20110601 a phpldapadmin configphp - plembo/onemoretech GitHub Wiki
title: A phpldapadmin config.php link: https://onemoretech.wordpress.com/2011/06/01/a-phpldapadmin-configphp/ author: lembobro description: post_id: 34 created: 2011/06/01 00:22:42 created_gmt: 2011/06/01 00:22:42 comment_status: open post_name: a-phpldapadmin-configphp status: publish post_type: post
A phpldapadmin config.php
This is for a home install of phpldapadmin, version 1.1.0.4 (the latest release is 1.2.1.1 and a recent alert on the project website warns about a vulnerability that affects versions prior to 1.2.x -- yes, I'll get there eventually). Configuration file would be be "[docroot]/phpldapadmin/config/config.php", e.g. "/var/www/html/phpldapadmin/config/config.php". This is a just a data dump, standard comments and all, with hostname information obfuscated to protect the innocent.
<?php
/** NOTE **
** Make sure that <?php is the FIRST line of this file!
** IE: There should NOT be any blank lines or spaces BEFORE custom variable to do so.
* For example, the default for defining the language in config_default.php
*
* $this->default->appearance['lang'] = array(
* 'desc'=>'Language',
* 'default'=>'auto');
*
* to override this, use $config->custom->appearance['lang'] = 'en';
*
* This file is also used to configure your LDAP server connections.
*
* You must specify at least one LDAP server there. You may add
* as many as you like. You can also specify your language, and
* many other options.
*
* NOTE: Commented out values in this file prefixed by //, represent the
* defaults that have been defined in config_default.php.
* Commented out values prefixed by #, dont reflect their default value, you can
* check config_default.php if you want to see what the default is.
*
* DONT change config_default.php, you changes will be lost by the next release
* of PLA. Instead change this file - as it will NOT be replaced by a new
* version of phpLDAPadmin.
*/
/*********************************************/
/* Useful important configuration overrides */
/*********************************************/
/* If you are asked to put pla in debug mode, this is how you do it: */
# $config->custom->debug['level'] = 255;
# $config->custom->debug['syslog'] = true;
# $config->custom->debug['file'] = '/tmp/pla_debug.log';
/* phpLDAPadmin can encrypt the content of sensitive cookies if you set this
to a big random string. */
$config->custom->session['blowfish'] = '';
/* The language setting. If you set this to 'auto', phpLDAPadmin will attempt
to determine your language automatically. Otherwise, available lanaguages
are: 'ct', 'de', 'en', 'es', 'fr', 'it', 'nl', and 'ru'
Localization is not complete yet, but most strings have been translated.
Please help by writing language files. See lang/en.php for an example. */
// $config->custom->appearance['language'] = 'auto';
/* The temporary storage directory where we will put jpegPhoto data
This directory must be readable and writable by your web server. */
// $config->custom->jpeg['tmpdir'] = "/tmp"; // Example for Unix systems
# $config->custom->jpeg['tmpdir'] = "c:\temp"; // Example for Windows systems
/* Set this to (bool)true if you do NOT want a random salt used when
calling crypt(). Instead, use the first two letters of the user's
password. This is insecure but unfortunately needed for some older
environments. */
# $config->custom->password['no_random_crypt_salt'] = true;
/* Configure what objects are shown in left hand tree */
// $config->custom->appearance['tree_filter'] = '(objectclass=*)';
/*********************************************/
/* Define your LDAP servers in this section */
/*********************************************/
$i=0;
$ldapservers = new LDAPServers;
/* A convenient name that will appear in the tree viewer and throughout
phpLDAPadmin to identify this LDAP server to users. */
$ldapservers->SetValue($i,'server','name','My LDAP Server');
/* Examples:
'ldap.example.com',
'ldaps://ldap.example.com/',
'ldapi://%2fusr%local%2fvar%2frun%2fldapi'
(Unix socket at /usr/local/var/run/ldap) */
// $ldapservers->SetValue($i,'server','host','127.0.0.1');
/* The port your LDAP server listens on (no quotes). 389 is standard. */
// $ldapservers->SetValue($i,'server','port','389');
/* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin
auto-detect it for you. */
// $ldapservers->SetValue($i,'server','base',array(''));
/* Three options for auth_type:
1. 'cookie': you will login via a web form, and a client-side cookie will
store your login dn and password.
2. 'session': same as cookie but your login dn and password are stored on the
web server in a persistent session variable.
3. 'config': specify your login dn and password here in this config file. No
login will be required to use phpLDAPadmin for this server.
Choose wisely to protect your authentication information appropriately for
your situation. If you choose 'cookie', your cookie contents will be
encrypted using blowfish and the secret your specify above as
session['blowfish']. */
// $ldapservers->SetValue($i,'server','auth_type','cookie');
/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or
'cookie' or 'session' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS BLANK. If
you specify a login_attr in conjunction with a cookie or session auth_type,
then you can also specify the login_dn/login_pass here for searching the
directory for users (ie, if your LDAP server does not allow anonymous binds. */
// $ldapservers->SetValue($i,'login','dn','');
# $ldapservers->SetValue($i,'login','dn','cn=Manager,dc=example,dc=com');
/* Your LDAP password. If you specified an empty login_dn above, this MUST also
be blank. */
// $ldapservers->SetValue($i,'login','pass','');
# $ldapservers->SetValue($i,'login','pass','secret');
/* Use TLS (Transport Layer Security) to connect to the LDAP server. */
// $ldapservers->SetValue($i,'server','tls',false);
/************************************
* SASL Authentication *
************************************/
/* Enable SASL authentication LDAP SASL authentication requires PHP 5.x
configured with --with-ldap-sasl=DIR. If this option is disabled (ie, set to
false), then all other sasl options are ignored. */
// $ldapservers->SetValue($i,'server','sasl_auth',false);
/* SASL auth mechanism */
// $ldapservers->SetValue($i,'server','sasl_mech','PLAIN');
/* SASL authentication realm name */
// $ldapservers->SetValue($i,'server','sasl_realm','');
# $ldapservers->SetValue($i,'server','sasl_realm',"example.com");
/* SASL authorization ID name
If this option is undefined, authorization id will be computed from bind DN,
using sasl_authz_id_regex and sasl_authz_id_replacement. */
// $ldapservers->SetValue($i,'server','sasl_authz_id', null);
/* SASL authorization id regex and replacement
When sasl_authz_id property is not set (default), phpLDAPAdmin will try to
figure out authorization id by itself from bind distinguished name (DN).
This procedure is done by calling preg_replace() php function in the
following way:
$authz_id = preg_replace($sasl_authz_id_regex,$sasl_authz_id_replacement,
$bind_dn);
For info about pcre regexes, see:
- pcre(3), perlre(3)
- http://www.php.net/preg_replace */
// $ldapservers->SetValue($i,'server','sasl_authz_id_regex',null);
// $ldapservers->SetValue($i,'server','sasl_authz_id_replacement',null);
# $ldapservers->SetValue($i,'server','sasl_authz_id_regex','/^uid=([^,]+)(.+)/i');
# $ldapservers->SetValue($i,'server','sasl_authz_id_replacement','$1');
/* SASL auth security props.
See http://beepcore-tcl.sourceforge.net/tclsasl.html#anchor5 for explanation.
*/
// $ldapservers->SetValue($i,'server','sasl_props',null);
/* If the link between your web server and this LDAP server is slow, it is
recommended that you set 'low_bandwidth' to true. This will enable
phpLDAPadmin to forego some "fancy" features to conserve bandwidth. */
// $ldapservers->SetValue($i,'server','low_bandwidth',false);
/* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5,
Copyright 2004-2019 Phil Lembo