151
167
# $config->custom->appearance['tree_width'] = 250;
153
169
/*********************************************/
170
/* User-friendly attribute translation */
171
/*********************************************/
173
/* Use this array to map attribute names to user friendly names. For example, if
174
you don't want to see "facsimileTelephoneNumber" but rather "Fax". */
175
// $config->custom->appearance['friendly_attrs'] = array();
176
$config->custom->appearance['friendly_attrs'] = array(
177
'facsimileTelephoneNumber' => 'Fax',
180
'telephoneNumber' => 'Telephone',
181
'uid' => 'User Name',
182
'userPassword' => 'Password'
185
/*********************************************/
186
/* Hidden attributes */
187
/*********************************************/
189
/* You may want to hide certain attributes from being edited. If you want to
190
hide attributes from the user, you should use your LDAP servers ACLs.
191
NOTE: The user must be able to read the hide_attrs_exempt entry to be
193
// $config->custom->appearance['hide_attrs'] = array();
194
# $config->custom->appearance['hide_attrs'] = array('objectClass');
196
/* Members of this list will be exempt from the hidden attributes.*/
197
// $config->custom->appearance['hide_attrs_exempt'] = null;
198
# $config->custom->appearance['hide_attrs_exempt'] = 'cn=PLA UnHide,ou=Groups,c=AU';
200
/*********************************************/
201
/* Read-only attributes */
202
/*********************************************/
204
/* You may want to phpLDAPadmin to display certain attributes as read only,
205
meaning that users will not be presented a form for modifying those
206
attributes, and they will not be allowed to be modified on the "back-end"
207
either. You may configure this list here:
208
NOTE: The user must be able to read the readonly_attrs_exempt entry to be
210
// $config->custom->appearance['readonly_attrs'] = array();
212
/* Members of this list will be exempt from the readonly attributes.*/
213
// $config->custom->appearance['readonly_attrs_exempt'] = null;
214
# $config->custom->appearance['readonly_attrs_exempt'] = 'cn=PLA ReadWrite,ou=Groups,c=AU';
216
/*********************************************/
217
/* Group attributes */
218
/*********************************************/
220
/* Add "modify group members" link to the attribute. */
221
// $config->custom->modify_member['groupattr'] = array('member','uniqueMember','memberUid');
223
/* Configure filter for member search. This only applies to "modify group members" feature */
224
// $config->custom->modify_member['filter'] = '(objectclass=Person)';
226
/* Attribute that is added to the group member attribute. */
227
// $config->custom->modify_member['attr'] = 'dn';
229
/* For Posix attributes */
230
// $config->custom->modify_member['posixattr'] = 'uid';
231
// $config->custom->modify_member['posixfilter'] = '(uid=*)';
232
// $config->custom->modify_member['posixgroupattr'] = 'memberUid';
234
/*********************************************/
235
/* Support for attrs display order */
236
/*********************************************/
238
/* Use this array if you want to have your attributes displayed in a specific
239
order. You can use default attribute names or their fridenly names.
240
For example, "sn" will be displayed right after "givenName". All the other
241
attributes that are not specified in this array will be displayed after in
242
alphabetical order. */
243
// $config->custom->appearance['attr_display_order'] = array();
244
# $config->custom->appearance['attr_display_order'] = array(
257
/*********************************************/
154
258
/* Define your LDAP servers in this section */
155
259
/*********************************************/
158
$ldapservers = new LDAPServers;
261
$servers = new Datastore();
263
/* $servers->NewServer('ldap_pla') must be called before each new LDAP server
265
$servers->newServer('ldap_pla');
160
267
/* A convenient name that will appear in the tree viewer and throughout
161
268
phpLDAPadmin to identify this LDAP server to users. */
162
$ldapservers->SetValue($i,'server','name','My LDAP Server');
269
$servers->setValue('server','name','My LDAP Server');
165
272
'ldap.example.com',
166
273
'ldaps://ldap.example.com/',
167
274
'ldapi://%2fusr%local%2fvar%2frun%2fldapi'
168
275
(Unix socket at /usr/local/var/run/ldap) */
169
// $ldapservers->SetValue($i,'server','host','127.0.0.1');
276
// $servers->setValue('server','host','127.0.0.1');
171
278
/* The port your LDAP server listens on (no quotes). 389 is standard. */
172
// $ldapservers->SetValue($i,'server','port',389);
279
// $servers->setValue('server','port',389);
174
281
/* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin
175
282
auto-detect it for you. */
176
// $ldapservers->SetValue($i,'server','base',array(''));
283
// $servers->setValue('server','base',array(''));
178
285
/* Four options for auth_type:
179
286
1. 'cookie': you will login via a web form, and a client-side cookie will
278
387
the ldap administrator wants to log in with his root-dn, that does not
279
388
necessarily have the uid attribute.
280
389
When using this feature, login_class is ignored. */
281
// $ldapservers->SetValue($i,'login','fallback_dn',false);
283
/* If you specified 'cookie' or 'session' as the auth_type above, and you
284
specified 'string' for 'login_attr' above, you must provide a string here for
285
logging users in. If, for example, I have a lot of user entries with DNs like
286
"uid=dsmith,ou=People,dc=example,dc=com", then I can specify a string
287
"uid=<username>,ou=People,dc=example,dc=com" and my users can login with
288
their user names alone, ie: "dsmith" in this case. */
289
# $ldapservers->SetValue($i,'login','string','uid=<username>,ou=People,dc=example,dc=com');
291
/* If 'login_attr' is used above such that phpLDAPadmin will search for your DN
292
at login, you may restrict the search to a specific objectClass. EG, set this
293
to 'posixAccount' or 'inetOrgPerson', depending upon your setup. */
294
// $ldapservers->SetValue($i,'login','class',null);
390
// $servers->setValue('login','fallback_dn',false);
296
392
/* Specify true If you want phpLDAPadmin to not display or permit any
297
393
modification to the LDAP server. */
298
// $ldapservers->SetValue($i,'server','read_only',false);
394
// $servers->setValue('server','read_only',false);
300
396
/* Specify false if you do not want phpLDAPadmin to draw the 'Create new' links
301
397
in the tree viewer. */
302
// $ldapservers->SetValue($i,'appearance','show_create',true);
398
// $servers->setValue('appearance','show_create',true);
304
400
/* This feature allows phpLDAPadmin to automatically determine the next
305
401
available uidNumber for a new entry. */
306
// $ldapservers->SetValue($i,'auto_number','enable',true);
402
// $servers->setValue('auto_number','enable',true);
308
404
/* The mechanism to use when finding the next available uidNumber. Two possible
309
405
values: 'uidpool' or 'search'.
311
407
blindly lookup the next available uidNumber. The 'search' mechanism searches
312
408
for entries with a uidNumber value and finds the first available uidNumber
314
// $ldapservers->SetValue($i,'auto_number','mechanism','search');
410
// $servers->setValue('auto_number','mechanism','search');
316
412
/* The DN of the search base when the 'search' mechanism is used above. */
317
# $ldapservers->SetValue($i,'auto_number','search_base','ou=People,dc=example,dc=com');
319
/* The minimum number to use when searching for the next available UID number
320
(only when 'search' is used for auto_uid_number_mechanism' */
321
// $ldapservers->SetValue($i,'auto_number','min',1000);
323
/* The DN of the uidPool entry when 'uidpool' mechanism is used above. */
324
// $ldapservers->SetValue($i,'auto_number','uidpool_dn','cn=uidPool,dc=example,dc=com');
413
# $servers->setValue('auto_number','search_base','ou=People,dc=example,dc=com');
415
/* The minimum number to use when searching for the next available number
416
(only when 'search' is used for auto_number */
417
// $servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500));
326
419
/* If you set this, then phpldapadmin will bind to LDAP with this user ID when
327
420
searching for the uidnumber. The idea is, this user id would have full
328
421
(readonly) access to uidnumber in your ldap directory (the logged in user
329
422
may not), so that you can be guaranteed to get a unique uidnumber for your
331
// $ldapservers->SetValue($i,'auto_number','dn',null);
424
// $servers->setValue('auto_number','dn',null);
333
426
/* The password for the dn above. */
334
// $ldapservers->SetValue($i,'auto_number','pass',null);
427
// $servers->setValue('auto_number','pass',null);
336
429
/* Enable anonymous bind login. */
337
// $ldapservers->SetValue($i,'login','anon_bind',true);
430
// $servers->setValue('login','anon_bind',true);
339
432
/* Use customized page with prefix when available. */
340
# $ldapservers->SetValue($i,'custom','pages_prefix','custom_');
342
/* If you set this, then phpldapadmin will bind to LDAP with this user when
343
testing for unique attributes (as set in unique_attrs array). If you want to
344
enforce unique attributes, than this id should have full (readonly) access
345
to the attributes in question (the logged in user may not have enough access)
347
// $ldapservers->SetValue($i,'unique_attrs','dn',null);
349
/* The password for the dn above */
350
// $ldapservers->SetValue($i,'unique_attrs','pass',null);
433
# $servers->setValue('custom','pages_prefix','custom_');
352
435
/* If you set this, then only these DNs are allowed to log in. This array can
353
436
contain individual users, groups or ldap search filter(s). Keep in mind that
354
437
the user has not authenticated yet, so this will be an anonymous search to
355
438
the LDAP server, so make your ACLs allow these searches to return results! */
356
# $ldapservers->SetValue($i,'login','allowed_dns',array(
439
# $servers->setValue('login','allowed_dns',array(
357
440
# 'uid=stran,ou=People,dc=example,dc=com',
358
441
# '(&(gidNumber=811)(objectClass=groupOfNames))',
359
442
# '(|(uidNumber=200)(uidNumber=201))',
360
443
# 'cn=callcenter,ou=Group,dc=example,dc=com'));
362
445
/* Set this if you dont want this LDAP server to show in the tree */
363
// $ldapservers->SetValue($i,'appearance','visible',true);
446
// $servers->setValue('server','visible',true);
365
448
/* This is the time out value in minutes for the server. After as many minutes
366
449
of inactivity you will be automatically logged out. If not set, the default
367
450
value will be ( session_cache_expire()-1 ) */
368
# $ldapservers->SetValue($i,'login','timeout',30);
451
# $servers->setValue('login','timeout',30);
370
453
/* Set this if you want phpldapadmin to perform rename operation on entry which
371
454
has children. Certain servers are known to allow it, certain are not */
372
// $ldapservers->SetValue($i,'server','branch_rename',false);
455
// $servers->setValue('server','branch_rename',false);
374
457
/* If you set this, then phpldapadmin will show these attributes as
375
458
internal attributes, even if they are not defined in your schema. */
376
// $ldapservers->SetValue($i,'server','custom_sys_attrs',array(''));
377
# $ldapservers->SetValue($i,'server','custom_sys_attrs',array('passwordExpirationTime','passwordAllowChangeTime'));
459
// $servers->setValue('server','custom_sys_attrs',array(''));
460
# $servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','passwordAllowChangeTime'));
379
462
/* If you set this, then phpldapadmin will show these attributes on
380
463
objects, even if they are not defined in your schema. */
381
// $ldapservers->SetValue($i,'server','custom_attrs',array(''));
382
# $ldapservers->SetValue($i,'server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock'));
464
// $servers->setValue('server','custom_attrs',array(''));
465
# $servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock'));
384
467
/* These attributes will be forced to MAY attributes and become option in the
385
468
templates. If they are not defined in the templates, then they wont appear
397
499
**************************************************************************/
401
$ldapservers->SetValue($i,'server','name','LDAP Server');
402
$ldapservers->SetValue($i,'server','host','127.0.0.1');
403
$ldapservers->SetValue($i,'server','port',389);
404
$ldapservers->SetValue($i,'server','base',array(''));
405
$ldapservers->SetValue($i,'server','auth_type','cookie');
406
$ldapservers->SetValue($i,'login','dn','');
407
$ldapservers->SetValue($i,'login','pass','');
408
$ldapservers->SetValue($i,'server','tls',false);
409
$ldapservers->SetValue($i,'server','low_bandwidth',false);
410
$ldapservers->SetValue($i,'appearance','password_hash','md5');
411
$ldapservers->SetValue($i,'login','attr','dn');
412
$ldapservers->SetValue($i,'login','string',null);
413
$ldapservers->SetValue($i,'login','class',null);
414
$ldapservers->SetValue($i,'server','read_only',false);
415
$ldapservers->SetValue($i,'appearance','show_create',true);
416
$ldapservers->SetValue($i,'auto_number','enable',true);
417
$ldapservers->SetValue($i,'auto_number','mechanism','search');
418
$ldapservers->SetValue($i,'auto_number','search_base',null);
419
$ldapservers->SetValue($i,'auto_number','min',1000);
420
$ldapservers->SetValue($i,'auto_number','dn',null);
421
$ldapservers->SetValue($i,'auto_number','pass',null);
422
$ldapservers->SetValue($i,'login','anon_bind',true);
423
$ldapservers->SetValue($i,'custom','pages_prefix','custom_');
424
$ldapservers->SetValue($i,'unique_attrs','dn',null);
425
$ldapservers->SetValue($i,'unique_attrs','pass',null);
502
$servers->newServer('ldap_pla');
503
$servers->setValue('server','name','LDAP Server');
504
$servers->setValue('server','host','127.0.0.1');
505
$servers->setValue('server','port',389);
506
$servers->setValue('server','base',array(''));
507
$servers->setValue('login','auth_type','cookie');
508
$servers->setValue('login','bind_id','');
509
$servers->setValue('login','bind_pass','');
510
$servers->setValue('server','tls',false);
428
$ldapservers->SetValue($i,'server','sasl_auth',true);
429
$ldapservers->SetValue($i,'server','sasl_mech','PLAIN');
430
$ldapservers->SetValue($i,'server','sasl_realm','EXAMPLE.COM');
431
$ldapservers->SetValue($i,'server','sasl_authz_id',null);
432
$ldapservers->SetValue($i,'server','sasl_authz_id_regex','/^uid=([^,]+)(.+)/i');
433
$ldapservers->SetValue($i,'server','sasl_authz_id_replacement','$1');
434
$ldapservers->SetValue($i,'server','sasl_props',null);
513
$servers->setValue('server','sasl_auth',true);
514
$servers->setValue('server','sasl_mech','PLAIN');
515
$servers->setValue('server','sasl_realm','EXAMPLE.COM');
516
$servers->setValue('server','sasl_authz_id',null);
517
$servers->setValue('server','sasl_authz_id_regex','/^uid=([^,]+)(.+)/i');
518
$servers->setValue('server','sasl_authz_id_replacement','$1');
519
$servers->setValue('server','sasl_props',null);
521
$servers->setValue('appearance','password_hash','md5');
522
$servers->setValue('login','attr','dn');
523
$servers->setValue('login','fallback_dn',false);
524
$servers->setValue('login','class',null);
525
$servers->setValue('server','read_only',false);
526
$servers->setValue('appearance','show_create',true);
528
$servers->setValue('auto_number','enable',true);
529
$servers->setValue('auto_number','mechanism','search');
530
$servers->setValue('auto_number','search_base',null);
531
$servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500));
532
$servers->setValue('auto_number','dn',null);
533
$servers->setValue('auto_number','pass',null);
535
$servers->setValue('login','anon_bind',true);
536
$servers->setValue('custom','pages_prefix','custom_');
537
$servers->setValue('unique','attrs',array('mail','uid','uidNumber'));
538
$servers->setValue('unique','dn',null);
539
$servers->setValue('unique','pass',null);
541
$servers->setValue('server','visible',true);
542
$servers->setValue('login','timeout',30);
543
$servers->setValue('server','branch_rename',false);
544
$servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','passwordAllowChangeTime'));
545
$servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock'));
546
$servers->setValue('force_may','attrs',array('uidNumber','gidNumber','sambaSID'));
437
/*********************************************/
438
/* User-friendly attribute translation */
439
/*********************************************/
441
/* Use this array to map attribute names to user friendly names. For example, if
442
you don't want to see "facsimileTelephoneNumber" but rather "Fax". */
443
$friendly_attrs = array();
445
$friendly_attrs['facsimileTelephoneNumber'] = 'Fax';
446
$friendly_attrs['telephoneNumber'] = 'Phone';
447
$friendly_attrs['uid'] = 'User Name';
449
/*********************************************/
450
/* Support for attrs display order */
451
/*********************************************/
453
/* Use this array if you want to have your attributes displayed in a specific
454
order. You can use default attribute names or their fridenly names.
455
For example, "sn" will be displayed right after "givenName". All the other
456
attributes that are not specified in this array will be displayed after in
457
alphabetical order. */
458
# $attrs_display_order = array(
471
/*********************************************/
472
/* Hidden attributes */
473
/*********************************************/
475
/* You may want to hide certain attributes from being displayed in the editor
476
screen. Do this by adding the desired attributes to this list (and uncomment
477
it). This only affects the editor screen. Attributes will still be visible in
478
the schema browser and elsewhere. An example is provided below:
479
NOTE: The user must be able to read the hidden_except_dn entry to be
481
# $hidden_attrs = array( 'jpegPhoto', 'objectClass' );
482
# $hidden_except_dn = "cn=PLA UnHide,ou=Groups,c=AU";
484
/* Hidden attributes in read-only mode. If undefined, it will be equal to
486
# $hidden_attrs_ro = array(
487
# 'objectClass','shadowWarning', 'shadowLastChange', 'shadowMax',
488
# 'shadowFlag', 'shadowInactive', 'shadowMin', 'shadowExpire');
491
/** Read-only attributes **/
494
/* You may want to phpLDAPadmin to display certain attributes as read only,
495
meaning that users will not be presented a form for modifying those
496
attributes, and they will not be allowed to be modified on the "back-end"
497
either. You may configure this list here:
498
NOTE: The user must be able to read the read_only_except_dn entry to be
500
# $read_only_attrs = array( 'objectClass' );
501
# $read_only_except_dn = "cn=PLA ReadWrite,ou=Groups,c=AU";
503
/* An example of how to specify multiple read-only attributes: */
504
# $read_only_attrs = array( 'jpegPhoto', 'objectClass', 'someAttribute' );
506
/*********************************************/
507
/* Unique attributes */
508
/*********************************************/
510
/* You may want phpLDAPadmin to enforce some attributes to have unique values
511
(ie: not belong to other entries in your tree. This (together with
512
unique_attrs['dn'] and unique_attrs['pass'] option will not let updates to
513
occur with other attributes have the same value.
514
NOTE: Currently the unique_attrs is NOT enforced when copying a dn. (Need to
515
present a user with the option of changing the unique attributes. */
516
# $unique_attrs = array('uid','uidNumber','mail');
518
/*********************************************/
519
/* Group attributes */
520
/*********************************************/
522
/* Add "modify group members" link to the attribute. */
523
// $config->custom->modify_member['groupattr'] = array('member','uniqueMember','memberUid');
525
/* Configure filter for member search. This only applies to "modify group members" feature */
526
// $config->custom->modify_member['filter'] = '(objectclass=Person)';
528
/* Attribute that is added to the group member attribute. */
529
// $config->custom->modify_member['attr'] = 'dn';
531
/*********************************************/
532
/* Predefined Queries (canned views) */
533
/*********************************************/
535
/* To make searching easier, you may setup predefined queries below: */
539
/* The name that will appear in the simple search form */
540
$queries[$q]['name'] = 'User List';
542
/* The base to search on */
543
$queries[$q]['base'] = 'dc=example,dc=com';
545
/* The search scope (sub, base, one) */
546
$queries[$q]['scope'] = 'sub';
548
/* The LDAP filter to use */
549
$queries[$q]['filter'] = '(&(objectClass=posixAccount)(uid=*))';
551
/* The attributes to return */
552
$queries[$q]['attributes'] = 'cn, uid, homeDirectory, telephonenumber, jpegphoto';
554
/* If you want to configure more pre-defined queries, copy and paste the above (including the "$q++;") */
556
$queries[$q]['name'] = 'Samba Users';
557
$queries[$q]['base'] = 'dc=example,dc=com';
558
$queries[$q]['scope'] = 'sub';
559
$queries[$q]['filter'] = '(&(|(objectClass=sambaAccount)(objectClass=sambaSamAccount))(objectClass=posixAccount)(!(uid=*$)))';
560
$queries[$q]['attributes'] = 'uid, smbHome, uidNumber';
563
$queries[$q]['name'] = 'Samba Computers';
564
$queries[$q]['base'] = 'dc=example,dc=com';
565
$queries[$q]['scope'] = 'sub';
566
$queries[$q]['filter'] = '(&(objectClass=sambaAccount)(uid=*$))';
567
$queries[$q]['attributes'] = 'uid, homeDirectory';