RELEASE 1.0.0
This commit is contained in:
Deon George
@@ -1,9 +1,4 @@
|
||||
<?php
|
||||
/** NOTE **
|
||||
** Make sure that <?php is the FIRST line of this file!
|
||||
** IE: There should NOT be any blank lines or spaces BEFORE <?php
|
||||
**/
|
||||
|
||||
/**
|
||||
* The phpLDAPadmin config file
|
||||
*
|
||||
@@ -14,8 +9,8 @@
|
||||
* For example, the default for defining the language in config_default.php
|
||||
*
|
||||
* $this->default->appearance['lang'] = array(
|
||||
* 'desc'=>'Language',
|
||||
* 'default'=>'auto');
|
||||
* 'desc'=>'Language',
|
||||
* 'default'=>'auto');
|
||||
*
|
||||
* to override this, use $config->custom->appearance['lang'] = 'en';
|
||||
*
|
||||
@@ -115,6 +110,50 @@ $ldapservers->SetValue($i,'server','name','My LDAP Server');
|
||||
/* Use TLS (Transport Layer Security) to connect to the LDAP server. */
|
||||
// $ldapservers->SetValue($i,'server','tls',false);
|
||||
|
||||
/************************************
|
||||
* SASL Authentication *
|
||||
************************************/
|
||||
|
||||
/* Enable SASL authentication LDAP SASL authentication requires PHP 5.x
|
||||
configured with --with-ldap-sasl=DIR. If this option is disabled (ie, set to
|
||||
false), then all other sasl options are ignored. */
|
||||
// $ldapservers->SetValue($i,'server','sasl_auth', false);
|
||||
|
||||
/* SASL auth mechanism */
|
||||
// $ldapservers->SetValue($i,'server','sasl_mech', "PLAIN");
|
||||
|
||||
/* SASL authentication realm name */
|
||||
// $ldapservers->SetValue($i,'server','sasl_realm','');
|
||||
# $ldapservers->SetValue($i,'server','sasl_realm',"example.com");
|
||||
|
||||
/* SASL authorization ID name
|
||||
If this option is undefined, authorization id will be computed from bind DN,
|
||||
using sasl_authz_id_regex and sasl_authz_id_replacement. */
|
||||
// $ldapservers->SetValue($i,'server','sasl_authz_id', null);
|
||||
|
||||
/* SASL authorization id regex and replacement
|
||||
When sasl_authz_id property is not set (default), phpLDAPAdmin will try to
|
||||
figure out authorization id by itself from bind distinguished name (DN).
|
||||
|
||||
This procedure is done by calling preg_replace() php function in the
|
||||
following way:
|
||||
|
||||
$authz_id = preg_replace($sasl_authz_id_regex,$sasl_authz_id_replacement,
|
||||
$bind_dn);
|
||||
|
||||
For info about pcre regexes, see:
|
||||
- pcre(3), perlre(3)
|
||||
- http://www.php.net/preg_replace */
|
||||
// $ldapservers->SetValue($i,'server','sasl_authz_id_regex',null);
|
||||
// $ldapservers->SetValue($i,'server','sasl_authz_id_replacement',null);
|
||||
# $ldapservers->SetValue($i,'server','sasl_authz_id_regex','/^uid=([^,]+)(.+)/i');
|
||||
# $ldapservers->SetValue($i,'server','sasl_authz_id_replacement','$1');
|
||||
|
||||
/* SASL auth security props.
|
||||
See http://beepcore-tcl.sourceforge.net/tclsasl.html#anchor5 for explanation.
|
||||
*/
|
||||
// $ldapservers->SetValue($i,'server','sasl_props',null);
|
||||
|
||||
/* If the link between your web server and this LDAP server is slow, it is
|
||||
recommended that you set 'low_bandwidth' to true. This will enable
|
||||
phpLDAPadmin to forego some "fancy" features to conserve bandwidth. */
|
||||
@@ -146,7 +185,7 @@ $ldapservers->SetValue($i,'server','name','My LDAP Server');
|
||||
/* If 'login_attr' is used above such that phpLDAPadmin will search for your DN
|
||||
at login, you may restrict the search to a specific objectClass. EG, set this
|
||||
to 'posixAccount' or 'inetOrgPerson', depending upon your setup. */
|
||||
// $ldapservers->SetValue($i,'login','class',null);
|
||||
// $ldapservers->SetValue($i,'login','class','');
|
||||
|
||||
/* Specify true If you want phpLDAPadmin to not display or permit any
|
||||
modification to the LDAP server. */
|
||||
@@ -169,50 +208,50 @@ $ldapservers->SetValue($i,'server','name','My LDAP Server');
|
||||
// $ldapservers->SetValue($i,'auto_number','mechanism','search');
|
||||
|
||||
/* The DN of the search base when the 'search' mechanism is used above. */
|
||||
# $ldapservers->SetValue($i,'auto_number','search_base','ou=People,dc=example,dc=com');
|
||||
// $ldapservers->SetValue($i,'auto_number','search_base','ou=People,dc=example,dc=com');
|
||||
|
||||
/* The minimum number to use when searching for the next available UID number
|
||||
(only when 'search' is used for auto_uid_number_mechanism' */
|
||||
// $ldapservers->SetValue($i,'auto_number','min','1000');
|
||||
|
||||
/* The DN of the uidPool entry when 'uidpool' mechanism is used above. */
|
||||
# $servers[$i]['auto_uid_number_uid_pool_dn'] = 'cn=uidPool,dc=example,dc=com';
|
||||
// $servers[$i]['auto_uid_number_uid_pool_dn'] = 'cn=uidPool,dc=example,dc=com';
|
||||
|
||||
/* If you set this, then phpldapadmin will bind to LDAP with this user ID when
|
||||
searching for the uidnumber. The idea is, this user id would have full
|
||||
(readonly) access to uidnumber in your ldap directory (the logged in user
|
||||
may not), so that you can be guaranteed to get a unique uidnumber for your
|
||||
directory. */
|
||||
// $ldapservers->SetValue($i,'auto_number','dn',null);
|
||||
// $ldapservers->SetValue($i,'auto_number','dn','');
|
||||
|
||||
/* The password for the dn above. */
|
||||
// $ldapservers->SetValue($i,'auto_number','pass',null);
|
||||
// $ldapservers->SetValue($i,'auto_number','pass','');
|
||||
|
||||
/* Enable anonymous bind login. */
|
||||
// $ldapservers->SetValue($i,'login','anon_bind',true);
|
||||
|
||||
/* Use customized page with prefix when available. */
|
||||
# $ldapservers->SetValue($i,'custom','pages_prefix','custom_');
|
||||
// $ldapservers->SetValue($i,'custom','pages_prefix','custom_');
|
||||
|
||||
/* If you set this, then phpldapadmin will bind to LDAP with this user when
|
||||
testing for unique attributes (as set in unique_attrs array). If you want to
|
||||
enforce unique attributes, than this id should have full (readonly) access
|
||||
to the attributes in question (the logged in user may not have enough access)
|
||||
*/
|
||||
// $ldapservers->SetValue($i,'unique_attrs','dn',null);
|
||||
// $ldapservers->SetValue($i,'unique_attrs','dn','');
|
||||
|
||||
/* The password for the dn above */
|
||||
// $ldapservers->SetValue($i,'unique_attrs','pass',null);
|
||||
// $ldapservers->SetValue($i,'unique_attrs','pass','');
|
||||
|
||||
/* If you set this, then only these DNs are allowed to log in. This array can
|
||||
contain individual users, groups or ldap search filter(s). Keep in mind that
|
||||
the user has not authenticated yet, so this will be an anonymous search to
|
||||
the LDAP server, so make your ACLs allow these searches to return results! */
|
||||
# $ldapservers->SetValue($i,'login','allowed_dns',array(
|
||||
# 'uid=stran,ou=People,dc=example,dc=com',
|
||||
# '(&(gidNumber=811)(objectClass=groupOfNames))',
|
||||
# '(|(uidNumber=200)(uidNumber=201))',
|
||||
# 'cn=callcenter,ou=Group,dc=example,dc=com'));
|
||||
# $ldapservers->SetValue($i,'login','allowed_dns',array(
|
||||
# 'uid=stran,ou=People,dc=example,dc=com',
|
||||
# '(&(gidNumber=811)(objectClass=groupOfNames))',
|
||||
# '(|(uidNumber=200)(uidNumber=201))',
|
||||
# 'cn=callcenter,ou=Group,dc=example,dc=com'));
|
||||
|
||||
/* Set this if you dont want this LDAP server to show in the tree */
|
||||
// $ldapservers->SetValue($i,'appearance','visible',true);
|
||||
@@ -245,20 +284,29 @@ $ldapservers->SetValue($i,'server','tls',false);
|
||||
$ldapservers->SetValue($i,'server','low_bandwidth',false);
|
||||
$ldapservers->SetValue($i,'appearance','password_hash','md5');
|
||||
$ldapservers->SetValue($i,'login','attr','dn');
|
||||
$ldapservers->SetValue($i,'login','string',null);
|
||||
$ldapservers->SetValue($i,'login','class',null);
|
||||
$ldapservers->SetValue($i,'login','string','');
|
||||
$ldapservers->SetValue($i,'login','class','');
|
||||
$ldapservers->SetValue($i,'server','read_only',false);
|
||||
$ldapservers->SetValue($i,'appearance','show_create',true);
|
||||
$ldapservers->SetValue($i,'auto_number','enable',true);
|
||||
$ldapservers->SetValue($i,'auto_number','mechanism','search');
|
||||
$ldapservers->SetValue($i,'auto_number','search_base',null);
|
||||
$ldapservers->SetValue($i,'auto_number','search_base','');
|
||||
$ldapservers->SetValue($i,'auto_number','min','1000');
|
||||
$ldapservers->SetValue($i,'auto_number','dn',null);
|
||||
$ldapservers->SetValue($i,'auto_number','pass',null);
|
||||
$ldapservers->SetValue($i,'auto_number','dn','');
|
||||
$ldapservers->SetValue($i,'auto_number','pass','');
|
||||
$ldapservers->SetValue($i,'login','anon_bind',true);
|
||||
$ldapservers->SetValue($i,'custom','pages_prefix','custom_');
|
||||
$ldapservers->SetValue($i,'unique_attrs','dn',null);
|
||||
$ldapservers->SetValue($i,'unique_attrs','pass',null);
|
||||
$ldapservers->SetValue($i,'unique_attrs','dn','');
|
||||
$ldapservers->SetValue($i,'unique_attrs','pass','');
|
||||
|
||||
# SASL auth
|
||||
$ldapservers->SetValue($i,'server','sasl_auth', true);
|
||||
$ldapservers->SetValue($i,'server','sasl_mech', "PLAIN");
|
||||
$ldapservers->SetValue($i,'server','sasl_realm', "EXAMPLE.COM");
|
||||
$ldapservers->SetValue($i,'server','sasl_authz_id', null);
|
||||
$ldapservers->SetValue($i,'server','sasl_authz_id_regex', '/^uid=([^,]+)(.+)/i');
|
||||
$ldapservers->SetValue($i,'server','sasl_authz_id_replacement', '$1');
|
||||
$ldapservers->SetValue($i,'server','sasl_props', null);
|
||||
*/
|
||||
|
||||
/*********************************************/
|
||||
@@ -270,7 +318,7 @@ $ldapservers->SetValue($i,'unique_attrs','pass',null);
|
||||
$friendly_attrs = array();
|
||||
|
||||
$friendly_attrs['facsimileTelephoneNumber'] = 'Fax';
|
||||
$friendly_attrs['telephoneNumber'] = 'Phone';
|
||||
$friendly_attrs['telephoneNumber'] = 'Phone';
|
||||
|
||||
/*********************************************/
|
||||
/* Support for attrs display order */
|
||||
@@ -282,16 +330,16 @@ $friendly_attrs['telephoneNumber'] = 'Phone';
|
||||
attributes that are not specified in this array will be displayed after in
|
||||
alphabetical order. */
|
||||
# $attrs_display_order = array(
|
||||
# 'givenName',
|
||||
# 'sn',
|
||||
# 'cn',
|
||||
# 'displayName',
|
||||
# 'uid',
|
||||
# 'uidNumber',
|
||||
# 'gidNumber',
|
||||
# 'homeDirectory',
|
||||
# 'mail',
|
||||
# 'userPassword'
|
||||
# 'givenName',
|
||||
# 'sn',
|
||||
# 'cn',
|
||||
# 'displayName',
|
||||
# 'uid',
|
||||
# 'uidNumber',
|
||||
# 'gidNumber',
|
||||
# 'homeDirectory',
|
||||
# 'mail',
|
||||
# 'userPassword'
|
||||
# );
|
||||
|
||||
/*********************************************/
|
||||
@@ -310,8 +358,8 @@ $friendly_attrs['telephoneNumber'] = 'Phone';
|
||||
/* Hidden attributes in read-only mode. If undefined, it will be equal to
|
||||
$hidden_attrs. */
|
||||
# $hidden_attrs_ro = array(
|
||||
# 'objectClass','shadowWarning', 'shadowLastChange', 'shadowMax',
|
||||
# 'shadowFlag', 'shadowInactive', 'shadowMin', 'shadowExpire');
|
||||
# 'objectClass','shadowWarning', 'shadowLastChange', 'shadowMax',
|
||||
# 'shadowFlag', 'shadowInactive', 'shadowMin', 'shadowExpire');
|
||||
|
||||
/** **/
|
||||
/** Read-only attributes **/
|
||||
@@ -362,7 +410,7 @@ $queries[$q]['scope'] = 'sub';
|
||||
$queries[$q]['filter'] = '(&(objectClass=posixAccount)(uid=*))';
|
||||
|
||||
/* The attributes to return */
|
||||
$queries[$q]['attributes'] = 'cn, uid, homeDirectory, telephonenumber, jpegphoto';
|
||||
$queries[$q]['attributes'] = 'cn, uid, homeDirectory';
|
||||
|
||||
/* If you want to configure more pre-defined queries, copy and paste the above (including the "$q++;") */
|
||||
$q++;
|
||||
|
||||
Reference in New Issue
Block a user