dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add timeout, version and binary attributes options for LDAP configuration (closes #129)

Browse Source
This commit is contained in:
Clément Oudot 2010-07-28 10:00:30 +00:00
parent f51a9c3fae
commit 1dc1f926e4
6 changed files with 95 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
build/lemonldap-ng/doc/4.1-Configuration-parameter-list.html
View File

@ -1601,7 +1601,7 @@ level1Key => { level2Key => 'value' },
</tr>
<tr class="table-odd">
<td>LDAP Password encoding</td>
<td>LDAP password encoding</td>
<td>ldapPwdEnc</td>
@ -1611,6 +1611,42 @@ level1Key =&gt; { level2Key =&gt; 'value' },
<td>utf-8</td>
</tr>
<tr class="table-even">
<td>LDAP timeout</td>
<td>ldapTimeout</td>
<td>1.0</td>
<td>Yes</td>
<td>120</td>
</tr>
<tr class="table-odd">
<td>LDAP version</td>
<td>ldapVersion</td>
<td>1.0</td>
<td>Yes</td>
<td>3</td>
</tr>
<tr class="table-even">
<td>Binary attributes</td>
<td>ldapRaw</td>
<td>1.0</td>
<td>Yes</td>
<td>&nbsp;</td>
</tr>
</table>
<h4 class="heading-1-1-1"><span id="HDBI">DBI</span></h4><br />

49
build/lemonldap-ng/doc/4.5-LDAP-authentication-backend.html
View File

@ -99,40 +99,55 @@ authentication =&gt; LDAP,
</pre>
</div><br />
<br />
If no authentication backend is configured, LDAP is choosen by
If no authentication backend is configured, LDAP is chosen by
default.<br />
<br />
You can use the following parameters, in Manager or in portal/index.pl:
<ul class="star">
<li>ldapServer: server(s) used to retrive session informations and to
valid credentials (localhost by default). More than one server can be
set here separated by commas. The servers will be tested in the
specifies order. To use TLS, set "ldap+tls://server" and to use LDAPS,
set ldaps://server" instead of server name. If you use TLS, you can set
any of the Net::LDAP-&gt;start_tls() sub like
<li><strong class="strong">ldapServer</strong>: server(s) used to
retrieve session informations and to valid credentials (localhost by
default). More than one server can be set here separated by commas. The
servers will be tested in the specifies order. To use TLS, set
"ldap+tls://server" and to use LDAPS, set ldaps://server" instead of
server name. If you use TLS, you can set any of the
Net::LDAP-&gt;start_tls() sub like
"ldap/tls://server/verify=none&amp;capath=/etc/ssl". You can also use
caFile and caPath parameters.</li>
<li>ldapPort: TCP port used by LDAP server. Can be overriden by an LDAP
URI in ldapServer.</li>
<li><strong class="strong">ldapPort</strong>: TCP port used by LDAP
server. Can be overriden by an LDAP URI in ldapServer.</li>
<li>ldapBase: Base of search in the LDAP directory.</li>
<li><strong class="strong">ldapBase</strong>: Base of search in the LDAP
directory.</li>
<li>LDAPFilter and AuthLDAPFilter: filter for the search in LDAP
<li><strong class="strong">LDAPFilter</strong> and <strong class=
"strong">AuthLDAPFilter</strong>: filter for the search in LDAP
directory. Default is
(&amp;(uid=$user)(objectClass=inetOrgPerson)).</li>
<li>managerDn: DN used to connect to LDAP server. By default, anonymous
bind is used.</li>
<li><strong class="strong">managerDn</strong>: DN used to connect to
LDAP server. By default, anonymous bind is used.</li>
<li>managerPassword: password to used to connect to ldap server. By
default, anonymous bind is used.</li>
<li><strong class="strong">managerPassword</strong>: password to used to
connect to LDAP server. By default, anonymous bind is used.</li>
<li>ldapPpolicyControl: set to 1 to use LDAP Password Policy control
(see <span class="wikilink"><a href=
<li><strong class="strong">ldapPpolicyControl</strong>: set to 1 to use
LDAP Password Policy control (see <span class="wikilink"><a href=
"4.9-Configure-password-policy.html">LDAP Password
Policy</a></span>).</li>
<li><strong class="strong">ldapPwdEnc</strong>: encoding of the
password.</li>
<li><strong class="strong">ldapTimeout</strong>: server idle
timeout.</li>
<li><strong class="strong">ldapVersion</strong>: LDAP protocol
version.</li>
<li><strong class="strong">ldapRaw</strong>: regular expression matching
binary attributes.</li>
</ul>
<h3 class="heading-1-1"><span id=

10
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Help.pm
View File

@ -356,7 +356,10 @@ sub help_ldap_en {
access to the wanted LDAP attributes. This account is used before LDAP
authentication to find user DN. It is also used for password modification.
</li>
<li>Password: password corresponding to the account above.
<li>Password: password corresponding to the account above.</li>
<li>Timeout: Idle timeout of the server in seconds (by default: 120).</li>
<li>Version: protocol version (by default: 3).</li>
<li>Binary attributes: regular expression to match binary attributes (see Net::LDAP(3) manual page).</li>
</ul>
EOT
}
@ -397,7 +400,10 @@ sub help_ldap_fr {
anonyme. Ce compte est utilisé avant l'authentification pour trouver
le dn de l'utilisateur. Il est également utilisé pour la modification du mot de passe.
</li>
<li>Mot de passe LDAP: mot de passe correspondant au compte ci-dessus.
<li>Mot de passe LDAP: mot de passe correspondant au compte ci-dessus.</li>
<li>Temps maximum d'inactivité: temps maximum d'inactivité du serveur en secondes (par défaut: 120).</li>
<li>Version: version du protocole (par défaut: 3).</li>
<li>Attributs binaires: expression régulière de correspondance des attributs binaires (voir le manuel Net::LDAP(3)).</li>
</ul>
EOT
}

10
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
View File

@ -334,13 +334,16 @@ sub struct {
ldapConnection => {
_nodes => [
qw(ldapServer ldapPort ldapBase managerDn managerPassword)
qw(ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw)
],
ldapServer => 'text:/ldapServer',
ldapPort => 'int:/ldapPort',
ldapBase => 'text:/ldapBase',
managerDn => 'text:/managerDn',
managerPassword => 'text:/managerPassword',
ldapTimeout => 'int:/ldapTimeout',
ldapVersion => 'int:/ldapVersion',
ldapRaw => 'text:/ldapRaw',
},
ldapFilters => {
@ -1052,6 +1055,9 @@ sub testStruct {
ldapGroupAttributeNameUser => $testNotDefined,
ldapGroupAttributeNameSearch => $testNotDefined,
ldapGroupAttributeNameGroup => $testNotDefined,
ldapTimeout => $testNotDefined,
ldapVersion => $testNotDefined,
ldapRaw => $testNotDefined,
locationRules => {
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
msgFail => 'Bad virtual host name',
@ -1361,6 +1367,8 @@ sub defaultConf {
ldapPort => '389',
ldapPwdEnc => 'utf-8',
ldapServer => 'localhost',
ldapTimeout => '120',
ldapVersion => '3',
locationRules => { 'test.example.com' => { default => 'accept' }, },
managerDn => '',
managerPassword => '',

6
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
View File

@ -118,8 +118,11 @@ sub en {
ldapPpolicyControl => 'Password policy control',
ldapPort => 'Server port',
ldapPwdEnc => 'LDAP password encoding',
ldapRaw => 'Binary attributes',
ldapServer => 'Server host',
ldapSetPassword => 'Password modify extended operation',
ldapTimeout => 'Timeout',
ldapVersion => 'Version',
logParams => 'Logs',
macros => 'Macros',
mailBody => 'Success mail content',
@ -401,8 +404,11 @@ sub fr {
ldapPpolicyControl => 'Contrôle password policy',
ldapPort => 'Port',
ldapPwdEnc => 'Encodage des mots de passe LDAP',
ldapRaw => 'Attributs binaires',
ldapServer => 'Hôte',
ldapSetPassword => 'Opération étendue password modify',
ldapTimeout => 'Temps maximum d\'inactivité',
ldapVersion => 'Version',
logParams => 'Journalisation',
macros => 'Macros',
mailBody => 'Contenu du message de succès',

3
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_LDAP.pm
View File

@ -44,6 +44,9 @@ sub new {
\@servers,
onerror => undef,
( $portal->{ldapPort} ? ( port => $portal->{ldapPort} ) : () ),
( $portal->{ldapTimeout} ? ( timeout => $portal->{ldapTimeout} ) : () ),
( $portal->{ldapVersion} ? ( version => $portal->{ldapVersion} ) : () ),
( $portal->{ldapRaw} ? ( raw => $portal->{ldapRaw} ) : () ),
);
unless ($self) {
$portal->lmLog( $@, 'error' );