1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
|
<?php
/*
* The phpLDAPadmin config file
*
* This is where you customize phpLDAPadmin. The most important
* part is immediately below: The "LDAP Servers" section.
* You must specify at least one LDAP server there. You may add
* as many as you like. You can also specify your language, and
* many other options.
*
*/
/**
* phpLDAPadmin can encrypt the content of sensitive cookies if you set this
* to a big random string.
*/
$blowfish_secret = '';
// Your LDAP servers
$i=0;
$servers = array();
$servers[$i]['name'] = 'My LDAP Server'; /* A convenient name that will appear in
the tree viewer and throughout phpLDAPadmin to
identify this LDAP server to users. */
$servers[$i]['host'] = 'ldap.example.com'; /* Examples:
'ldap.example.com',
'ldaps://ldap.example.com/',
'ldapi://%2fusr%local%2fvar%2frun%2fldapi'
(Unix socket at /usr/local/var/run/ldap)
Note: Leave 'host' blank to make phpLDAPadmin
ignore this server. */
$servers[$i]['base'] = 'dc=example,dc=com'; /* The base DN of your LDAP server. Leave this
blank to have phpLDAPadmin auto-detect it for you. */
$servers[$i]['port'] = 389; /* The port your LDAP server listens on
(no quotes). 389 is standard. */
$servers[$i]['auth_type'] = 'config'; /* Three options for auth_type:
1. 'cookie': you will login via a web form,
and a client-side cookie will store your
login dn and password.
2. 'session': same as cookie but your login dn
and password are stored on the web server in
a persistent session variable.
3. 'config': specify your login dn and password
here in this config file. No login will be
required to use phpLDAPadmin for this server.
Choose wisely to protect your authentication
information appropriately for your situation. If
you choose 'cookie', your cookie contents will be
encrypted using blowfish and the secret your specify
above as $blowfish_secret. */
$servers[$i]['login_dn'] = 'cn=Manager,dc=example,dc=com';
/* The DN of the user for phpLDAPadmin to bind with.
For anonymous binds or 'cookie' or 'session' auth_types,
leave the login_dn and login_pass blank. If you specify a
login_attr in conjunction with a cookie or session auth_type,
then you can also specify the login_dn/login_pass here for
searching the directory for users (ie, if your LDAP server
does not allow anonymous binds. */
$servers[$i]['login_pass'] = 'secret'; /* Your LDAP password. If you specified an empty login_dn above, this
MUST also be blank. */
$servers[$i]['tls'] = false; /* Use TLS (Transport Layer Security) to connect to the LDAP
server. */
$servers[$i]['low_bandwidth'] = false; /* If the link between your web server and this LDAP server is
slow, it is recommended that you set 'low_bandwidth' to true.
This will cause phpLDAPadmin to forego some "fancy" features
to conserve bandwidth. */
$servers[$i]['default_hash'] = 'crypt'; /* Default password hashing algorithm.
One of md5, ssha, sha, md5crpyt, smd5, blowfish, crypt or
leave blank for now default algorithm. */
$servers[$i]['login_attr'] = 'dn'; /* If you specified 'cookie' or 'session' as the auth_type above,
you can optionally specify here an attribute
to use when logging in. If you enter 'uid'
and login as 'dsmith', phpLDAPadmin will
search for (uid=dsmith) and log in as that user. Leave
blank or specify 'dn' to use full DN for
logging in. Note also that if your LDAP server requires
you to login to perform searches, you can enter
the DN to use when searching in 'login_dn' and
'login_pass' above. You may also specify 'string', in which case
you can provide a string to use for logging users
in. See 'login_string' directly below. */
$servers[$i]['login_string'] = 'uid=<username>,ou=People,dc=example,dc=com';
/* If you specified 'cookie' or 'session' as the auth_type above,
and you specified 'string' for 'login_attr' above, you must provide
a string here for logging users in. If, for example, I
I have a lot of user entries with DNs like
"uid=dsmith,ou=People,dc=example,dc=com", then I can specify a string
"uid=<username>,ou=People,dc=example,dc=com" and my users can login with
their user names alone, i.e., "dsmith" in this case. */
$servers[$i]['login_class'] = ''; /* If 'login_attr' is used above such that phpLDAPadmin will
search for your DN at login, you may restrict the search to
a specific objectClass. E.g., set this to 'posixAccount' or
'inetOrgPerson', depending upon your setup. */
$servers[$i]['read_only'] = false; /* Specify true If you want phpLDAPadmin to not
display or permit any modification to the
LDAP server. */
$servers[$i]['show_create'] = true; /* Specify false if you do not want phpLDAPadmin to
draw the 'Create new' links in the tree viewer. */
$servers[$i]['enable_auto_uid_numbers'] = false;
/* This feature allows phpLDAPadmin to
automatically determine the next
available uidNumber for a new entry. */
$servers[$i]['auto_uid_number_mechanism'] = 'search';
/* The mechanism to use when finding the next available uidNumber.
Two possible values: 'uidpool' or 'search'. The 'uidpool'
mechanism uses an existing uidPool entry in your LDAP server
to blindly lookup the next available uidNumber. The 'search'
mechanism searches for entries with a uidNumber value and finds
the first available uidNumber (slower). */
$servers[$i]['auto_uid_number_search_base'] = 'ou=People,dc=example,dc=com';
/* The DN of the search base when the 'search'
mechanism is used above. */
$servers[$i]['auto_uid_number_min'] = 1000;
/* The minimum number to use when searching for the next
available UID number (only when 'search' is used for
auto_uid_number_mechanism' */
$servers[$i]['auto_uid_number_uid_pool_dn'] = 'cn=uidPool,dc=example,dc=com';
/* The DN of the uidPool entry when 'uidpool'
mechanism is used above. */
$servers[$i]['auto_uid_number_search_dn'] = '';
/* If you set this, then phpldapadmin will bind to LDAP with this user
ID when searching for the uidnumber. The idea is, this user id would
have full (readonly) access to uidnumber in your ldap directory (the
logged in user may not), so that you can be guaranteed to get a unique
uidnumber for your directory. */
$servers[$i]['auto_uid_number_search_dn_pass'] = '';
/* The password for the dn above. */
$servers[$i]['disable_anon_bind'] = false;
/* Disable the anonymous login. */
$servers[$i]['custom_pages_prefix'] = 'custom_';
/* Use customized page with prefix when available. */
$servers[$i]['unique_attrs_dn'] = '';
/* If you set this, then phpldapadmin will bind to LDAP with this user
when testing for unique attributes (as set in unique_attrs array). If you
want to enforce unique attributes, than this id should have full (readonly)
access to the attributes in question (the logged in user may not have
enough access) */
$servers[$i]['unique_attrs_dn_pass'] = '';
/* The password for the dn above */
// If you want to configure additional LDAP servers, do so below.
$i++;
$servers[$i]['name'] = 'Another server';
$servers[$i]['host'] = '';
$servers[$i]['base'] = 'dc=example,dc=com';
$servers[$i]['port'] = 389;
$servers[$i]['auth_type'] = 'config';
$servers[$i]['login_dn'] = '';
$servers[$i]['login_pass'] = '';
$servers[$i]['tls'] = false;
$servers[$i]['low_bandwidth'] = false;
$servers[$i]['default_hash'] = 'crypt';
$servers[$i]['login_attr'] = 'dn';
$servers[$i]['login_class'] = '';
$servers[$i]['read_only'] = false;
$servers[$i]['show_create'] = true;
$servers[$i]['enable_auto_uid_numbers'] = false;
$servers[$i]['auto_uid_number_mechanism'] = 'search';
$servers[$i]['auto_uid_number_search_base'] = 'ou=People,dc=example,dc=com';
$servers[$i]['auto_uid_number_min'] = 1000;
$servers[$i]['auto_uid_number_uid_pool_dn'] = 'cn=uidPool,dc=example,dc=com';
// If you want to configure more LDAP servers, copy and paste the above (including the "$i++;")
// The temporary storage directory where we will put jpegPhoto data
// This directory must be readable and writable by your web server
$jpeg_temp_dir = "/tmp"; // Example for Unix systems
//$jpeg_temp_dir = "c:\\temp"; // Example for Windows systems
/** **/
/** Appearance and Behavior **/
/** **/
// Set this to true if you want to hide the Request New Feature and Report bugs.
$hide_configuration_management = false;
// A format string used to display enties in the tree viewer (left-hand side)
// You can use special tokens to draw the entries as you wish. You can even mix in HTML to format the string
// Here are all the tokens you can use:
// %rdn - draw the RDN of the entry (ie, "cn=Dave")
// %dn - draw the DN of the entry (ie, "cn=Dave,ou=People,dc=example,dc=com"
// %rdnValue - draw the value of the RDN (ie, instead of "cn=Dave", just draw "Dave")
// %[attrname]- draw the value (or values) of the specified attribute.
// examle: %gidNumber
$tree_display_format = '%rdn';
//
// Examples:
//
// To draw the gidNumber and uidNumber to the right of the RDN in a small, gray font:
//$tree_display_format = '%rdn <small style="color:gray">( %gidNumber / %uidNumber )</span>';
// To draw the full DN of each entry:
//$tree_display_format = '%dn';
// To draw the objectClasses to the right in parenthesis:
//$tree_display_format = '%rdn <small style="color: gray">( %objectClass )</small>';
// To draw the user-friendly RDN value (ie, instead of "cn=Dave", just draw "Dave"):
//$tree_display_format = '%rdnValue';
// Aliases and Referrrals
//
// Similar to ldapsearh's -a option, the following options allow you to configure
// how phpLDAPadmin will treat aliases and referrals in the LDAP tree.
// For the following four settings, avaialable options include:
//
// LDAP_DEREF_NEVER - aliases are never dereferenced (eg, the contents of
// the alias itself are shown and not the referenced entry).
// LDAP_DEREF_SEARCHING - aliases should be dereferenced during the search but
// not when locating the base object of the search.
// LDAP_DEREF_FINDING - aliases should be dereferenced when locating the base
// object but not during the search.
// LDAP_DEREF_ALWAYS - aliases should be dereferenced always (eg, the contents
// of the referenced entry is shown and not the aliasing entry)
// How to handle references and aliases in the search form. See above for options.
$search_deref = LDAP_DEREF_ALWAYS;
// How to handle references and aliases in the tree viewer. See above for options.
$tree_deref = LDAP_DEREF_NEVER;
// How to handle references and aliases for exports. See above for options.
$export_deref = LDAP_DEREF_NEVER;
// How to handle references and aliases when viewing entries. See above for options.
$view_deref = LDAP_DEREF_NEVER;
// The language setting. If you set this to 'auto', phpLDAPadmin will
// attempt to determine your language automatically. Otherwise, available
// lanaguages are: 'ct', 'de', 'en', 'es', 'fr', 'it', 'nl', and 'ru'
// Localization is not complete yet, but most strings have been translated.
// Please help by writing language files. See lang/en.php for an example.
$language = 'auto';
// Set to true if you want to draw a checkbox next to each entry in the tree viewer
// to be able to delete multiple entries at once
$enable_mass_delete = false;
// Set to true if you want LDAP data to be displayed read-only (without input fields)
// when a user logs in to a server anonymously
$anonymous_bind_implies_read_only = true;
// Set to true if you want phpLDAPadmin to redirect anonymous
// users to a search form with no tree viewer on the left after
// logging in.
$anonymous_bind_redirect_no_tree = false;
// If you used auth_type 'form' in the servers list, you can adjust how long the cookie will last
// (default is 0 seconds, which expires when you close the browser)
$cookie_time = 0; // seconds
// How many pixels wide do you want your left frame view (for the tree browser)
$tree_width = 320; // pixels
// How long to keep jpegPhoto temporary files in the jpeg_temp_dir directory (in seconds)
$jpeg_tmp_keep_time = 120; // seconds
// Would you like to see helpful hint text occacsionally?
$show_hints = true; // set to false to disable hints
// When using the search page, limit result size to this many entries
$search_result_size_limit = 50;
// By default, when searching you may display a list or a table of results.
// Set this to 'table' to see table formatted results.
// Set this to 'list' to see "Google" style formatted search results.
$default_search_display = 'list';
// If true, display all password hash values as "******". Note that clear-text
// passwords will always be displayed as "******", regardless of this setting.
$obfuscate_password_display = false;
/** **/
/** Simple Search Form Config **/
/** **/
// Which attributes to include in the drop-down menu of the simple search form (comma-separated)
// Change this to suit your needs for convenient searching. Be sure to change the corresponding
// list below ($search_attributes_display)
$search_attributes = "uid, cn, gidNumber, objectClass, telephoneNumber, mail, street";
// This list corresponds to the list directly above. If you want to present more readable names
// for your search attributes, do so here. Both lists must have the same number of entries.
$search_attributes_display = "User Name, Common Name, Group ID, Object Class, Phone Number, Email, Address";
// The list of attributes to display in each search result entry.
// Note that you can add * to the list to display all attributes
$search_result_attributes = "cn, sn, uid, postalAddress, telephoneNumber";
// You can re-arrange the order of the search criteria on the simple search form by modifying this array
// You cannot however change the names of the criteria. Criteria names will be translated at run-time.
$search_criteria_options = array( "equals", "starts with", "contains", "ends with", "sounds like" );
// If you want certain attributes to be editable as multi-line, include them in this list
// A multi-line textarea will be drawn instead of a single-line text field
$multi_line_attributes = array( "postalAddress", "homePostalAddress", "personalSignature" );
// A list of syntax OIDs which support multi-line attribute values:
$multi_line_syntax_oids = array(
// octet string syntax OID:
"1.3.6.1.4.1.1466.115.121.1.40",
// postal address syntax OID:
"1.3.6.1.4.1.1466.115.121.1.41" );
/** **/
/** User-friendly attribute translation **/
/** **/
$friendly_attrs = array();
// Use this array to map attribute names to user friendly names. For example, if you
// don't want to see "facsimileTelephoneNumber" but rather "Fax".
$friendly_attrs[ 'facsimileTelephoneNumber' ] = 'Fax';
$friendly_attrs[ 'telephoneNumber' ] = 'Phone';
/** **/
/** Hidden attributes **/
/** **/
// You may want to hide certain attributes from being displayed in the editor screen
// Do this by adding the desired attributes to this list (and uncomment it). This
// only affects the editor screen. Attributes will still be visible in the schema
// browser and elsewhere. An example is provided below:
// NOTE: The user must be able to read the hidden_except_dn entry to be excluded.
//$hidden_attrs = array( 'jpegPhoto', 'objectClass' );
//$hidden_except_dn = "cn=PLA UnHide,ou=Groups,c=AU";
// Hidden attributes in read-only mode. If undefined, it will be equal to $hidden_attrs.
//$hidden_attrs_ro = array( 'objectClass','shadowWarning', 'shadowLastChange', 'shadowMax',
// 'shadowFlag', 'shadowInactive', 'shadowMin', 'shadowExpire' );
/** **/
/** Read-only attributes **/
/** **/
// You may want to phpLDAPadmin to display certain attributes as read only, meaning
// that users will not be presented a form for modifying those attributes, and they
// will not be allowed to be modified on the "back-end" either. You may configure
// this list here:
// NOTE: The user must be able to read the read_only_except_dn entry to be excluded.
//$read_only_attrs = array( 'objectClass' );
//$read_only_except_dn = "cn=PLA ReadWrite,ou=Groups,c=AU";
// An example of how to specify multiple read-only attributes:
// $read_only_attrs = array( 'jpegPhoto', 'objectClass', 'someAttribute' );
/** **/
/** Unique attributes **/
/** **/
// You may want phpLDAPadmin to enforce some attributes to have unique values (ie:
// not belong to other entries in your tree. This (together with "unique_attrs_dn"
// and "unique_attrs_dn_pass" option will not let updates to occur with other attributes
// have the same value.
// NOTE: Currently the unique_attrs is NOT enforced when copying a dn. (Need to present a user with
// the option of changing the unique attributes.
//$unique_attrs = array('uid','uidNumber','mail');
/** **/
/** Predefined Queries (canned views) **/
/** **/
// To make searching easier, you may setup predefined queries below (activate the lines by removing "//")
$q=0;
$queries = array();
$queries[$q]['name'] = 'Samba Users'; /* The name that will appear in the simple search form */
$queries[$q]['server'] = '0'; /* The ldap server to query, must be defined in the $servers list above */
$queries[$q]['base'] = 'dc=example,dc=com'; /* The base to search on */
$queries[$q]['scope'] = 'sub'; /* The search scope (sub, base, one) */
$queries[$q]['filter'] = '(&(|(objectClass=sambaAccount)(objectClass=sambaSamAccount))(objectClass=posixAccount)(!(uid=*$)))';
/* The LDAP filter to use */
$queries[$q]['attributes'] = 'uid, smbHome, uidNumber';
/* The attributes to return */
// Add more pre-defined queries by copying the text below
$q++;
$queries[$q]['name'] = 'Samba Computers';
$queries[$q]['server'] = '0';
$queries[$q]['base'] = 'dc=example,dc=com';
$queries[$q]['scope'] = 'sub';
$queries[$q]['filter'] = '(&(objectClass=sambaAccount)(uid=*$))';
$queries[$q]['attributes'] = 'uid, homeDirectory';
?>
|
