Mercurial > kallithea
changeset 6457:d0f6bd6190c8
auth: change default LDAP to LDAPS on port 636 - insecure authentication is kind of pointless
This will only change the default value for new systems. Existing installations
will keep using whatever value they have in the database.
author | Mads Kiilerich <madski@unity3d.com> |
---|---|
date | Thu, 28 Jul 2016 16:34:49 +0200 |
parents | 5a5bab2b773c |
children | d1d9d249846b |
files | docs/setup.rst kallithea/bin/ldap_sync.conf kallithea/lib/auth_modules/auth_ldap.py |
diffstat | 3 files changed, 5 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/docs/setup.rst Sun Jan 22 01:16:52 2017 +0100 +++ b/docs/setup.rst Thu Jul 28 16:34:49 2016 +0200 @@ -163,7 +163,7 @@ Host = host.example.com Account = <account> Password = <password> - Connection Security = LDAPS connection + Connection Security = LDAPS Certificate Checks = DEMAND Search settings @@ -457,7 +457,7 @@ from mod_python import apache import ldap - LDAP_SERVER = "ldap://server.mydomain.com:389" + LDAP_SERVER = "ldaps://server.mydomain.com:636" LDAP_USER = "" LDAP_PASS = "" LDAP_ROOT = "dc=mydomain,dc=com"
--- a/kallithea/bin/ldap_sync.conf Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/bin/ldap_sync.conf Thu Jul 28 16:34:49 2016 +0200 @@ -3,7 +3,7 @@ api_user = admin api_key = XXXXXXXXXXXX -ldap_uri = ldap://ldap.example.com:389 +ldap_uri = ldaps://ldap.example.com:636 ldap_user = cn=kallithea,dc=example,dc=com ldap_key = XXXXXXXXX base_dn = dc=example,dc=com
--- a/kallithea/lib/auth_modules/auth_ldap.py Sun Jan 22 01:16:52 2017 +0100 +++ b/kallithea/lib/auth_modules/auth_ldap.py Thu Jul 28 16:34:49 2016 +0200 @@ -50,7 +50,7 @@ class AuthLdap(object): def __init__(self, server, base_dn, port=None, bind_dn='', bind_pass='', - tls_kind='PLAIN', tls_reqcert='DEMAND', cacertdir=None, ldap_version=3, + tls_kind='LDAPS', tls_reqcert='DEMAND', cacertdir=None, ldap_version=3, ldap_filter='(&(objectClass=user)(!(objectClass=computer)))', search_scope='SUBTREE', attr_login='uid'): if ldap is None: @@ -215,7 +215,7 @@ "type": "select", "values": self._tls_kind_values, "description": "TLS Type", - "default": 'PLAIN', + "default": 'LDAPS', "formname": "Connection Security" }, {