Add timeout, version and binary attributes options for LDAP configuration (closes #129)
This commit is contained in:
parent
f51a9c3fae
commit
1dc1f926e4
|
@ -1601,7 +1601,7 @@ level1Key => { level2Key => 'value' },
|
|||
</tr>
|
||||
|
||||
<tr class="table-odd">
|
||||
<td>LDAP Password encoding</td>
|
||||
<td>LDAP password encoding</td>
|
||||
|
||||
<td>ldapPwdEnc</td>
|
||||
|
||||
|
@ -1611,6 +1611,42 @@ level1Key => { level2Key => 'value' },
|
|||
|
||||
<td>utf-8</td>
|
||||
</tr>
|
||||
|
||||
<tr class="table-even">
|
||||
<td>LDAP timeout</td>
|
||||
|
||||
<td>ldapTimeout</td>
|
||||
|
||||
<td>1.0</td>
|
||||
|
||||
<td>Yes</td>
|
||||
|
||||
<td>120</td>
|
||||
</tr>
|
||||
|
||||
<tr class="table-odd">
|
||||
<td>LDAP version</td>
|
||||
|
||||
<td>ldapVersion</td>
|
||||
|
||||
<td>1.0</td>
|
||||
|
||||
<td>Yes</td>
|
||||
|
||||
<td>3</td>
|
||||
</tr>
|
||||
|
||||
<tr class="table-even">
|
||||
<td>Binary attributes</td>
|
||||
|
||||
<td>ldapRaw</td>
|
||||
|
||||
<td>1.0</td>
|
||||
|
||||
<td>Yes</td>
|
||||
|
||||
<td> </td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<h4 class="heading-1-1-1"><span id="HDBI">DBI</span></h4><br />
|
||||
|
|
|
@ -99,40 +99,55 @@ authentication => LDAP,
|
|||
</pre>
|
||||
</div><br />
|
||||
<br />
|
||||
If no authentication backend is configured, LDAP is choosen by
|
||||
If no authentication backend is configured, LDAP is chosen by
|
||||
default.<br />
|
||||
<br />
|
||||
You can use the following parameters, in Manager or in portal/index.pl:
|
||||
|
||||
<ul class="star">
|
||||
<li>ldapServer: server(s) used to retrive session informations and to
|
||||
valid credentials (localhost by default). More than one server can be
|
||||
set here separated by commas. The servers will be tested in the
|
||||
specifies order. To use TLS, set "ldap+tls://server" and to use LDAPS,
|
||||
set ldaps://server" instead of server name. If you use TLS, you can set
|
||||
any of the Net::LDAP->start_tls() sub like
|
||||
<li><strong class="strong">ldapServer</strong>: server(s) used to
|
||||
retrieve session informations and to valid credentials (localhost by
|
||||
default). More than one server can be set here separated by commas. The
|
||||
servers will be tested in the specifies order. To use TLS, set
|
||||
"ldap+tls://server" and to use LDAPS, set ldaps://server" instead of
|
||||
server name. If you use TLS, you can set any of the
|
||||
Net::LDAP->start_tls() sub like
|
||||
"ldap/tls://server/verify=none&capath=/etc/ssl". You can also use
|
||||
caFile and caPath parameters.</li>
|
||||
|
||||
<li>ldapPort: TCP port used by LDAP server. Can be overriden by an LDAP
|
||||
URI in ldapServer.</li>
|
||||
<li><strong class="strong">ldapPort</strong>: TCP port used by LDAP
|
||||
server. Can be overriden by an LDAP URI in ldapServer.</li>
|
||||
|
||||
<li>ldapBase: Base of search in the LDAP directory.</li>
|
||||
<li><strong class="strong">ldapBase</strong>: Base of search in the LDAP
|
||||
directory.</li>
|
||||
|
||||
<li>LDAPFilter and AuthLDAPFilter: filter for the search in LDAP
|
||||
<li><strong class="strong">LDAPFilter</strong> and <strong class=
|
||||
"strong">AuthLDAPFilter</strong>: filter for the search in LDAP
|
||||
directory. Default is
|
||||
(&(uid=$user)(objectClass=inetOrgPerson)).</li>
|
||||
|
||||
<li>managerDn: DN used to connect to LDAP server. By default, anonymous
|
||||
bind is used.</li>
|
||||
<li><strong class="strong">managerDn</strong>: DN used to connect to
|
||||
LDAP server. By default, anonymous bind is used.</li>
|
||||
|
||||
<li>managerPassword: password to used to connect to ldap server. By
|
||||
default, anonymous bind is used.</li>
|
||||
<li><strong class="strong">managerPassword</strong>: password to used to
|
||||
connect to LDAP server. By default, anonymous bind is used.</li>
|
||||
|
||||
<li>ldapPpolicyControl: set to 1 to use LDAP Password Policy control
|
||||
(see <span class="wikilink"><a href=
|
||||
<li><strong class="strong">ldapPpolicyControl</strong>: set to 1 to use
|
||||
LDAP Password Policy control (see <span class="wikilink"><a href=
|
||||
"4.9-Configure-password-policy.html">LDAP Password
|
||||
Policy</a></span>).</li>
|
||||
|
||||
<li><strong class="strong">ldapPwdEnc</strong>: encoding of the
|
||||
password.</li>
|
||||
|
||||
<li><strong class="strong">ldapTimeout</strong>: server idle
|
||||
timeout.</li>
|
||||
|
||||
<li><strong class="strong">ldapVersion</strong>: LDAP protocol
|
||||
version.</li>
|
||||
|
||||
<li><strong class="strong">ldapRaw</strong>: regular expression matching
|
||||
binary attributes.</li>
|
||||
</ul>
|
||||
|
||||
<h3 class="heading-1-1"><span id=
|
||||
|
|
|
@ -356,7 +356,10 @@ sub help_ldap_en {
|
|||
access to the wanted LDAP attributes. This account is used before LDAP
|
||||
authentication to find user DN. It is also used for password modification.
|
||||
</li>
|
||||
<li>Password: password corresponding to the account above.
|
||||
<li>Password: password corresponding to the account above.</li>
|
||||
<li>Timeout: Idle timeout of the server in seconds (by default: 120).</li>
|
||||
<li>Version: protocol version (by default: 3).</li>
|
||||
<li>Binary attributes: regular expression to match binary attributes (see Net::LDAP(3) manual page).</li>
|
||||
</ul>
|
||||
EOT
|
||||
}
|
||||
|
@ -397,7 +400,10 @@ sub help_ldap_fr {
|
|||
anonyme. Ce compte est utilisé avant l'authentification pour trouver
|
||||
le dn de l'utilisateur. Il est également utilisé pour la modification du mot de passe.
|
||||
</li>
|
||||
<li>Mot de passe LDAP: mot de passe correspondant au compte ci-dessus.
|
||||
<li>Mot de passe LDAP: mot de passe correspondant au compte ci-dessus.</li>
|
||||
<li>Temps maximum d'inactivité: temps maximum d'inactivité du serveur en secondes (par défaut: 120).</li>
|
||||
<li>Version: version du protocole (par défaut: 3).</li>
|
||||
<li>Attributs binaires: expression régulière de correspondance des attributs binaires (voir le manuel Net::LDAP(3)).</li>
|
||||
</ul>
|
||||
EOT
|
||||
}
|
||||
|
|
|
@ -334,13 +334,16 @@ sub struct {
|
|||
|
||||
ldapConnection => {
|
||||
_nodes => [
|
||||
qw(ldapServer ldapPort ldapBase managerDn managerPassword)
|
||||
qw(ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw)
|
||||
],
|
||||
ldapServer => 'text:/ldapServer',
|
||||
ldapPort => 'int:/ldapPort',
|
||||
ldapBase => 'text:/ldapBase',
|
||||
managerDn => 'text:/managerDn',
|
||||
managerPassword => 'text:/managerPassword',
|
||||
ldapTimeout => 'int:/ldapTimeout',
|
||||
ldapVersion => 'int:/ldapVersion',
|
||||
ldapRaw => 'text:/ldapRaw',
|
||||
},
|
||||
|
||||
ldapFilters => {
|
||||
|
@ -1052,6 +1055,9 @@ sub testStruct {
|
|||
ldapGroupAttributeNameUser => $testNotDefined,
|
||||
ldapGroupAttributeNameSearch => $testNotDefined,
|
||||
ldapGroupAttributeNameGroup => $testNotDefined,
|
||||
ldapTimeout => $testNotDefined,
|
||||
ldapVersion => $testNotDefined,
|
||||
ldapRaw => $testNotDefined,
|
||||
locationRules => {
|
||||
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
|
||||
msgFail => 'Bad virtual host name',
|
||||
|
@ -1361,6 +1367,8 @@ sub defaultConf {
|
|||
ldapPort => '389',
|
||||
ldapPwdEnc => 'utf-8',
|
||||
ldapServer => 'localhost',
|
||||
ldapTimeout => '120',
|
||||
ldapVersion => '3',
|
||||
locationRules => { 'test.example.com' => { default => 'accept' }, },
|
||||
managerDn => '',
|
||||
managerPassword => '',
|
||||
|
|
|
@ -118,8 +118,11 @@ sub en {
|
|||
ldapPpolicyControl => 'Password policy control',
|
||||
ldapPort => 'Server port',
|
||||
ldapPwdEnc => 'LDAP password encoding',
|
||||
ldapRaw => 'Binary attributes',
|
||||
ldapServer => 'Server host',
|
||||
ldapSetPassword => 'Password modify extended operation',
|
||||
ldapTimeout => 'Timeout',
|
||||
ldapVersion => 'Version',
|
||||
logParams => 'Logs',
|
||||
macros => 'Macros',
|
||||
mailBody => 'Success mail content',
|
||||
|
@ -401,8 +404,11 @@ sub fr {
|
|||
ldapPpolicyControl => 'Contrôle password policy',
|
||||
ldapPort => 'Port',
|
||||
ldapPwdEnc => 'Encodage des mots de passe LDAP',
|
||||
ldapRaw => 'Attributs binaires',
|
||||
ldapServer => 'Hôte',
|
||||
ldapSetPassword => 'Opération étendue password modify',
|
||||
ldapTimeout => 'Temps maximum d\'inactivité',
|
||||
ldapVersion => 'Version',
|
||||
logParams => 'Journalisation',
|
||||
macros => 'Macros',
|
||||
mailBody => 'Contenu du message de succès',
|
||||
|
|
|
@ -44,6 +44,9 @@ sub new {
|
|||
\@servers,
|
||||
onerror => undef,
|
||||
( $portal->{ldapPort} ? ( port => $portal->{ldapPort} ) : () ),
|
||||
( $portal->{ldapTimeout} ? ( timeout => $portal->{ldapTimeout} ) : () ),
|
||||
( $portal->{ldapVersion} ? ( version => $portal->{ldapVersion} ) : () ),
|
||||
( $portal->{ldapRaw} ? ( raw => $portal->{ldapRaw} ) : () ),
|
||||
);
|
||||
unless ($self) {
|
||||
$portal->lmLog( $@, 'error' );
|
||||
|
|
Loading…
Reference in New Issue
Block a user