_replacement','$1'); +$servers->setValue('sasl','props',null); $servers->setValue('appearance','password_hash','md5'); $servers->setValue('login','attr','dn'); diff --git a/lib/ds_ldap.php b/lib/ds_ldap.php index 5849c4b..d3bb8d4 100644 --- a/lib/ds_ldap.php +++ b/lib/ds_ldap.php @@ -623,6 +623,8 @@ class ldap extends DS { if (! isset($CACHE['login_dn'])) $CACHE['login_dn'] = is_null($this->getLogin($method)) ? $this->getLogin('user') : $this->getLogin($method); + $CACHE['authz_id'] = ''; + /* # Do we need to rewrite authz_id? if (! isset($CACHE['authz_id']))