/[smecontribs]/rpms/smeserver-phpldapadmin/contribs8/smeserver-phpldapadmin-1.2.3-authpatch.patch
ViewVC logotype

Contents of /rpms/smeserver-phpldapadmin/contribs8/smeserver-phpldapadmin-1.2.3-authpatch.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (show annotations) (download)
Wed Nov 6 22:56:23 2013 UTC (10 years, 11 months ago) by unnilennium
Branch: MAIN
CVS Tags: smeserver-phpldapadmin-1_2_3-6_el5_sme, HEAD
Changes since 1.1: +1 -1 lines
* Wed Nov 6 2013 JP Pialasse <tests@pialasse.com> 1.2.3-6.sme
- fix bug [SME: 5762]
- default admin read only but kamikaze mod for root modify access.

1 diff -up smeserver-phpldapadmin-1.2.3/root/etc/e-smith/db/configuration/defaults/phpldapadmin/kamikaze.authpatch smeserver-phpldapadmin-1.2.3/root/etc/e-smith/db/configuration/defaults/phpldapadmin/kamikaze
2 --- smeserver-phpldapadmin-1.2.3/root/etc/e-smith/db/configuration/defaults/phpldapadmin/kamikaze.authpatch 2013-11-06 17:25:19.000000000 -0500
3 +++ smeserver-phpldapadmin-1.2.3/root/etc/e-smith/db/configuration/defaults/phpldapadmin/kamikaze 2013-11-06 17:25:31.000000000 -0500
4 @@ -0,0 +1 @@
5 +disabled
6 diff -up smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/05LdapServer.authpatch smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/05LdapServer
7 --- smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/05LdapServer.authpatch 2013-11-06 17:23:45.000000000 -0500
8 +++ smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/05LdapServer 2013-11-06 17:38:43.000000000 -0500
9 @@ -4,66 +4,13 @@
10 *********************************************/
11
12 $servers = new Datastore();
13 -
14 -/* $servers->NewServer('ldap_pla') must be called before each new LDAP server
15 - declaration. */
16 $servers->newServer('ldap_pla');
17 -
18 -/* A convenient name that will appear in the tree viewer and throughout
19 - phpLDAPadmin to identify this LDAP server to users. */
20 $servers->setValue('server','name','Local LDAP Server');
21 -
22 -/* Examples:
23 - 'ldap.example.com',
24 - 'ldaps://ldap.example.com/',
25 - 'ldapi://%2fusr%local%2fvar%2frun%2fldapi'
26 - (Unix socket at /usr/local/var/run/ldap) */
27 $servers->setValue('server','host','127.0.0.1');
28 -
29 -/* The port your LDAP server listens on (no quotes). 389 is standard. */
30 $servers->setValue('server','port',389);
31
32 -/* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin
33 - auto-detect it for you. */
34 -// $servers->setValue('server','base',array(''));
35 -
36 -/* Five options for auth_type:
37 - 1. 'cookie': you will login via a web form, and a client-side cookie will
38 - store your login dn and password.
39 - 2. 'session': same as cookie but your login dn and password are stored on the
40 - web server in a persistent session variable.
41 - 3. 'http': same as session but your login dn and password are retrieved via
42 - HTTP authentication.
43 - 4. 'config': specify your login dn and password here in this config file. No
44 - login will be required to use phpLDAPadmin for this server.
45 - 5. 'sasl': login will be taken from the webserver's kerberos authentication.
46 - Currently only GSSAPI has been tested (using mod_auth_kerb).
47 -
48 - Choose wisely to protect your authentication information appropriately for
49 - your situation. If you choose 'cookie', your cookie contents will be
50 - encrypted using blowfish and the secret your specify above as
51 - session['blowfish']. */
52 -// $servers->setValue('login','auth_type','session');
53 -
54 -/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or
55 - 'cookie','session' or 'sasl' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS
56 - BLANK. If you specify a login_attr in conjunction with a cookie or session
57 - auth_type, then you can also specify the bind_id/bind_pass here for searching
58 - the directory for users (ie, if your LDAP server does not allow anonymous
59 - binds. */
60 -// $servers->setValue('login','bind_id','');
61 -# $servers->setValue('login','bind_id','cn=Manager,dc=example,dc=com');
62 -
63 -/* Your LDAP password. If you specified an empty bind_id above, this MUST also
64 - be blank. */
65 -// $servers->setValue('login','bind_pass','');
66 -# $servers->setValue('login','bind_pass','secret');
67 -
68 -/* Use TLS (Transport Layer Security) to connect to the LDAP server. */
69 -// $servers->setValue('server','tls',false);
70
71 $servers->setValue('server','tls',false);
72 -$servers->setValue('login','anon_bind',false);
73
74 {
75 open (PW, "/etc/openldap/ldap.pw")
76 @@ -71,6 +18,7 @@ $servers->setValue('login','anon_bind',f
77 my $pw = <PW>;
78 chomp ($pw);
79 close PW;
80 + my $kamikaze = $phpldapadmin{'kamikaze'} || 'disabled';
81
82 use esmith::util;
83
84 @@ -80,10 +28,22 @@ $servers->setValue('login','anon_bind',f
85 my $domain = db_get(\%conf, 'DomainName');
86
87 my $dc = esmith::util::ldapBase($domain);
88 -
89 - $OUT .= "\$servers->setValue('server','base',array('$dc'));\n";
90 - $OUT .= "\$servers->setValue('login','base',array('$dc'));\n";
91 - $OUT .= "\$servers->setValue('login','auth_type','http');\n";
92 - $OUT .= "\$servers->SetValue('login','bind_id','cn=root,$dc');\n";
93 - $OUT .= "\$servers->setValue('login','bind_pass','$pw');\n";
94 + if ( $kamikaze eq "enabled")
95 + {
96 + $OUT .= "\$servers->setValue('login','anon_bind',false);\n";
97 + $OUT .= "\$servers->setValue('server','base',array('$dc'));\n";
98 + $OUT .= "\$servers->setValue('login','base',array('$dc'));\n";
99 + $OUT .= "\$servers->setValue('login','auth_type','config');\n";
100 + $OUT .= "\$servers->SetValue('login','bind_id','cn=root,$dc');\n";
101 + $OUT .= "\$servers->setValue('login','bind_pass','$pw');\n";
102 + $OUT .= "\$servers->setValue('login','attr','dn');\n";
103 + }
104 + else
105 + {
106 + $OUT .= "\$servers->setValue('login','anon_bind',true);\n";
107 + $OUT .= "\$servers->setValue('server','base',array('$dc'));\n";
108 + $OUT .= "\$servers->setValue('login','base',array('$dc'));\n";
109 + $OUT .= "\$servers->setValue('login','auth_type','http');\n";
110 + $OUT .= "\$servers->setValue('login','attr','uid');\n";
111 + }
112 }
113 diff -up smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/06SASLAuth.authpatch smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/06SASLAuth
114 --- smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/06SASLAuth.authpatch 2013-11-06 17:23:45.000000000 -0500
115 +++ smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/06SASLAuth 2013-11-06 17:40:18.000000000 -0500
116 @@ -54,7 +54,6 @@ $servers->setValue('appearance','passwor
117 your LDAP server requires you to login to perform searches, you can enter the
118 DN to use when searching in 'bind_id' and 'bind_pass' above. */
119 // $servers->setValue('login','attr','dn');
120 -$servers->setValue('login','attr','uid');
121
122 /* Base DNs to used for logins. If this value is not set, then the LDAP server
123 Base DNs are used. */

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed