318 lines
18 KiB
Plaintext
318 lines
18 KiB
Plaintext
<?php
|
|
|
|
/*
|
|
* The phpLDAPadmin config file
|
|
*
|
|
* This is where you customize phpLDAPadmin. The most important
|
|
* part is immediately below: The "LDAP Servers" section.
|
|
* You must specify at least one LDAP server there. You may add
|
|
* as many as you like. You can also specify your language, and
|
|
* many other options.
|
|
*
|
|
*/
|
|
|
|
// Your LDAP servers
|
|
$i=0;
|
|
$servers = array();
|
|
$servers[$i]['name'] = 'My LDAP Server'; /* A convenient name that will appear in
|
|
the tree viewer and throughout phpLDAPadmin to
|
|
identify this LDAP server to users. */
|
|
$servers[$i]['host'] = 'ldap.example.com'; /* Examples:
|
|
'ldap.example.com',
|
|
'ldaps://ldap.example.com/',
|
|
'ldapi://%2fusr%local%2fvar%2frun%2fldapi'
|
|
(Unix socket at /usr/local/var/run/ldap)
|
|
Note: Leave 'host' blank to make phpLDAPadmin
|
|
ignore this server. */
|
|
$servers[$i]['base'] = 'dc=example,dc=com'; /* The base DN of your LDAP server. Leave this
|
|
blank to have phpLDAPadmin auto-detect it for you. */
|
|
$servers[$i]['port'] = 389; /* The port your LDAP server listens on
|
|
(no quotes). 389 is standard. */
|
|
$servers[$i]['auth_type'] = 'config'; /* Three options for auth_type:
|
|
1. 'cookie': you will login via a web form,
|
|
and a client-side cookie will store your
|
|
login dn and password.
|
|
2. 'session': same as cookie but your login dn
|
|
and password are stored on the web server in
|
|
a session variable.
|
|
3. 'config': specify your login dn and password
|
|
here in this config file. No login will be
|
|
required to use phpLDAPadmin for this server.
|
|
Choose wisely to protect your authentication
|
|
information appropriately for your situation. */
|
|
$servers[$i]['login_dn'] = 'cn=Manager,dc=example,dc=com';
|
|
/* The DN of the user for phpLDAPadmin to bind with.
|
|
For anonymous binds or 'cookie' or 'session' auth_types,
|
|
leave the login_dn and login_pass blank. If you specify a
|
|
login_attr in conjunction with a cookie or session auth_type,
|
|
then you can also specify the login_dn/login_pass here for
|
|
searching the directory for users (ie, if your LDAP server
|
|
does not allow anonymous binds. */
|
|
$servers[$i]['login_pass'] = 'secret'; /* Your LDAP password. If you specified an empty login_dn above, this
|
|
MUST also be blank. */
|
|
$servers[$i]['tls'] = false; /* Use TLS (Transport Layer Security) to connect to the LDAP
|
|
server. */
|
|
$servers[$i]['low_bandwidth'] = false; /* If the link between your web server and this LDAP server is
|
|
slow, it is recommended that you set 'low_bandwidth' to true.
|
|
This will cause phpLDAPadmin to forego some "fancy" features
|
|
to conserve bandwidth. */
|
|
$servers[$i]['default_hash'] = 'crypt'; /* Default password hashing algorithm.
|
|
One of md5, ssha, sha, md5crpyt, smd5, blowfish, crypt or
|
|
leave blank for now default algorithm. */
|
|
$servers[$i]['login_attr'] = 'dn'; /* If you specified 'cookie' or 'session' as the auth_type above,
|
|
you can optionally specify here an attribute
|
|
to use when logging in. If you enter 'uid'
|
|
and login as 'dsmith', phpLDAPadmin will
|
|
search for (uid=dsmith) and log in as that user. Leave
|
|
blank or specify 'dn' to use full DN for
|
|
logging in. Note also that if your LDAP server requires
|
|
you to login to perform searches, you can enter
|
|
the DN to use when searching in 'login_dn' and
|
|
'login_pass' above. */
|
|
$servers[$i]['login_class'] = ''; /* If 'login_attr' is used above such that phpLDAPadmin will
|
|
search for your DN at login, you may restrict the search to
|
|
a specific objectClass. E.g., set this to 'posixAccount' or
|
|
'inetOrgPerson', depending upon your setup. */
|
|
$servers[$i]['read_only'] = false; /* Specify true If you want phpLDAPadmin to not
|
|
display or permit any modification to the
|
|
LDAP server. */
|
|
$servers[$i]['show_create'] = true; /* Specify false if you do not want phpLDAPadmin to
|
|
draw the 'Create new' links in the tree viewer. */
|
|
$servers[$i]['enable_auto_uid_numbers'] = false;
|
|
/* This feature allows phpLDAPadmin to
|
|
automatically determine the next
|
|
available uidNumber for a new entry. */
|
|
$servers[$i]['auto_uid_number_mechanism'] = 'search';
|
|
/* The mechanism to use when finding the next available uidNumber.
|
|
Two possible values: 'uidpool' or 'search'. The 'uidpool'
|
|
mechanism uses an existing uidPool entry in your LDAP server
|
|
to blindly lookup the next available uidNumber. The 'search'
|
|
mechanism searches for entries with a uidNumber value and finds
|
|
the first available uidNumber (slower). */
|
|
$servers[$i]['auto_uid_number_search_base'] = 'ou=People,dc=example,dc=com';
|
|
/* The DN of the search base when the 'search'
|
|
mechanism is used above. */
|
|
$servers[$i]['auto_uid_number_min'] = 1000;
|
|
/* The minimum number to use when searching for the next
|
|
available UID number (only when 'search' is used for
|
|
auto_uid_number_mechanism' */
|
|
$servers[$i]['auto_uid_number_uid_pool_dn'] = 'cn=uidPool,dc=example,dc=com';
|
|
/* The DN of the uidPool entry when 'uidpool'
|
|
mechanism is used above. */
|
|
$servers[$i]['auto_uid_number_search_dn'] = '';
|
|
/* If you set this, then phpldapadmin will bind to LDAP with this user
|
|
ID when searching for the uidnumber. The idea is, this user id would
|
|
have full (readonly) access to uidnumber in your ldap directory (the
|
|
logged in user may not), so that you can be guaranteed to get a unique
|
|
uidnumber for your directory. */
|
|
$servers[$i]['auto_uid_number_search_dn_pass'] = '';
|
|
/* The password for the dn above */
|
|
|
|
|
|
// If you want to configure additional LDAP servers, do so below.
|
|
$i++;
|
|
$servers[$i]['name'] = 'Another server';
|
|
$servers[$i]['host'] = '';
|
|
$servers[$i]['base'] = 'dc=example,dc=com';
|
|
$servers[$i]['port'] = 389;
|
|
$servers[$i]['auth_type'] = 'config';
|
|
$servers[$i]['login_dn'] = '';
|
|
$servers[$i]['login_pass'] = '';
|
|
$servers[$i]['tls'] = false;
|
|
$servers[$i]['low_bandwidth'] = false;
|
|
$servers[$i]['default_hash'] = 'crypt';
|
|
$servers[$i]['login_attr'] = 'dn';
|
|
$servers[$i]['login_class'] = '';
|
|
$servers[$i]['read_only'] = false;
|
|
$servers[$i]['show_create'] = true;
|
|
$servers[$i]['enable_auto_uid_numbers'] = false;
|
|
$servers[$i]['auto_uid_number_mechanism'] = 'search';
|
|
$servers[$i]['auto_uid_number_search_base'] = 'ou=People,dc=example,dc=com';
|
|
$servers[$i]['auto_uid_number_min'] = 1000;
|
|
$servers[$i]['auto_uid_number_uid_pool_dn'] = 'cn=uidPool,dc=example,dc=com';
|
|
|
|
// If you want to configure more LDAP servers, copy and paste the above (including the "$i++;")
|
|
|
|
// The temporary storage directory where we will put jpegPhoto data
|
|
// This directory must be readable and writable by your web server
|
|
$jpeg_temp_dir = "/tmp"; // Example for Unix systems
|
|
//$jpeg_temp_dir = "c:\\temp"; // Example for Windows systems
|
|
|
|
/** **/
|
|
/** Appearance and Behavior **/
|
|
/** **/
|
|
|
|
// Aliases and Referrrals
|
|
//
|
|
// Similar to ldapsearh's -a option, the following options allow you to configure
|
|
// how phpLDAPadmin will treat aliases and referrals in the LDAP tree.
|
|
// For the following four settings, avaialable options include:
|
|
//
|
|
// LDAP_DEREF_NEVER - aliases are never dereferenced (eg, the contents of
|
|
// the alias itself are shown and not the referenced entry).
|
|
// LDAP_DEREF_SEARCHING - aliases should be dereferenced during the search but
|
|
// not when locating the base object of the search.
|
|
// LDAP_DEREF_FINDING - aliases should be dereferenced when locating the base
|
|
// object but not during the search.
|
|
// LDAP_DEREF_ALWAYS - aliases should be dereferenced always (eg, the contents
|
|
// of the referenced entry is shown and not the aliasing entry)
|
|
|
|
// How to handle references and aliases in the search form. See above for options.
|
|
$search_deref = LDAP_DEREF_ALWAYS;
|
|
|
|
// How to handle references and aliases in the tree viewer. See above for options.
|
|
$tree_deref = LDAP_DEREF_NEVER;
|
|
|
|
// How to handle references and aliases for exports. See above for options.
|
|
$export_deref = LDAP_DEREF_NEVER;
|
|
|
|
// How to handle references and aliases when viewing entries. See above for options.
|
|
$view_deref = LDAP_DEREF_NEVER;
|
|
|
|
|
|
// The language setting. If you set this to 'auto', phpLDAPadmin will
|
|
// attempt to determine your language automatically. Otherwise, available
|
|
// lanaguages are: 'ct', 'de', 'en', 'es', 'fr', 'it', 'nl', and 'ru'
|
|
// Localization is not complete yet, but most strings have been translated.
|
|
// Please help by writing language files. See lang/en.php for an example.
|
|
$language = 'auto';
|
|
|
|
// Set to true if you want to draw a checkbox next to each entry in the tree viewer
|
|
// to be able to delete multiple entries at once
|
|
$enable_mass_delete = false;
|
|
|
|
// Set to true if you want LDAP data to be displayed read-only (without input fields)
|
|
// when a user logs in to a server anonymously
|
|
$anonymous_bind_implies_read_only = true;
|
|
|
|
// Set to true if you want phpLDAPadmin to redirect anonymous
|
|
// users to a search form with no tree viewer on the left after
|
|
// logging in.
|
|
$anonymous_bind_redirect_no_tree = false;
|
|
|
|
// If you used auth_type 'form' in the servers list, you can adjust how long the cookie will last
|
|
// (default is 0 seconds, which expires when you close the browser)
|
|
$cookie_time = 0; // seconds
|
|
|
|
// How many pixels wide do you want your left frame view (for the tree browser)
|
|
$tree_width = 320; // pixels
|
|
|
|
// How long to keep jpegPhoto temporary files in the jpeg_temp_dir directory (in seconds)
|
|
$jpeg_tmp_keep_time = 120; // seconds
|
|
|
|
// Would you like to see helpful hint text occacsionally?
|
|
$show_hints = true; // set to false to disable hints
|
|
|
|
// When using the search page, limit result size to this many entries
|
|
$search_result_size_limit = 50;
|
|
|
|
// If true, display password values as ******. Otherwise display them in clear-text
|
|
// If you use clear-text passwords, it is recommended to set this to true. If you use
|
|
// hashed passwords (sha, md5, crypt, etc), hashed passwords are already obfuscated by
|
|
// the hashing algorithm and this should probably be left false.
|
|
$obfuscate_password_display = false;
|
|
|
|
/** **/
|
|
/** Simple Search Form Config **/
|
|
/** **/
|
|
|
|
// Which attributes to include in the drop-down menu of the simple search form (comma-separated)
|
|
// Change this to suit your needs for convenient searching. Be sure to change the corresponding
|
|
// list below ($search_attributes_display)
|
|
$search_attributes = "uid, cn, gidNumber, objectClass, telephoneNumber, mail, street";
|
|
|
|
// This list corresponds to the list directly above. If you want to present more readable names
|
|
// for your search attributes, do so here. Both lists must have the same number of entries.
|
|
$search_attributes_display = "User Name, Common Name, Group ID, Object Class, Phone Number, Email, Address";
|
|
|
|
// The list of attributes to display in each search result entry.
|
|
// Note that you can add * to the list to display all attributes
|
|
$search_result_attributes = "cn, sn, uid, postalAddress, telephoneNumber";
|
|
|
|
// You can re-arrange the order of the search criteria on the simple search form by modifying this array
|
|
// You cannot however change the names of the criteria. Criteria names will be translated at run-time.
|
|
$search_criteria_options = array( "equals", "starts with", "contains", "ends with", "sounds like" );
|
|
|
|
// If you want certain attributes to be editable as multi-line, include them in this list
|
|
// A multi-line textarea will be drawn instead of a single-line text field
|
|
$multi_line_attributes = array( "postalAddress", "homePostalAddress", "personalSignature" );
|
|
|
|
// A list of syntax OIDs which support multi-line attribute values:
|
|
$multi_line_syntax_oids = array(
|
|
// octet string syntax OID:
|
|
"1.3.6.1.4.1.1466.115.121.1.40",
|
|
// postal address syntax OID:
|
|
"1.3.6.1.4.1.1466.115.121.1.41" );
|
|
|
|
/** **/
|
|
/** User-friendly attribute translation **/
|
|
/** **/
|
|
|
|
$friendly_attrs = array();
|
|
|
|
// Use this array to map attribute names to user friendly names. For example, if you
|
|
// don't want to see "facsimileTelephoneNumber" but rather "Fax".
|
|
|
|
$friendly_attrs[ 'facsimileTelephoneNumber' ] = 'Fax';
|
|
$friendly_attrs[ 'telephoneNumber' ] = 'Phone';
|
|
|
|
/** **/
|
|
/** Hidden attributes **/
|
|
/** **/
|
|
|
|
// You may want to hide certain attributes from being displayed in the editor screen
|
|
// Do this by adding the desired attributes to this list (and uncomment it). This
|
|
// only affects the editor screen. Attributes will still be visible in the schema
|
|
// browser and elsewhere. An example is provided below:
|
|
|
|
//$hidden_attrs = array( 'jpegPhoto', 'objectClass' );
|
|
|
|
/** **/
|
|
/** Read-only attributes **/
|
|
/** **/
|
|
|
|
// You may want to phpLDAPadmin to display certain attributes as read only, meaning
|
|
// that users will not be presented a form for modifying those attributes, and they
|
|
// will not be allowed to be modified on the "back-end" either. You may configure
|
|
// this list here:
|
|
|
|
//$read_only_attrs = array( 'objectClass' );
|
|
|
|
// An example of how to specify multiple read-only attributes:
|
|
// $read_only_attrs = array( 'jpegPhoto', 'objectClass', 'someAttribute' );
|
|
|
|
/** **/
|
|
/** Predefined Queries (canned views) **/
|
|
/** **/
|
|
|
|
// To make searching easier, you may setup predefined queries below (activate the lines by removing "//")
|
|
//$q=0;
|
|
//$queries = array();
|
|
//$queries[$q]['name'] = 'Samba Users'; /* The name that will appear in the simple search form */
|
|
//$queries[$q]['server'] = '0'; /* The ldap server to query, must be defined in the $servers list above */
|
|
//$queries[$q]['base'] = 'dc=example,dc=com'; /* The base to search on */
|
|
//$queries[$q]['scope'] = 'sub'; /* The search scope (sub, base, one) */
|
|
//$queries[$q]['filter'] = '(&(objectclass=sambaAccount)(objectClass=posixAcount))';
|
|
/* The LDAP filter to use */
|
|
//$queries[$q]['attributes'] = 'uid, smbHome, uidNumber';
|
|
/* The attributes to return */
|
|
|
|
// Add more pre-defined queries by copying the text below
|
|
//$q++;
|
|
//$queries[$q]['name'] = 'Organizations';
|
|
//$queries[$q]['server'] = '0';
|
|
//$queries[$q]['base'] = 'dc=example,dc=com';
|
|
//$queries[$q]['scope'] = 'sub';
|
|
//$queries[$q]['filter'] = '(|(objeCtclass=organization)(objectClass=organizationalUnit))';
|
|
//$queries[$q]['attributes'] = 'ou, o';
|
|
|
|
//$q++;
|
|
//$queries[$q]['name'] = 'Last name starts with S';
|
|
//$queries[$q]['server'] = '0';
|
|
//$queries[$q]['base'] = 'dc=example,dc=com';
|
|
//$queries[$q]['scope'] = 'sub';
|
|
//$queries[$q]['filter'] = '(sn=s*)';
|
|
//$queries[$q]['attributes'] = '*';
|
|
|
|
?>
|