1 |
diff -up smeserver-phpldapadmin-1.2.3/root/etc/e-smith/db/configuration/defaults/phpldapadmin/kamikaze.authpatch smeserver-phpldapadmin-1.2.3/root/etc/e-smith/db/configuration/defaults/phpldapadmin/kamikaze |
2 |
--- smeserver-phpldapadmin-1.2.3/root/etc/e-smith/db/configuration/defaults/phpldapadmin/kamikaze.authpatch 2013-11-06 17:25:19.000000000 -0500 |
3 |
+++ smeserver-phpldapadmin-1.2.3/root/etc/e-smith/db/configuration/defaults/phpldapadmin/kamikaze 2013-11-06 17:25:31.000000000 -0500 |
4 |
@@ -0,0 +1 @@ |
5 |
+disabled |
6 |
diff -up smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/05LdapServer.authpatch smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/05LdapServer |
7 |
--- smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/05LdapServer.authpatch 2013-11-06 17:23:45.000000000 -0500 |
8 |
+++ smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/05LdapServer 2013-11-06 17:38:43.000000000 -0500 |
9 |
@@ -4,66 +4,13 @@ |
10 |
*********************************************/ |
11 |
|
12 |
$servers = new Datastore(); |
13 |
- |
14 |
-/* $servers->NewServer('ldap_pla') must be called before each new LDAP server |
15 |
- declaration. */ |
16 |
$servers->newServer('ldap_pla'); |
17 |
- |
18 |
-/* A convenient name that will appear in the tree viewer and throughout |
19 |
- phpLDAPadmin to identify this LDAP server to users. */ |
20 |
$servers->setValue('server','name','Local LDAP Server'); |
21 |
- |
22 |
-/* Examples: |
23 |
- 'ldap.example.com', |
24 |
- 'ldaps://ldap.example.com/', |
25 |
- 'ldapi://%2fusr%local%2fvar%2frun%2fldapi' |
26 |
- (Unix socket at /usr/local/var/run/ldap) */ |
27 |
$servers->setValue('server','host','127.0.0.1'); |
28 |
- |
29 |
-/* The port your LDAP server listens on (no quotes). 389 is standard. */ |
30 |
$servers->setValue('server','port',389); |
31 |
|
32 |
-/* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin |
33 |
- auto-detect it for you. */ |
34 |
-// $servers->setValue('server','base',array('')); |
35 |
- |
36 |
-/* Five options for auth_type: |
37 |
- 1. 'cookie': you will login via a web form, and a client-side cookie will |
38 |
- store your login dn and password. |
39 |
- 2. 'session': same as cookie but your login dn and password are stored on the |
40 |
- web server in a persistent session variable. |
41 |
- 3. 'http': same as session but your login dn and password are retrieved via |
42 |
- HTTP authentication. |
43 |
- 4. 'config': specify your login dn and password here in this config file. No |
44 |
- login will be required to use phpLDAPadmin for this server. |
45 |
- 5. 'sasl': login will be taken from the webserver's kerberos authentication. |
46 |
- Currently only GSSAPI has been tested (using mod_auth_kerb). |
47 |
- |
48 |
- Choose wisely to protect your authentication information appropriately for |
49 |
- your situation. If you choose 'cookie', your cookie contents will be |
50 |
- encrypted using blowfish and the secret your specify above as |
51 |
- session['blowfish']. */ |
52 |
-// $servers->setValue('login','auth_type','session'); |
53 |
- |
54 |
-/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or |
55 |
- 'cookie','session' or 'sasl' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS |
56 |
- BLANK. If you specify a login_attr in conjunction with a cookie or session |
57 |
- auth_type, then you can also specify the bind_id/bind_pass here for searching |
58 |
- the directory for users (ie, if your LDAP server does not allow anonymous |
59 |
- binds. */ |
60 |
-// $servers->setValue('login','bind_id',''); |
61 |
-# $servers->setValue('login','bind_id','cn=Manager,dc=example,dc=com'); |
62 |
- |
63 |
-/* Your LDAP password. If you specified an empty bind_id above, this MUST also |
64 |
- be blank. */ |
65 |
-// $servers->setValue('login','bind_pass',''); |
66 |
-# $servers->setValue('login','bind_pass','secret'); |
67 |
- |
68 |
-/* Use TLS (Transport Layer Security) to connect to the LDAP server. */ |
69 |
-// $servers->setValue('server','tls',false); |
70 |
|
71 |
$servers->setValue('server','tls',false); |
72 |
-$servers->setValue('login','anon_bind',false); |
73 |
|
74 |
{ |
75 |
open (PW, "/etc/openldap/ldap.pw") |
76 |
@@ -71,6 +18,7 @@ $servers->setValue('login','anon_bind',f |
77 |
my $pw = <PW>; |
78 |
chomp ($pw); |
79 |
close PW; |
80 |
+ my $kamikaze = $phpldapadmin{'kamikaze'} || 'disabled'; |
81 |
|
82 |
use esmith::util; |
83 |
|
84 |
@@ -80,10 +28,22 @@ $servers->setValue('login','anon_bind',f |
85 |
my $domain = db_get(\%conf, 'DomainName'); |
86 |
|
87 |
my $dc = esmith::util::ldapBase($domain); |
88 |
- |
89 |
- $OUT .= "\$servers->setValue('server','base',array('$dc'));\n"; |
90 |
- $OUT .= "\$servers->setValue('login','base',array('$dc'));\n"; |
91 |
- $OUT .= "\$servers->setValue('login','auth_type','http');\n"; |
92 |
- $OUT .= "\$servers->SetValue('login','bind_id','cn=root,$dc');\n"; |
93 |
- $OUT .= "\$servers->setValue('login','bind_pass','$pw');\n"; |
94 |
+ if ( $kamikaze eq "enabled") |
95 |
+ { |
96 |
+ $OUT .= "\$servers->setValue('login','anon_bind',false);\n"; |
97 |
+ $OUT .= "\$servers->setValue('server','base',array('$dc'));\n"; |
98 |
+ $OUT .= "\$servers->setValue('login','base',array('$dc'));\n"; |
99 |
+ $OUT .= "\$servers->setValue('login','auth_type','config');\n"; |
100 |
+ $OUT .= "\$servers->SetValue('login','bind_id','cn=root,$dc');\n"; |
101 |
+ $OUT .= "\$servers->setValue('login','bind_pass','$pw');\n"; |
102 |
+ $OUT .= "\$servers->setValue('login','attr','dn');\n"; |
103 |
+ } |
104 |
+ else |
105 |
+ { |
106 |
+ $OUT .= "\$servers->setValue('login','anon_bind',true);\n"; |
107 |
+ $OUT .= "\$servers->setValue('server','base',array('$dc'));\n"; |
108 |
+ $OUT .= "\$servers->setValue('login','base',array('$dc'));\n"; |
109 |
+ $OUT .= "\$servers->setValue('login','auth_type','http');\n"; |
110 |
+ $OUT .= "\$servers->setValue('login','attr','uid');\n"; |
111 |
+ } |
112 |
} |
113 |
diff -up smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/06SASLAuth.authpatch smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/06SASLAuth |
114 |
--- smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/06SASLAuth.authpatch 2013-11-06 17:23:45.000000000 -0500 |
115 |
+++ smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/06SASLAuth 2013-11-06 17:40:18.000000000 -0500 |
116 |
@@ -54,7 +54,6 @@ $servers->setValue('appearance','passwor |
117 |
your LDAP server requires you to login to perform searches, you can enter the |
118 |
DN to use when searching in 'bind_id' and 'bind_pass' above. */ |
119 |
// $servers->setValue('login','attr','dn'); |
120 |
-$servers->setValue('login','attr','uid'); |
121 |
|
122 |
/* Base DNs to used for logins. If this value is not set, then the LDAP server |
123 |
Base DNs are used. */ |