commit 61e887be23445e6cdeb2adc69e26b686c0c55aa2
parent abf3b852df37184821fb9f7a26f337276bc3b173
Author: dankert <devnull@localhost>
Date: Sun, 21 Jan 2007 23:04:18 +0100
Neue Einstellungen f?r LDAP-Zugriff. Konfigurationsbereich "auth" entfernt.
Diffstat:
3 files changed, 64 insertions(+), 15 deletions(-)
diff --git a/config/ldap.ini.php b/config/ldap.ini.php
@@ -1,7 +1,41 @@
; <?php exit('direct access denied') ?>
; Openrat is able to check passwords against a LDAP-based directory.
-; Every user checking against LDAP needs a LDAP dn in his properties.
-host= ; host of ldap server ( blank if not used )
-port= ; port of ldap server ( blank if not used )-
\ No newline at end of file
+host="localhost" ; host of ldap server
+port="389" ; port of ldap server
+protocol="2" ; protocol version ('2' or '3')
+
+
+; Settings for authentication against a LDAP directory
+; This is only activated, if the setting '/security/auth/type' is 'ldap'.
+[search]
+
+; use of anonymous bind ('true' or 'false')
+; if 'true', the following user and password settings are ignored.
+anonymous = true
+
+; if 'anonymous' is 'false': DN of technical user for searching the real user DN
+user = "uid=openrat,ou=users,dc=example,dc=com"
+
+; if 'anonymous' is 'false': password of technical user
+password = "verysecret"
+
+; Base-DN of the subtree where the search begins
+basedn = "dc=example,dc=com"
+
+; Filter setting for searching the user objects.
+; The string {user} will be replaced by the user name.
+filter = "(uid={user})"
+
+; Aliases are dereferenced ('true' or 'false')
+aliases = true
+
+; Timeout in seconds
+timeout = 30
+
+; If the user is found in the LDAP tree, but is not yet stored in the internal database.
+; 'true' the user will be logged in and automatically inserted in the internal database.
+; 'false' login will be rejected, all users must exist in the internal database.
+add = true
+
diff --git a/config/openrat-cms/auth.ini.php b/config/openrat-cms/auth.ini.php
@@ -1,11 +0,0 @@
-; <?php exit('direct access denied') ?>
-
-; Type of authorization.
-; 'http' uses the HTTP Basic Authrization.
-; Only available if PHP is used in the module version.
-; Not available, if PHP is used via the CGI way.
-; Only the default database is available (because there is no way to select another one)
-; 'form' shows a login form via a HTML page (default).
-
-type=form
-;type=http
diff --git a/config/security.ini.php b/config/security.ini.php
@@ -12,6 +12,33 @@ nopublish=false
umask=0002
+
+[login]
+; Type of authorization.
+; 'http' uses the HTTP Basic Authrization.
+; Only available if PHP is used in the module version.
+; Not available, if PHP is used via the CGI way.
+; Only the default database is available (because there is no way to select another one)
+; 'form' shows a login form via a HTML page (default).
+
+type=form
+;type=http
+
+
+
+[auth]
+; this is the backend where the passwords are checked against.
+; 'database' uses the internal database table as password store.
+; 'ldap' uses an external LDAP directory for password checking.
+type=database
+
+; per-user setting of the LDAP DN.
+; 'true' users which have there LDAP-DN explicitly stored are authenticated against LDAP.
+; 'false' no LDAP-DN storage per user.
+userdn=false
+
+
+
[password]
; length of automatic generated password