openrat-cms

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs
commit 61e887be23445e6cdeb2adc69e26b686c0c55aa2
parent abf3b852df37184821fb9f7a26f337276bc3b173
Author: dankert <devnull@localhost>
Date:   Sun, 21 Jan 2007 23:04:18 +0100

Neue Einstellungen f?r LDAP-Zugriff. Konfigurationsbereich "auth" entfernt.

Diffstat:

config/ldap.ini.php | 41+++++++++++++++++++++++++++++++++++++----


config/openrat-cms/auth.ini.php | 11-----------


config/security.ini.php | 27+++++++++++++++++++++++++++


3 files changed, 64 insertions(+), 15 deletions(-)

diff --git a/config/ldap.ini.php b/config/ldap.ini.php
@@ -1,7 +1,41 @@
 ; <?php exit('direct access denied') ?>
 
 ; Openrat is able to check passwords against a LDAP-based directory.
-; Every user checking against LDAP needs a LDAP dn in his properties.
 
-host=               ; host of ldap server ( blank if not used )  
-port=               ; port of ldap server ( blank if not used )-
\ No newline at end of file
+host="localhost"      ; host of ldap server  
+port="389"            ; port of ldap server
+protocol="2"          ; protocol version ('2' or '3')
+
+
+; Settings for authentication against a LDAP directory
+; This is only activated, if the setting '/security/auth/type' is 'ldap'.
+[search]
+
+; use of anonymous bind ('true' or 'false')
+; if 'true', the following user and password settings are ignored.
+anonymous = true
+
+; if 'anonymous' is 'false': DN of technical user for searching the real user DN
+user      = "uid=openrat,ou=users,dc=example,dc=com"
+
+; if 'anonymous' is 'false': password of technical user
+password  = "verysecret"
+
+; Base-DN of the subtree where the search begins
+basedn    = "dc=example,dc=com"
+
+; Filter setting for searching the user objects.
+; The string {user} will be replaced by the user name.
+filter    = "(uid={user})"
+
+; Aliases are dereferenced ('true' or 'false')
+aliases   = true
+
+; Timeout in seconds
+timeout   = 30
+
+; If the user is found in the LDAP tree, but is not yet stored in the internal database.
+; 'true'  the user will be logged in and automatically inserted in the internal database.
+; 'false' login will be rejected, all users must exist in the internal database.
+add       = true
+
diff --git a/config/openrat-cms/auth.ini.php b/config/openrat-cms/auth.ini.php
@@ -1,11 +0,0 @@
-; <?php exit('direct access denied') ?>
-
-; Type of authorization.
-; 'http' uses the HTTP Basic Authrization.
-;        Only available if PHP is used in the module version.
-;        Not available, if PHP is used via the CGI way.
-;        Only the default database is available (because there is no way to select another one)
-; 'form' shows a login form via a HTML page (default).
-
-type=form
-;type=http
diff --git a/config/security.ini.php b/config/security.ini.php
@@ -12,6 +12,33 @@ nopublish=false
 umask=0002
 
 
+
+[login]
+; Type of authorization.
+; 'http' uses the HTTP Basic Authrization.
+;        Only available if PHP is used in the module version.
+;        Not available, if PHP is used via the CGI way.
+;        Only the default database is available (because there is no way to select another one)
+; 'form' shows a login form via a HTML page (default).
+
+type=form
+;type=http
+
+
+
+[auth]
+; this is the backend where the passwords are checked against.
+; 'database' uses the internal database table as password store.  
+; 'ldap'     uses an external LDAP directory for password checking.  
+type=database
+
+; per-user setting of the LDAP DN.
+; 'true'  users which have there LDAP-DN explicitly stored are authenticated against LDAP.
+; 'false' no LDAP-DN storage per user.
+userdn=false
+
+
+
 [password]
 
 ; length of automatic generated password