diff -up smeserver-phpldapadmin-1.2.3/root/etc/e-smith/db/configuration/defaults/phpldapadmin/kamikaze.authpatch smeserver-phpldapadmin-1.2.3/root/etc/e-smith/db/configuration/defaults/phpldapadmin/kamikaze --- smeserver-phpldapadmin-1.2.3/root/etc/e-smith/db/configuration/defaults/phpldapadmin/kamikaze.authpatch 2013-11-06 17:25:19.000000000 -0500 +++ smeserver-phpldapadmin-1.2.3/root/etc/e-smith/db/configuration/defaults/phpldapadmin/kamikaze 2013-11-06 17:25:31.000000000 -0500 @@ -0,0 +1 @@ +disabled diff -up smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/05LdapServer.authpatch smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/05LdapServer --- smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/05LdapServer.authpatch 2013-11-06 17:23:45.000000000 -0500 +++ smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/05LdapServer 2013-11-06 17:38:43.000000000 -0500 @@ -4,66 +4,13 @@ *********************************************/ $servers = new Datastore(); - -/* $servers->NewServer('ldap_pla') must be called before each new LDAP server - declaration. */ $servers->newServer('ldap_pla'); - -/* A convenient name that will appear in the tree viewer and throughout - phpLDAPadmin to identify this LDAP server to users. */ $servers->setValue('server','name','Local LDAP Server'); - -/* Examples: - 'ldap.example.com', - 'ldaps://ldap.example.com/', - 'ldapi://%2fusr%local%2fvar%2frun%2fldapi' - (Unix socket at /usr/local/var/run/ldap) */ $servers->setValue('server','host','127.0.0.1'); - -/* The port your LDAP server listens on (no quotes). 389 is standard. */ $servers->setValue('server','port',389); -/* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin - auto-detect it for you. */ -// $servers->setValue('server','base',array('')); - -/* Five options for auth_type: - 1. 'cookie': you will login via a web form, and a client-side cookie will - store your login dn and password. - 2. 'session': same as cookie but your login dn and password are stored on the - web server in a persistent session variable. - 3. 'http': same as session but your login dn and password are retrieved via - HTTP authentication. - 4. 'config': specify your login dn and password here in this config file. No - login will be required to use phpLDAPadmin for this server. - 5. 'sasl': login will be taken from the webserver's kerberos authentication. - Currently only GSSAPI has been tested (using mod_auth_kerb). - - Choose wisely to protect your authentication information appropriately for - your situation. If you choose 'cookie', your cookie contents will be - encrypted using blowfish and the secret your specify above as - session['blowfish']. */ -// $servers->setValue('login','auth_type','session'); - -/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or - 'cookie','session' or 'sasl' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS - BLANK. If you specify a login_attr in conjunction with a cookie or session - auth_type, then you can also specify the bind_id/bind_pass here for searching - the directory for users (ie, if your LDAP server does not allow anonymous - binds. */ -// $servers->setValue('login','bind_id',''); -# $servers->setValue('login','bind_id','cn=Manager,dc=example,dc=com'); - -/* Your LDAP password. If you specified an empty bind_id above, this MUST also - be blank. */ -// $servers->setValue('login','bind_pass',''); -# $servers->setValue('login','bind_pass','secret'); - -/* Use TLS (Transport Layer Security) to connect to the LDAP server. */ -// $servers->setValue('server','tls',false); $servers->setValue('server','tls',false); -$servers->setValue('login','anon_bind',false); { open (PW, "/etc/openldap/ldap.pw") @@ -71,6 +18,7 @@ $servers->setValue('login','anon_bind',f my $pw = ; chomp ($pw); close PW; + my $kamikaze = $phpldapadmin{'kamikaze'} || 'disabled'; use esmith::util; @@ -80,10 +28,22 @@ $servers->setValue('login','anon_bind',f my $domain = db_get(\%conf, 'DomainName'); my $dc = esmith::util::ldapBase($domain); - - $OUT .= "\$servers->setValue('server','base',array('$dc'));\n"; - $OUT .= "\$servers->setValue('login','base',array('$dc'));\n"; - $OUT .= "\$servers->setValue('login','auth_type','http');\n"; - $OUT .= "\$servers->SetValue('login','bind_id','cn=root,$dc');\n"; - $OUT .= "\$servers->setValue('login','bind_pass','$pw');\n"; + if ( $kamikaze eq "enabled") + { + $OUT .= "\$servers->setValue('login','anon_bind',false);\n"; + $OUT .= "\$servers->setValue('server','base',array('$dc'));\n"; + $OUT .= "\$servers->setValue('login','base',array('$dc'));\n"; + $OUT .= "\$servers->setValue('login','auth_type','config');\n"; + $OUT .= "\$servers->SetValue('login','bind_id','cn=root,$dc');\n"; + $OUT .= "\$servers->setValue('login','bind_pass','$pw');\n"; + $OUT .= "\$$servers->setValue('login','attr','dn');\n"; + } + else + { + $OUT .= "\$servers->setValue('login','anon_bind',true);\n"; + $OUT .= "\$servers->setValue('server','base',array('$dc'));\n"; + $OUT .= "\$servers->setValue('login','base',array('$dc'));\n"; + $OUT .= "\$servers->setValue('login','auth_type','http');\n"; + $OUT .= "\$servers->setValue('login','attr','uid');\n"; + } } diff -up smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/06SASLAuth.authpatch smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/06SASLAuth --- smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/06SASLAuth.authpatch 2013-11-06 17:23:45.000000000 -0500 +++ smeserver-phpldapadmin-1.2.3/root/etc/e-smith/templates/etc/phpldapadmin/config.php/06SASLAuth 2013-11-06 17:40:18.000000000 -0500 @@ -54,7 +54,6 @@ $servers->setValue('appearance','passwor your LDAP server requires you to login to perform searches, you can enter the DN to use when searching in 'bind_id' and 'bind_pass' above. */ // $servers->setValue('login','attr','dn'); -$servers->setValue('login','attr','uid'); /* Base DNs to used for logins. If this value is not set, then the LDAP server Base DNs are used. */