FIX SASL configuration example

This commit is contained in:
Deon George 2011-06-21 13:44:00 +10:00
parent afa4a95b37
commit 446faf78fb
2 changed files with 19 additions and 17 deletions

View File

@ -340,19 +340,19 @@ $servers->setValue('server','name','My LDAP Server');
// $servers->setValue('login','auth_type','sasl'); // $servers->setValue('login','auth_type','sasl');
/* SASL auth mechanism */ /* SASL auth mechanism */
// $servers->setValue('server','sasl_mech','PLAIN'); // $servers->setValue('sasl','mech','GSSAPI');
/* SASL authentication realm name */ /* SASL authentication realm name */
// $servers->setValue('server','sasl_realm',''); // $servers->setValue('sasl','realm','');
# $servers->setValue('server','sasl_realm','example.com'); # $servers->setValue('sasl','realm','EXAMPLE.COM');
/* SASL authorization ID name /* SASL authorization ID name
If this option is undefined, authorization id will be computed from bind DN, If this option is undefined, authorization id will be computed from bind DN,
using sasl_authz_id_regex and sasl_authz_id_replacement. */ using authz_id_regex and authz_id_replacement. */
// $servers->setValue('server','sasl_authz_id', null); // $servers->setValue('sasl','authz_id', null);
/* SASL authorization id regex and replacement /* SASL authorization id regex and replacement
When sasl_authz_id property is not set (default), phpLDAPAdmin will try to When authz_id property is not set (default), phpLDAPAdmin will try to
figure out authorization id by itself from bind distinguished name (DN). figure out authorization id by itself from bind distinguished name (DN).
This procedure is done by calling preg_replace() php function in the This procedure is done by calling preg_replace() php function in the
@ -364,14 +364,14 @@ $servers->setValue('server','name','My LDAP Server');
For info about pcre regexes, see: For info about pcre regexes, see:
- pcre(3), perlre(3) - pcre(3), perlre(3)
- http://www.php.net/preg_replace */ - http://www.php.net/preg_replace */
// $servers->setValue('server','sasl_authz_id_regex',null); // $servers->setValue('sasl','authz_id_regex',null);
// $servers->setValue('server','sasl_authz_id_replacement',null); // $servers->setValue('sasl','authz_id_replacement',null);
# $servers->setValue('server','sasl_authz_id_regex','/^uid=([^,]+)(.+)/i'); # $servers->setValue('sasl','authz_id_regex','/^uid=([^,]+)(.+)/i');
# $servers->setValue('server','sasl_authz_id_replacement','$1'); # $servers->setValue('sasl','authz_id_replacement','$1');
/* SASL auth security props. /* SASL auth security props.
See http://beepcore-tcl.sourceforge.net/tclsasl.html#anchor5 for explanation. */ See http://beepcore-tcl.sourceforge.net/tclsasl.html#anchor5 for explanation. */
// $servers->setValue('server','sasl_props',null); // $servers->setValue('sasl','props',null);
/* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5, /* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5,
blowfish, crypt or leave blank for now default algorithm. */ blowfish, crypt or leave blank for now default algorithm. */
@ -532,12 +532,12 @@ $servers->setValue('server','tls',false);
# SASL auth # SASL auth
$servers->setValue('login','auth_type','sasl'); $servers->setValue('login','auth_type','sasl');
$servers->setValue('server','sasl_mech','GSSAPI'); $servers->setValue('sasl','mech','GSSAPI');
$servers->setValue('server','sasl_realm','EXAMPLE.COM'); $servers->setValue('sasl','realm','EXAMPLE.COM');
$servers->setValue('server','sasl_authz_id',null); $servers->setValue('sasl','authz_id',null);
$servers->setValue('server','sasl_authz_id_regex','/^uid=([^,]+)(.+)/i'); $servers->setValue('sasl','authz_id_regex','/^uid=([^,]+)(.+)/i');
$servers->setValue('server','sasl_authz_id_replacement','$1'); $servers->setValue('sasl','authz_id_replacement','$1');
$servers->setValue('server','sasl_props',null); $servers->setValue('sasl','props',null);
$servers->setValue('appearance','password_hash','md5'); $servers->setValue('appearance','password_hash','md5');
$servers->setValue('login','attr','dn'); $servers->setValue('login','attr','dn');

View File

@ -623,6 +623,8 @@ class ldap extends DS {
if (! isset($CACHE['login_dn'])) if (! isset($CACHE['login_dn']))
$CACHE['login_dn'] = is_null($this->getLogin($method)) ? $this->getLogin('user') : $this->getLogin($method); $CACHE['login_dn'] = is_null($this->getLogin($method)) ? $this->getLogin('user') : $this->getLogin($method);
$CACHE['authz_id'] = '';
/* /*
# Do we need to rewrite authz_id? # Do we need to rewrite authz_id?
if (! isset($CACHE['authz_id'])) if (! isset($CACHE['authz_id']))