|
|
|
@@ -71,6 +71,31 @@
|
|
|
|
|
environments. */
|
|
|
|
|
# $config->custom->password['no_random_crypt_salt'] = true;
|
|
|
|
|
|
|
|
|
|
/* If you want to restrict password available types (encryption algorithms)
|
|
|
|
|
Should be subset of:
|
|
|
|
|
array(
|
|
|
|
|
''=>'clear',
|
|
|
|
|
'bcrypt'=>'bcrypt',
|
|
|
|
|
'blowfish'=>'blowfish',
|
|
|
|
|
'crypt'=>'crypt',
|
|
|
|
|
'ext_des'=>'ext_des',
|
|
|
|
|
'md5'=>'md5',
|
|
|
|
|
'k5key'=>'k5key',
|
|
|
|
|
'md5crypt'=>'md5crypt',
|
|
|
|
|
'sha'=>'sha',
|
|
|
|
|
'smd5'=>'smd5',
|
|
|
|
|
'ssha'=>'ssha',
|
|
|
|
|
'sha256'=>'sha256',
|
|
|
|
|
'ssha256'=>'ssha256',
|
|
|
|
|
'sha384'=>'sha384',
|
|
|
|
|
'ssha384'=>'ssha384',
|
|
|
|
|
'sha512'=>'sha512',
|
|
|
|
|
'ssha512'=>'ssha512',
|
|
|
|
|
'sha256crypt'=>'sha256crypt',
|
|
|
|
|
'sha512crypt'=>'sha512crypt',
|
|
|
|
|
)*/
|
|
|
|
|
# $config->custom->password['available_types'] = array(''=>'clear','md5'=>'md5');
|
|
|
|
|
|
|
|
|
|
/* PHP script timeout control. If php runs longer than this many seconds then
|
|
|
|
|
PHP will stop with an Maximum Execution time error. Increase this value from
|
|
|
|
|
the default if queries to your LDAP server are slow. The default is either
|
|
|
|
@@ -173,6 +198,10 @@ $config->custom->commands['script'] = array(
|
|
|
|
|
// $config->custom->appearance['tree_width'] = null;
|
|
|
|
|
# $config->custom->appearance['tree_width'] = 250;
|
|
|
|
|
|
|
|
|
|
/* Number of tree command icons to show, 0 = show all icons on 1 row. */
|
|
|
|
|
// $config->custom->appearance['tree_icons'] = 0;
|
|
|
|
|
# $config->custom->appearance['tree_icons'] = 4;
|
|
|
|
|
|
|
|
|
|
/* Confirm create and update operations, allowing you to review the changes
|
|
|
|
|
and optionally skip attributes during the create/update operation. */
|
|
|
|
|
// $config->custom->confirm['create'] = true;
|
|
|
|
@@ -235,7 +264,7 @@ $config->custom->appearance['friendly_attrs'] = array(
|
|
|
|
|
*********************************************/
|
|
|
|
|
|
|
|
|
|
/* Add "modify group members" link to the attribute. */
|
|
|
|
|
// $config->custom->modify_member['groupattr'] = array('member','uniqueMember','memberUid');
|
|
|
|
|
// $config->custom->modify_member['groupattr'] = array('member','uniqueMember','memberUid','sudoUser');
|
|
|
|
|
|
|
|
|
|
/* Configure filter for member search. This only applies to "modify group members" feature */
|
|
|
|
|
// $config->custom->modify_member['filter'] = '(objectclass=Person)';
|
|
|
|
@@ -310,12 +339,13 @@ $servers->setValue('server','base',array('dc=infra'));
|
|
|
|
|
login will be required to use phpLDAPadmin for this server.
|
|
|
|
|
5. 'sasl': login will be taken from the webserver's kerberos authentication.
|
|
|
|
|
Currently only GSSAPI has been tested (using mod_auth_kerb).
|
|
|
|
|
6. 'sasl_external': login will be taken from SASL external mechanism.
|
|
|
|
|
|
|
|
|
|
Choose wisely to protect your authentication information appropriately for
|
|
|
|
|
your situation. If you choose 'cookie', your cookie contents will be
|
|
|
|
|
encrypted using blowfish and the secret your specify above as
|
|
|
|
|
session['blowfish']. */
|
|
|
|
|
$servers->setValue('login','auth_type','cookie');
|
|
|
|
|
// $servers->setValue('login','auth_type','session');
|
|
|
|
|
|
|
|
|
|
/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or
|
|
|
|
|
'cookie','session' or 'sasl' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS
|
|
|
|
@@ -334,6 +364,22 @@ $servers->setValue('login','bind_pass','');
|
|
|
|
|
/* Use TLS (Transport Layer Security) to connect to the LDAP server. */
|
|
|
|
|
$servers->setValue('server','tls',false);
|
|
|
|
|
|
|
|
|
|
/* TLS Certificate Authority file (overrides ldap.conf, PHP 7.1+) */
|
|
|
|
|
// $servers->setValue('server','tls_cacert',null);
|
|
|
|
|
# $servers->setValue('server','tls_cacert','/etc/openldap/certs/ca.crt');
|
|
|
|
|
|
|
|
|
|
/* TLS Certificate Authority hashed directory (overrides ldap.conf, PHP 7.1+) */
|
|
|
|
|
// $servers->setValue('server','tls_cacertdir',null);
|
|
|
|
|
# $servers->setValue('server','tls_cacertdir','/etc/openldap/certs');
|
|
|
|
|
|
|
|
|
|
/* TLS Client Certificate file (PHP 7.1+) */
|
|
|
|
|
// $servers->setValue('server','tls_cert',null);
|
|
|
|
|
# $servers->setValue('server','tls_cert','/etc/pki/tls/certs/ldap_user.crt');
|
|
|
|
|
|
|
|
|
|
/* TLS Client Certificate Key file (PHP 7.1+) */
|
|
|
|
|
// $servers->setValue('server','tls_key',null);
|
|
|
|
|
# $servers->setValue('server','tls_key','/etc/pki/tls/private/ldap_user.key');
|
|
|
|
|
|
|
|
|
|
/************************************
|
|
|
|
|
* SASL Authentication *
|
|
|
|
|
************************************/
|
|
|
|
@@ -341,11 +387,19 @@ $servers->setValue('server','tls',false);
|
|
|
|
|
/* Enable SASL authentication LDAP SASL authentication requires PHP 5.x
|
|
|
|
|
configured with --with-ldap-sasl=DIR. If this option is disabled (ie, set to
|
|
|
|
|
false), then all other sasl options are ignored. */
|
|
|
|
|
// $servers->setValue('login','auth_type','sasl');
|
|
|
|
|
# $servers->setValue('login','auth_type','sasl');
|
|
|
|
|
|
|
|
|
|
/* SASL auth mechanism */
|
|
|
|
|
/* SASL GSSAPI auth mechanism (requires auth_type of sasl) */
|
|
|
|
|
// $servers->setValue('sasl','mech','GSSAPI');
|
|
|
|
|
|
|
|
|
|
/* SASL PLAIN support... this mech converts simple binds to SASL
|
|
|
|
|
PLAIN binds using any auth_type (or other bind_id/pass) as credentials.
|
|
|
|
|
NOTE: auth_type must be simple auth compatible (ie not sasl) */
|
|
|
|
|
# $servers->setValue('sasl','mech','PLAIN');
|
|
|
|
|
|
|
|
|
|
/* SASL EXTERNAL support... really a different auth_type */
|
|
|
|
|
# $servers->setValue('login','auth_type','sasl_external');
|
|
|
|
|
|
|
|
|
|
/* SASL authentication realm name */
|
|
|
|
|
// $servers->setValue('sasl','realm','');
|
|
|
|
|
# $servers->setValue('sasl','realm','EXAMPLE.COM');
|
|
|
|
@@ -400,6 +454,12 @@ $servers->setValue('server','tls',false);
|
|
|
|
|
setup. */
|
|
|
|
|
// $servers->setValue('login','class',array());
|
|
|
|
|
|
|
|
|
|
/* If login_attr was set to 'dn', it is possible to specify a template string to
|
|
|
|
|
build the DN from. Use '%s' where user input should be inserted. A user may
|
|
|
|
|
still enter the complete DN. In this case the template will not be used. */
|
|
|
|
|
// $servers->setValue('login','bind_dn_template',null);
|
|
|
|
|
# $servers->setValue('login','bind_dn_template','cn=%s,ou=people,dc=example,dc=com');
|
|
|
|
|
|
|
|
|
|
/* If you specified something different from 'dn', for example 'uid', as the
|
|
|
|
|
login_attr above, you can optionally specify here to fall back to
|
|
|
|
|
authentication with dn.
|
|
|
|
@@ -420,6 +480,9 @@ $servers->setValue('server','tls',false);
|
|
|
|
|
/* Set to true if you would like to initially open the first level of each tree. */
|
|
|
|
|
// $servers->setValue('appearance','open_tree',false);
|
|
|
|
|
|
|
|
|
|
/* Set to true to display authorization ID in place of login dn (PHP 7.2+) */
|
|
|
|
|
// $servers->setValue('appearance','show_authz',false);
|
|
|
|
|
|
|
|
|
|
/* This feature allows phpLDAPadmin to automatically determine the next
|
|
|
|
|
available uidNumber for a new entry. */
|
|
|
|
|
// $servers->setValue('auto_number','enable',true);
|
|
|
|
@@ -556,7 +619,7 @@ $servers->setValue('appearance','show_create',true);
|
|
|
|
|
$servers->setValue('auto_number','enable',true);
|
|
|
|
|
$servers->setValue('auto_number','mechanism','search');
|
|
|
|
|
$servers->setValue('auto_number','search_base',null);
|
|
|
|
|
$servers->setValue('auto_number','min',array('uidNumber'=>10000,'gidNumber'=>5000));
|
|
|
|
|
$servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500));
|
|
|
|
|
$servers->setValue('auto_number','dn',null);
|
|
|
|
|
$servers->setValue('auto_number','pass',null);
|
|
|
|
|
|
|
|
|
@@ -573,4 +636,19 @@ $servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','p
|
|
|
|
|
$servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock'));
|
|
|
|
|
$servers->setValue('server','force_may',array('uidNumber','gidNumber','sambaSID'));
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/***********************************************************************************
|
|
|
|
|
* If you want to configure Google reCAPTCHA on autentication form, do so below. *
|
|
|
|
|
* Remove the commented lines and use this section as a template for all *
|
|
|
|
|
* reCAPTCHA v2 Generate on https://www.google.com/recaptcha/ *
|
|
|
|
|
* *
|
|
|
|
|
* IMPORTANT: Select reCAPTCHA v2 on Type of reCAPTCHA *
|
|
|
|
|
***********************************************************************************/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$config->custom->session['reCAPTCHA-enable'] = false;
|
|
|
|
|
$config->custom->session['reCAPTCHA-key-site'] = '<put-here-key-site>';
|
|
|
|
|
$config->custom->session['reCAPTCHA-key-server'] = '<put-here-key-server>';
|
|
|
|
|
|
|
|
|
|
?>
|
|
|
|
|
Sharad Ahlawat