diff --git a/INSTALL b/INSTALL index 7618b9a..78ea6f7 100644 --- a/INSTALL +++ b/INSTALL @@ -1,5 +1,5 @@ For install instructions in non-English languages, see the wiki: - http://wiki.phpldapadmin.info + http://wiki.pldapadmin.com * Requirements @@ -17,7 +17,7 @@ For install instructions in non-English languages, see the wiki: * For additional help See the wiki: - http://wiki.phpldapadmin.info + http://wiki.pldapadmin.com Join our mailing list: https://lists.sourceforge.net/lists/listinfo/phpldapadmin-devel diff --git a/VERSION b/VERSION index 63161b2..11e7b29 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -$Name: RELEASE-0_9_8_1 $ +$Name: RELEASE-1_0_0 $ diff --git a/config/config.php.example b/config/config.php.example index 11a5b2f..1e4c80f 100644 --- a/config/config.php.example +++ b/config/config.php.example @@ -1,9 +1,4 @@ default->appearance['lang'] = array( - * 'desc'=>'Language', - * 'default'=>'auto'); + * 'desc'=>'Language', + * 'default'=>'auto'); * * to override this, use $config->custom->appearance['lang'] = 'en'; * @@ -115,6 +110,50 @@ $ldapservers->SetValue($i,'server','name','My LDAP Server'); /* Use TLS (Transport Layer Security) to connect to the LDAP server. */ // $ldapservers->SetValue($i,'server','tls',false); +/************************************ + * SASL Authentication * + ************************************/ + +/* Enable SASL authentication LDAP SASL authentication requires PHP 5.x + configured with --with-ldap-sasl=DIR. If this option is disabled (ie, set to + false), then all other sasl options are ignored. */ +// $ldapservers->SetValue($i,'server','sasl_auth', false); + +/* SASL auth mechanism */ +// $ldapservers->SetValue($i,'server','sasl_mech', "PLAIN"); + +/* SASL authentication realm name */ +// $ldapservers->SetValue($i,'server','sasl_realm',''); +# $ldapservers->SetValue($i,'server','sasl_realm',"example.com"); + +/* SASL authorization ID name + If this option is undefined, authorization id will be computed from bind DN, + using sasl_authz_id_regex and sasl_authz_id_replacement. */ +// $ldapservers->SetValue($i,'server','sasl_authz_id', null); + +/* SASL authorization id regex and replacement + When sasl_authz_id property is not set (default), phpLDAPAdmin will try to + figure out authorization id by itself from bind distinguished name (DN). + + This procedure is done by calling preg_replace() php function in the + following way: + + $authz_id = preg_replace($sasl_authz_id_regex,$sasl_authz_id_replacement, + $bind_dn); + + For info about pcre regexes, see: + - pcre(3), perlre(3) + - http://www.php.net/preg_replace */ +// $ldapservers->SetValue($i,'server','sasl_authz_id_regex',null); +// $ldapservers->SetValue($i,'server','sasl_authz_id_replacement',null); +# $ldapservers->SetValue($i,'server','sasl_authz_id_regex','/^uid=([^,]+)(.+)/i'); +# $ldapservers->SetValue($i,'server','sasl_authz_id_replacement','$1'); + +/* SASL auth security props. + See http://beepcore-tcl.sourceforge.net/tclsasl.html#anchor5 for explanation. +*/ +// $ldapservers->SetValue($i,'server','sasl_props',null); + /* If the link between your web server and this LDAP server is slow, it is recommended that you set 'low_bandwidth' to true. This will enable phpLDAPadmin to forego some "fancy" features to conserve bandwidth. */ @@ -146,7 +185,7 @@ $ldapservers->SetValue($i,'server','name','My LDAP Server'); /* If 'login_attr' is used above such that phpLDAPadmin will search for your DN at login, you may restrict the search to a specific objectClass. EG, set this to 'posixAccount' or 'inetOrgPerson', depending upon your setup. */ -// $ldapservers->SetValue($i,'login','class',null); +// $ldapservers->SetValue($i,'login','class',''); /* Specify true If you want phpLDAPadmin to not display or permit any modification to the LDAP server. */ @@ -169,50 +208,50 @@ $ldapservers->SetValue($i,'server','name','My LDAP Server'); // $ldapservers->SetValue($i,'auto_number','mechanism','search'); /* The DN of the search base when the 'search' mechanism is used above. */ -# $ldapservers->SetValue($i,'auto_number','search_base','ou=People,dc=example,dc=com'); +// $ldapservers->SetValue($i,'auto_number','search_base','ou=People,dc=example,dc=com'); /* The minimum number to use when searching for the next available UID number (only when 'search' is used for auto_uid_number_mechanism' */ // $ldapservers->SetValue($i,'auto_number','min','1000'); /* The DN of the uidPool entry when 'uidpool' mechanism is used above. */ -# $servers[$i]['auto_uid_number_uid_pool_dn'] = 'cn=uidPool,dc=example,dc=com'; +// $servers[$i]['auto_uid_number_uid_pool_dn'] = 'cn=uidPool,dc=example,dc=com'; /* If you set this, then phpldapadmin will bind to LDAP with this user ID when searching for the uidnumber. The idea is, this user id would have full (readonly) access to uidnumber in your ldap directory (the logged in user may not), so that you can be guaranteed to get a unique uidnumber for your directory. */ -// $ldapservers->SetValue($i,'auto_number','dn',null); +// $ldapservers->SetValue($i,'auto_number','dn',''); /* The password for the dn above. */ -// $ldapservers->SetValue($i,'auto_number','pass',null); +// $ldapservers->SetValue($i,'auto_number','pass',''); /* Enable anonymous bind login. */ // $ldapservers->SetValue($i,'login','anon_bind',true); /* Use customized page with prefix when available. */ -# $ldapservers->SetValue($i,'custom','pages_prefix','custom_'); +// $ldapservers->SetValue($i,'custom','pages_prefix','custom_'); /* If you set this, then phpldapadmin will bind to LDAP with this user when testing for unique attributes (as set in unique_attrs array). If you want to enforce unique attributes, than this id should have full (readonly) access to the attributes in question (the logged in user may not have enough access) */ -// $ldapservers->SetValue($i,'unique_attrs','dn',null); +// $ldapservers->SetValue($i,'unique_attrs','dn',''); /* The password for the dn above */ -// $ldapservers->SetValue($i,'unique_attrs','pass',null); +// $ldapservers->SetValue($i,'unique_attrs','pass',''); /* If you set this, then only these DNs are allowed to log in. This array can contain individual users, groups or ldap search filter(s). Keep in mind that the user has not authenticated yet, so this will be an anonymous search to the LDAP server, so make your ACLs allow these searches to return results! */ -# $ldapservers->SetValue($i,'login','allowed_dns',array( -# 'uid=stran,ou=People,dc=example,dc=com', -# '(&(gidNumber=811)(objectClass=groupOfNames))', -# '(|(uidNumber=200)(uidNumber=201))', -# 'cn=callcenter,ou=Group,dc=example,dc=com')); +# $ldapservers->SetValue($i,'login','allowed_dns',array( +# 'uid=stran,ou=People,dc=example,dc=com', +# '(&(gidNumber=811)(objectClass=groupOfNames))', +# '(|(uidNumber=200)(uidNumber=201))', +# 'cn=callcenter,ou=Group,dc=example,dc=com')); /* Set this if you dont want this LDAP server to show in the tree */ // $ldapservers->SetValue($i,'appearance','visible',true); @@ -245,20 +284,29 @@ $ldapservers->SetValue($i,'server','tls',false); $ldapservers->SetValue($i,'server','low_bandwidth',false); $ldapservers->SetValue($i,'appearance','password_hash','md5'); $ldapservers->SetValue($i,'login','attr','dn'); -$ldapservers->SetValue($i,'login','string',null); -$ldapservers->SetValue($i,'login','class',null); +$ldapservers->SetValue($i,'login','string',''); +$ldapservers->SetValue($i,'login','class',''); $ldapservers->SetValue($i,'server','read_only',false); $ldapservers->SetValue($i,'appearance','show_create',true); $ldapservers->SetValue($i,'auto_number','enable',true); $ldapservers->SetValue($i,'auto_number','mechanism','search'); -$ldapservers->SetValue($i,'auto_number','search_base',null); +$ldapservers->SetValue($i,'auto_number','search_base',''); $ldapservers->SetValue($i,'auto_number','min','1000'); -$ldapservers->SetValue($i,'auto_number','dn',null); -$ldapservers->SetValue($i,'auto_number','pass',null); +$ldapservers->SetValue($i,'auto_number','dn',''); +$ldapservers->SetValue($i,'auto_number','pass',''); $ldapservers->SetValue($i,'login','anon_bind',true); $ldapservers->SetValue($i,'custom','pages_prefix','custom_'); -$ldapservers->SetValue($i,'unique_attrs','dn',null); -$ldapservers->SetValue($i,'unique_attrs','pass',null); +$ldapservers->SetValue($i,'unique_attrs','dn',''); +$ldapservers->SetValue($i,'unique_attrs','pass',''); + +# SASL auth +$ldapservers->SetValue($i,'server','sasl_auth', true); +$ldapservers->SetValue($i,'server','sasl_mech', "PLAIN"); +$ldapservers->SetValue($i,'server','sasl_realm', "EXAMPLE.COM"); +$ldapservers->SetValue($i,'server','sasl_authz_id', null); +$ldapservers->SetValue($i,'server','sasl_authz_id_regex', '/^uid=([^,]+)(.+)/i'); +$ldapservers->SetValue($i,'server','sasl_authz_id_replacement', '$1'); +$ldapservers->SetValue($i,'server','sasl_props', null); */ /*********************************************/ @@ -270,7 +318,7 @@ $ldapservers->SetValue($i,'unique_attrs','pass',null); $friendly_attrs = array(); $friendly_attrs['facsimileTelephoneNumber'] = 'Fax'; -$friendly_attrs['telephoneNumber'] = 'Phone'; +$friendly_attrs['telephoneNumber'] = 'Phone'; /*********************************************/ /* Support for attrs display order */ @@ -282,16 +330,16 @@ $friendly_attrs['telephoneNumber'] = 'Phone'; attributes that are not specified in this array will be displayed after in alphabetical order. */ # $attrs_display_order = array( -# 'givenName', -# 'sn', -# 'cn', -# 'displayName', -# 'uid', -# 'uidNumber', -# 'gidNumber', -# 'homeDirectory', -# 'mail', -# 'userPassword' +# 'givenName', +# 'sn', +# 'cn', +# 'displayName', +# 'uid', +# 'uidNumber', +# 'gidNumber', +# 'homeDirectory', +# 'mail', +# 'userPassword' # ); /*********************************************/ @@ -310,8 +358,8 @@ $friendly_attrs['telephoneNumber'] = 'Phone'; /* Hidden attributes in read-only mode. If undefined, it will be equal to $hidden_attrs. */ # $hidden_attrs_ro = array( -# 'objectClass','shadowWarning', 'shadowLastChange', 'shadowMax', -# 'shadowFlag', 'shadowInactive', 'shadowMin', 'shadowExpire'); +# 'objectClass','shadowWarning', 'shadowLastChange', 'shadowMax', +# 'shadowFlag', 'shadowInactive', 'shadowMin', 'shadowExpire'); /** **/ /** Read-only attributes **/ @@ -362,7 +410,7 @@ $queries[$q]['scope'] = 'sub'; $queries[$q]['filter'] = '(&(objectClass=posixAccount)(uid=*))'; /* The attributes to return */ -$queries[$q]['attributes'] = 'cn, uid, homeDirectory, telephonenumber, jpegphoto'; +$queries[$q]['attributes'] = 'cn, uid, homeDirectory'; /* If you want to configure more pre-defined queries, copy and paste the above (including the "$q++;") */ $q++; diff --git a/doc/README-translation.txt b/doc/README-translation.txt index 8c4cc33..fa1141a 100644 --- a/doc/README-translation.txt +++ b/doc/README-translation.txt @@ -1,2 +1,2 @@ -Please see http://wiki.phpldapadmin.info/Translating now for information on +Please see http://wiki.pldapadmin.com/Translating now for information on translating PLA. diff --git a/htdocs/add_attr.php b/htdocs/add_attr.php index c8e9aa1..5157089 100644 --- a/htdocs/add_attr.php +++ b/htdocs/add_attr.php @@ -1,5 +1,5 @@ getDNAttr($dn,$attr); -if ($current_values) { - if (! is_array($current_values)) - $current_values = array($current_values); - - $num_current_values = count($current_values); - -} else { - $current_values = array(); +if ($current_values) + $num_current_values = (is_array($current_values) ? count($current_values) : 1); +else $num_current_values = 0; -} $is_object_class = (strcasecmp($attr, 'objectClass') == 0) ? true : false; @@ -113,18 +107,18 @@ if ($num_current_values) { if (strcasecmp($attr,'userPassword') == 0) { foreach ($current_values as $key => $value) { if (obfuscate_password_display(get_enc_type($value))) - echo '