allow to run read/modify as bind user

This commit is contained in:
Roland Gruber 2013-11-01 15:54:49 +00:00
parent 0151736c60
commit 8e33fa4504
6 changed files with 48 additions and 5 deletions

View File

@ -5615,6 +5615,10 @@ Run slapindex to rebuild the index.
the LDAP database. Before your users may change their settings you the LDAP database. Before your users may change their settings you
must allow them to change their LDAP data.</para> must allow them to change their LDAP data.</para>
<para>Hint: The ACLs below are not required if you decide to run all
operations as the LDAP bind user (option "Use for all
operations").</para>
<para>This can be done by adding ACLs to your slapd.conf or <para>This can be done by adding ACLs to your slapd.conf or
slapd.d/cn=config/olcDatabase={1}bdb.ldif which look similar to slapd.d/cn=config/olcDatabase={1}bdb.ldif which look similar to
these:</para> these:</para>
@ -5722,7 +5726,7 @@ Run slapindex to rebuild the index.
</mediaobject> </mediaobject>
</screenshot> </screenshot>
<table> <table border="0">
<title>General options</title> <title>General options</title>
<tgroup cols="2"> <tgroup cols="2">
@ -5730,7 +5734,15 @@ Run slapindex to rebuild the index.
<row> <row>
<entry>Server address</entry> <entry>Server address</entry>
<entry>The address of your LDAP server</entry> <entry>The address of your LDAP server. For LDAP+SSL use
"ldaps://myserver"</entry>
</row>
<row>
<entry>Activate TLS</entry>
<entry>Activates TLS encryption. Please note that this cannot
be combined with LDAP+SSL ("ldaps://").</entry>
</row> </row>
<row> <row>
@ -5740,6 +5752,13 @@ Run slapindex to rebuild the index.
users</entry> users</entry>
</row> </row>
<row>
<entry>LDAP search attribute</entry>
<entry>Here you can specify if your users can login with user
name + password, email + password or other attributes.</entry>
</row>
<row> <row>
<entry>LDAP user + password</entry> <entry>LDAP user + password</entry>
@ -5750,10 +5769,15 @@ Run slapindex to rebuild the index.
</row> </row>
<row> <row>
<entry>LDAP search attribute</entry> <entry>Use for all operations</entry>
<entry>Here you can specify if your users can login with user <entry>By default LAM will use the credentials of the user
name + password, email + password or other attributes.</entry> that logged in to self service for read/modify operations. If
you select this box then the connection user specified before
will be used instead. Please note that this can be a security
risk because the user requires write access to all users. You
need to make sure that your LAM server is well
protected.</entry>
</row> </row>
<row> <row>

Binary file not shown.

Before

Width:  |  Height:  |  Size: 114 KiB

After

Width:  |  Height:  |  Size: 115 KiB

View File

@ -225,6 +225,8 @@ $helpArray = array (
"Text" => _('This text is placed as label for the password field on the login page. LAM will use "Password" if you do not enter any text.')), "Text" => _('This text is placed as label for the password field on the login page. LAM will use "Password" if you do not enter any text.')),
"512" => array ("Headline" => _("Additional LDAP filter"), "512" => array ("Headline" => _("Additional LDAP filter"),
"Text" => _('Use this to enter an additional LDAP filter (e.g. "(objectClass=passwordSelfReset)") to reduce the number of accounts who may use self service.')), "Text" => _('Use this to enter an additional LDAP filter (e.g. "(objectClass=passwordSelfReset)") to reduce the number of accounts who may use self service.')),
"513" => array ("Headline" => _('Use for all operations'),
"Text" => _('By default all modifications are done as the user that authenticated in self service. If active then LAM will use the connection user for all LDAP modifications and searches.')),
"520" => array ("Headline" => _("Generate random password"), "520" => array ("Headline" => _("Generate random password"),
"Text" => _("This will set a random password and display it on the screen or send it to the user via mail. Please edit your LAM server profile to setup the mail settings.")), "Text" => _("This will set a random password and display it on the screen or send it to the user via mail. Please edit your LAM server profile to setup the mail settings.")),
"550" => array ("Headline" => _("From address"), "550" => array ("Headline" => _("From address"),

View File

@ -250,6 +250,15 @@ class htmlTable extends htmlElement {
} }
} }
/**
* Adds an htmlSpacer with the given width.
*
* @param String $width width (e.g. 10px)
*/
public function addSpace($width) {
$this->addElement(new htmlSpacer($width, null));
}
/** /**
* Prints the HTML code for this element. * Prints the HTML code for this element.
* *

View File

@ -308,6 +308,9 @@ class selfServiceProfile {
/** LDAP password */ /** LDAP password */
public $LDAPPassword; public $LDAPPassword;
/** use bind user also for read/modify operations */
public $useForAllOperations;
/** LDAP search attribute */ /** LDAP search attribute */
public $searchAttribute; public $searchAttribute;
@ -364,6 +367,7 @@ class selfServiceProfile {
$this->LDAPSuffix = "dc=my-domain,dc=com"; $this->LDAPSuffix = "dc=my-domain,dc=com";
$this->LDAPUser = ""; $this->LDAPUser = "";
$this->LDAPPassword = ""; $this->LDAPPassword = "";
$this->useForAllOperations = false;
$this->searchAttribute = "uid"; $this->searchAttribute = "uid";
$this->additionalLDAPFilter = ''; $this->additionalLDAPFilter = '';
$this->httpAuthentication = false; $this->httpAuthentication = false;

View File

@ -354,6 +354,10 @@ function equalWidth(elementIDs) {
maxWidth = jQuery(elementIDs[i]).width(); maxWidth = jQuery(elementIDs[i]).width();
}; };
} }
if (maxWidth < 5) {
// no action if invalid width value (e.g. because of hidden tab)
return;
}
for (var i = 0; i < elementIDs.length; ++i) { for (var i = 0; i < elementIDs.length; ++i) {
jQuery(elementIDs[i]).css({'width': maxWidth - (jQuery(elementIDs[i]).outerWidth() - jQuery(elementIDs[i]).width())}); jQuery(elementIDs[i]).css({'width': maxWidth - (jQuery(elementIDs[i]).outerWidth() - jQuery(elementIDs[i]).width())});
} }