allow to run read/modify as bind user
This commit is contained in:
parent
0151736c60
commit
8e33fa4504
|
@ -5615,6 +5615,10 @@ Run slapindex to rebuild the index.
|
||||||
the LDAP database. Before your users may change their settings you
|
the LDAP database. Before your users may change their settings you
|
||||||
must allow them to change their LDAP data.</para>
|
must allow them to change their LDAP data.</para>
|
||||||
|
|
||||||
|
<para>Hint: The ACLs below are not required if you decide to run all
|
||||||
|
operations as the LDAP bind user (option "Use for all
|
||||||
|
operations").</para>
|
||||||
|
|
||||||
<para>This can be done by adding ACLs to your slapd.conf or
|
<para>This can be done by adding ACLs to your slapd.conf or
|
||||||
slapd.d/cn=config/olcDatabase={1}bdb.ldif which look similar to
|
slapd.d/cn=config/olcDatabase={1}bdb.ldif which look similar to
|
||||||
these:</para>
|
these:</para>
|
||||||
|
@ -5722,7 +5726,7 @@ Run slapindex to rebuild the index.
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
</screenshot>
|
</screenshot>
|
||||||
|
|
||||||
<table>
|
<table border="0">
|
||||||
<title>General options</title>
|
<title>General options</title>
|
||||||
|
|
||||||
<tgroup cols="2">
|
<tgroup cols="2">
|
||||||
|
@ -5730,7 +5734,15 @@ Run slapindex to rebuild the index.
|
||||||
<row>
|
<row>
|
||||||
<entry>Server address</entry>
|
<entry>Server address</entry>
|
||||||
|
|
||||||
<entry>The address of your LDAP server</entry>
|
<entry>The address of your LDAP server. For LDAP+SSL use
|
||||||
|
"ldaps://myserver"</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Activate TLS</entry>
|
||||||
|
|
||||||
|
<entry>Activates TLS encryption. Please note that this cannot
|
||||||
|
be combined with LDAP+SSL ("ldaps://").</entry>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
|
@ -5740,6 +5752,13 @@ Run slapindex to rebuild the index.
|
||||||
users</entry>
|
users</entry>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>LDAP search attribute</entry>
|
||||||
|
|
||||||
|
<entry>Here you can specify if your users can login with user
|
||||||
|
name + password, email + password or other attributes.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry>LDAP user + password</entry>
|
<entry>LDAP user + password</entry>
|
||||||
|
|
||||||
|
@ -5750,10 +5769,15 @@ Run slapindex to rebuild the index.
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry>LDAP search attribute</entry>
|
<entry>Use for all operations</entry>
|
||||||
|
|
||||||
<entry>Here you can specify if your users can login with user
|
<entry>By default LAM will use the credentials of the user
|
||||||
name + password, email + password or other attributes.</entry>
|
that logged in to self service for read/modify operations. If
|
||||||
|
you select this box then the connection user specified before
|
||||||
|
will be used instead. Please note that this can be a security
|
||||||
|
risk because the user requires write access to all users. You
|
||||||
|
need to make sure that your LAM server is well
|
||||||
|
protected.</entry>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 114 KiB After Width: | Height: | Size: 115 KiB |
|
@ -225,6 +225,8 @@ $helpArray = array (
|
||||||
"Text" => _('This text is placed as label for the password field on the login page. LAM will use "Password" if you do not enter any text.')),
|
"Text" => _('This text is placed as label for the password field on the login page. LAM will use "Password" if you do not enter any text.')),
|
||||||
"512" => array ("Headline" => _("Additional LDAP filter"),
|
"512" => array ("Headline" => _("Additional LDAP filter"),
|
||||||
"Text" => _('Use this to enter an additional LDAP filter (e.g. "(objectClass=passwordSelfReset)") to reduce the number of accounts who may use self service.')),
|
"Text" => _('Use this to enter an additional LDAP filter (e.g. "(objectClass=passwordSelfReset)") to reduce the number of accounts who may use self service.')),
|
||||||
|
"513" => array ("Headline" => _('Use for all operations'),
|
||||||
|
"Text" => _('By default all modifications are done as the user that authenticated in self service. If active then LAM will use the connection user for all LDAP modifications and searches.')),
|
||||||
"520" => array ("Headline" => _("Generate random password"),
|
"520" => array ("Headline" => _("Generate random password"),
|
||||||
"Text" => _("This will set a random password and display it on the screen or send it to the user via mail. Please edit your LAM server profile to setup the mail settings.")),
|
"Text" => _("This will set a random password and display it on the screen or send it to the user via mail. Please edit your LAM server profile to setup the mail settings.")),
|
||||||
"550" => array ("Headline" => _("From address"),
|
"550" => array ("Headline" => _("From address"),
|
||||||
|
|
|
@ -250,6 +250,15 @@ class htmlTable extends htmlElement {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Adds an htmlSpacer with the given width.
|
||||||
|
*
|
||||||
|
* @param String $width width (e.g. 10px)
|
||||||
|
*/
|
||||||
|
public function addSpace($width) {
|
||||||
|
$this->addElement(new htmlSpacer($width, null));
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Prints the HTML code for this element.
|
* Prints the HTML code for this element.
|
||||||
*
|
*
|
||||||
|
|
|
@ -308,6 +308,9 @@ class selfServiceProfile {
|
||||||
/** LDAP password */
|
/** LDAP password */
|
||||||
public $LDAPPassword;
|
public $LDAPPassword;
|
||||||
|
|
||||||
|
/** use bind user also for read/modify operations */
|
||||||
|
public $useForAllOperations;
|
||||||
|
|
||||||
/** LDAP search attribute */
|
/** LDAP search attribute */
|
||||||
public $searchAttribute;
|
public $searchAttribute;
|
||||||
|
|
||||||
|
@ -364,6 +367,7 @@ class selfServiceProfile {
|
||||||
$this->LDAPSuffix = "dc=my-domain,dc=com";
|
$this->LDAPSuffix = "dc=my-domain,dc=com";
|
||||||
$this->LDAPUser = "";
|
$this->LDAPUser = "";
|
||||||
$this->LDAPPassword = "";
|
$this->LDAPPassword = "";
|
||||||
|
$this->useForAllOperations = false;
|
||||||
$this->searchAttribute = "uid";
|
$this->searchAttribute = "uid";
|
||||||
$this->additionalLDAPFilter = '';
|
$this->additionalLDAPFilter = '';
|
||||||
$this->httpAuthentication = false;
|
$this->httpAuthentication = false;
|
||||||
|
|
|
@ -354,6 +354,10 @@ function equalWidth(elementIDs) {
|
||||||
maxWidth = jQuery(elementIDs[i]).width();
|
maxWidth = jQuery(elementIDs[i]).width();
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
if (maxWidth < 5) {
|
||||||
|
// no action if invalid width value (e.g. because of hidden tab)
|
||||||
|
return;
|
||||||
|
}
|
||||||
for (var i = 0; i < elementIDs.length; ++i) {
|
for (var i = 0; i < elementIDs.length; ++i) {
|
||||||
jQuery(elementIDs[i]).css({'width': maxWidth - (jQuery(elementIDs[i]).outerWidth() - jQuery(elementIDs[i]).width())});
|
jQuery(elementIDs[i]).css({'width': maxWidth - (jQuery(elementIDs[i]).outerWidth() - jQuery(elementIDs[i]).width())});
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue