/[smecontribs]/rpms/smeserver-phpldapadmin/contribs8/smeserver-phpldapadmin-1.2.3-authpatch.patch
ViewVC logotype

Annotation of /rpms/smeserver-phpldapadmin/contribs8/smeserver-phpldapadmin-1.2.3-authpatch.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Nov 6 22:45:29 2013 UTC (10 years, 11 months ago) by unnilennium
Branch: MAIN
CVS Tags: smeserver-phpldapadmin-1_2_3-5_el5_sme
* Wed Nov 6 2013 JP Pialasse <tests@pialasse.com> 1.2.3-5.sme
- fix bug [SME: 5762]
- default admin read only but kamikaze mod for root modify access.

1 unnilennium 1.1 diff -up smeserver-phpldapadmin-1.2.3/root/etc/e-smith/db/configuration/defaults/phpldapadmin/kamikaze.authpatch smeserver-phpldapadmin-1.2.3/root/etc/e-smith/db/configuration/defaults/phpldapadmin/kamikaze
2     --- smeserver-phpldapadmin-1.2.3/root/etc/e-smith/db/configuration/defaults/phpldapadmin/kamikaze.authpatch 2013-11-06 17:25:19.000000000 -0500
3     +++ smeserver-phpldapadmin-1.2.3/root/etc/e-smith/db/configuration/defaults/phpldapadmin/kamikaze 2013-11-06 17:25:31.000000000 -0500
4     @@ -0,0 +1 @@
5     +disabled
6     diff -up smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/05LdapServer.authpatch smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/05LdapServer
7     --- smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/05LdapServer.authpatch 2013-11-06 17:23:45.000000000 -0500
8     +++ smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/05LdapServer 2013-11-06 17:38:43.000000000 -0500
9     @@ -4,66 +4,13 @@
10     *********************************************/
11    
12     $servers = new Datastore();
13     -
14     -/* $servers->NewServer('ldap_pla') must be called before each new LDAP server
15     - declaration. */
16     $servers->newServer('ldap_pla');
17     -
18     -/* A convenient name that will appear in the tree viewer and throughout
19     - phpLDAPadmin to identify this LDAP server to users. */
20     $servers->setValue('server','name','Local LDAP Server');
21     -
22     -/* Examples:
23     - 'ldap.example.com',
24     - 'ldaps://ldap.example.com/',
25     - 'ldapi://%2fusr%local%2fvar%2frun%2fldapi'
26     - (Unix socket at /usr/local/var/run/ldap) */
27     $servers->setValue('server','host','127.0.0.1');
28     -
29     -/* The port your LDAP server listens on (no quotes). 389 is standard. */
30     $servers->setValue('server','port',389);
31    
32     -/* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin
33     - auto-detect it for you. */
34     -// $servers->setValue('server','base',array(''));
35     -
36     -/* Five options for auth_type:
37     - 1. 'cookie': you will login via a web form, and a client-side cookie will
38     - store your login dn and password.
39     - 2. 'session': same as cookie but your login dn and password are stored on the
40     - web server in a persistent session variable.
41     - 3. 'http': same as session but your login dn and password are retrieved via
42     - HTTP authentication.
43     - 4. 'config': specify your login dn and password here in this config file. No
44     - login will be required to use phpLDAPadmin for this server.
45     - 5. 'sasl': login will be taken from the webserver's kerberos authentication.
46     - Currently only GSSAPI has been tested (using mod_auth_kerb).
47     -
48     - Choose wisely to protect your authentication information appropriately for
49     - your situation. If you choose 'cookie', your cookie contents will be
50     - encrypted using blowfish and the secret your specify above as
51     - session['blowfish']. */
52     -// $servers->setValue('login','auth_type','session');
53     -
54     -/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or
55     - 'cookie','session' or 'sasl' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS
56     - BLANK. If you specify a login_attr in conjunction with a cookie or session
57     - auth_type, then you can also specify the bind_id/bind_pass here for searching
58     - the directory for users (ie, if your LDAP server does not allow anonymous
59     - binds. */
60     -// $servers->setValue('login','bind_id','');
61     -# $servers->setValue('login','bind_id','cn=Manager,dc=example,dc=com');
62     -
63     -/* Your LDAP password. If you specified an empty bind_id above, this MUST also
64     - be blank. */
65     -// $servers->setValue('login','bind_pass','');
66     -# $servers->setValue('login','bind_pass','secret');
67     -
68     -/* Use TLS (Transport Layer Security) to connect to the LDAP server. */
69     -// $servers->setValue('server','tls',false);
70    
71     $servers->setValue('server','tls',false);
72     -$servers->setValue('login','anon_bind',false);
73    
74     {
75     open (PW, "/etc/openldap/ldap.pw")
76     @@ -71,6 +18,7 @@ $servers->setValue('login','anon_bind',f
77     my $pw = <PW>;
78     chomp ($pw);
79     close PW;
80     + my $kamikaze = $phpldapadmin{'kamikaze'} || 'disabled';
81    
82     use esmith::util;
83    
84     @@ -80,10 +28,22 @@ $servers->setValue('login','anon_bind',f
85     my $domain = db_get(\%conf, 'DomainName');
86    
87     my $dc = esmith::util::ldapBase($domain);
88     -
89     - $OUT .= "\$servers->setValue('server','base',array('$dc'));\n";
90     - $OUT .= "\$servers->setValue('login','base',array('$dc'));\n";
91     - $OUT .= "\$servers->setValue('login','auth_type','http');\n";
92     - $OUT .= "\$servers->SetValue('login','bind_id','cn=root,$dc');\n";
93     - $OUT .= "\$servers->setValue('login','bind_pass','$pw');\n";
94     + if ( $kamikaze eq "enabled")
95     + {
96     + $OUT .= "\$servers->setValue('login','anon_bind',false);\n";
97     + $OUT .= "\$servers->setValue('server','base',array('$dc'));\n";
98     + $OUT .= "\$servers->setValue('login','base',array('$dc'));\n";
99     + $OUT .= "\$servers->setValue('login','auth_type','config');\n";
100     + $OUT .= "\$servers->SetValue('login','bind_id','cn=root,$dc');\n";
101     + $OUT .= "\$servers->setValue('login','bind_pass','$pw');\n";
102     + $OUT .= "\$$servers->setValue('login','attr','dn');\n";
103     + }
104     + else
105     + {
106     + $OUT .= "\$servers->setValue('login','anon_bind',true);\n";
107     + $OUT .= "\$servers->setValue('server','base',array('$dc'));\n";
108     + $OUT .= "\$servers->setValue('login','base',array('$dc'));\n";
109     + $OUT .= "\$servers->setValue('login','auth_type','http');\n";
110     + $OUT .= "\$servers->setValue('login','attr','uid');\n";
111     + }
112     }
113     diff -up smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/06SASLAuth.authpatch smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/06SASLAuth
114     --- smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/06SASLAuth.authpatch 2013-11-06 17:23:45.000000000 -0500
115     +++ smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/06SASLAuth 2013-11-06 17:40:18.000000000 -0500
116     @@ -54,7 +54,6 @@ $servers->setValue('appearance','passwor
117     your LDAP server requires you to login to perform searches, you can enter the
118     DN to use when searching in 'bind_id' and 'bind_pass' above. */
119     // $servers->setValue('login','attr','dn');
120     -$servers->setValue('login','attr','uid');
121    
122     /* Base DNs to used for logins. If this value is not set, then the LDAP server
123     Base DNs are used. */

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed