kallithea Changeset - d0f6bd6190c8

Changeset - d0f6bd6190c8

Parent rev.

Child rev.

[Not reviewed]

default

0 3 0

Mads Kiilerich - 9 years ago 2016-07-28 16:34:49
madski@unity3d.com

auth: change default LDAP to LDAPS on port 636 - insecure authentication is kind of pointless

This will only change the default value for new systems. Existing installations
will keep using whatever value they have in the database.

3 files changed with 5 insertions and 5 deletions:

docs/setup.rst

kallithea/bin/ldap_sync.conf

kallithea/lib/auth_modules/auth_ldap.py

0 comments (0 inline, 0 general)

docs/setup.rst

➞

Show inline comments

@@ @@ -160,13 +160,13 @@ Here's a typical LDAP setup:: @@
  Connection settings
  Enable LDAP          = checked
  Host                 = host.example.com
  Account              = <account>
  Password             = <password>
- Connection Security  = LDAPS connection
  Connection Security  = LDAPS
  Certificate Checks   = DEMAND
  Search settings
  Base DN              = CN=users,DC=host,DC=example,DC=org
  LDAP Filter          = (&(objectClass=user)(!(objectClass=computer)))
  LDAP Search Scope    = SUBTREE
@@ @@ -454,13 +454,13 @@ could set the request headers however yo @@
 .. code-block:: python
     from mod_python import apache
     import ldap
-    LDAP_SERVER = "ldap://server.mydomain.com:389"
+    LDAP_SERVER = "ldaps://server.mydomain.com:636"
     LDAP_USER = ""
     LDAP_PASS = ""
     LDAP_ROOT = "dc=mydomain,dc=com"
     LDAP_FILTER = "sAMAccountName=%s"
     LDAP_ATTR_LIST = ['sAMAccountName','givenname','sn','mail']

kallithea/bin/ldap_sync.conf

➞

Show inline comments

 [default]
 api_url = http://kallithea.example.com/_admin/api
 api_user = admin
 api_key = XXXXXXXXXXXX
-ldap_uri = ldap://ldap.example.com:389
+ldap_uri = ldaps://ldap.example.com:636
 ldap_user = cn=kallithea,dc=example,dc=com
 ldap_key = XXXXXXXXX
 base_dn = dc=example,dc=com
 sync_users = True

kallithea/lib/auth_modules/auth_ldap.py

➞

Show inline comments

@@ @@ -47,13 +47,13 @@ except ImportError: @@
     ldap = None
 class AuthLdap(object):
     def __init__(self, server, base_dn, port=None, bind_dn='', bind_pass='',
-                 tls_kind='PLAIN', tls_reqcert='DEMAND', cacertdir=None, ldap_version=3,
+                 tls_kind='LDAPS', tls_reqcert='DEMAND', cacertdir=None, ldap_version=3,
                  ldap_filter='(&(objectClass=user)(!(objectClass=computer)))',
                  search_scope='SUBTREE', attr_login='uid'):
         if ldap is None:
             raise LdapImportError
         self.ldap_version = ldap_version
@@ @@ -212,13 +212,13 @@ class KallitheaAuthPlugin(auth_modules.K @@
+            {
                 "name": "tls_kind",
                 "validator": self.validators.OneOf(self._tls_kind_values),
                 "type": "select",
                 "values": self._tls_kind_values,
                 "description": "TLS Type",
-                "default": 'PLAIN',
+                "default": 'LDAPS',
                 "formname": "Connection Security"
             },
+            {
                 "name": "tls_reqcert",
                 "validator": self.validators.OneOf(self._tls_reqcert_values),
                 "type": "select",

0 comments (0 inline, 0 general)