Mercurial > kallithea

changeset 6457:d0f6bd6190c8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: change default LDAP to LDAPS on port 636 - insecure authentication is kind of pointless This will only change the default value for new systems. Existing installations will keep using whatever value they have in the database.
author Mads Kiilerich <madski@unity3d.com>
date Thu, 28 Jul 2016 16:34:49 +0200
parents 5a5bab2b773c
children d1d9d249846b
files docs/setup.rst kallithea/bin/ldap_sync.conf kallithea/lib/auth_modules/auth_ldap.py
diffstat 3 files changed, 5 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/docs/setup.rst	Sun Jan 22 01:16:52 2017 +0100
+++ b/docs/setup.rst	Thu Jul 28 16:34:49 2016 +0200
@@ -163,7 +163,7 @@
  Host                 = host.example.com
  Account              = <account>
  Password             = <password>
- Connection Security  = LDAPS connection
+ Connection Security  = LDAPS
  Certificate Checks   = DEMAND
 
  Search settings
@@ -457,7 +457,7 @@
     from mod_python import apache
     import ldap
 
-    LDAP_SERVER = "ldap://server.mydomain.com:389"
+    LDAP_SERVER = "ldaps://server.mydomain.com:636"
     LDAP_USER = ""
     LDAP_PASS = ""
     LDAP_ROOT = "dc=mydomain,dc=com"
--- a/kallithea/bin/ldap_sync.conf	Sun Jan 22 01:16:52 2017 +0100
+++ b/kallithea/bin/ldap_sync.conf	Thu Jul 28 16:34:49 2016 +0200
@@ -3,7 +3,7 @@
 api_user = admin
 api_key = XXXXXXXXXXXX
 
-ldap_uri = ldap://ldap.example.com:389
+ldap_uri = ldaps://ldap.example.com:636
 ldap_user = cn=kallithea,dc=example,dc=com
 ldap_key = XXXXXXXXX
 base_dn = dc=example,dc=com
--- a/kallithea/lib/auth_modules/auth_ldap.py	Sun Jan 22 01:16:52 2017 +0100
+++ b/kallithea/lib/auth_modules/auth_ldap.py	Thu Jul 28 16:34:49 2016 +0200
@@ -50,7 +50,7 @@
 class AuthLdap(object):
 
     def __init__(self, server, base_dn, port=None, bind_dn='', bind_pass='',
-                 tls_kind='PLAIN', tls_reqcert='DEMAND', cacertdir=None, ldap_version=3,
+                 tls_kind='LDAPS', tls_reqcert='DEMAND', cacertdir=None, ldap_version=3,
                  ldap_filter='(&(objectClass=user)(!(objectClass=computer)))',
                  search_scope='SUBTREE', attr_login='uid'):
         if ldap is None:
@@ -215,7 +215,7 @@
                 "type": "select",
                 "values": self._tls_kind_values,
                 "description": "TLS Type",
-                "default": 'PLAIN',
+                "default": 'LDAPS',
                 "formname": "Connection Security"
             },
             {