kallithea Changeset - d0f6bd6190c8

Changeset - d0f6bd6190c8

Parent rev.

Child rev.

[Not reviewed]

default

0 3 0

Mads Kiilerich - 9 years ago 2016-07-28 16:34:49
madski@unity3d.com

auth: change default LDAP to LDAPS on port 636 - insecure authentication is kind of pointless

This will only change the default value for new systems. Existing installations
will keep using whatever value they have in the database.

3 files changed with 5 insertions and 5 deletions:

docs/setup.rst

kallithea/bin/ldap_sync.conf

kallithea/lib/auth_modules/auth_ldap.py

0 comments (0 inline, 0 general)

docs/setup.rst

➞

Show inline comments

@@ @@ -163,7 +163,7 @@ Here's a typical LDAP setup:: @@
  Host                 = host.example.com
  Account              = <account>
  Password             = <password>
- Connection Security  = LDAPS connection
  Connection Security  = LDAPS
  Certificate Checks   = DEMAND
  Search settings
@@ @@ -457,7 +457,7 @@ could set the request headers however yo @@
     from mod_python import apache
     import ldap
-    LDAP_SERVER = "ldap://server.mydomain.com:389"
+    LDAP_SERVER = "ldaps://server.mydomain.com:636"
     LDAP_USER = ""
     LDAP_PASS = ""
     LDAP_ROOT = "dc=mydomain,dc=com"

kallithea/bin/ldap_sync.conf

➞

Show inline comments

@@ @@ -3,7 +3,7 @@ api_url = http://kallithea.example.com/_ @@
 api_user = admin
 api_key = XXXXXXXXXXXX
-ldap_uri = ldap://ldap.example.com:389
+ldap_uri = ldaps://ldap.example.com:636
 ldap_user = cn=kallithea,dc=example,dc=com
 ldap_key = XXXXXXXXX
 base_dn = dc=example,dc=com

kallithea/lib/auth_modules/auth_ldap.py

➞

Show inline comments

@@ @@ -50,7 +50,7 @@ except ImportError: @@
 class AuthLdap(object):
     def __init__(self, server, base_dn, port=None, bind_dn='', bind_pass='',
-                 tls_kind='PLAIN', tls_reqcert='DEMAND', cacertdir=None, ldap_version=3,
+                 tls_kind='LDAPS', tls_reqcert='DEMAND', cacertdir=None, ldap_version=3,
                  ldap_filter='(&(objectClass=user)(!(objectClass=computer)))',
                  search_scope='SUBTREE', attr_login='uid'):
         if ldap is None:
@@ @@ -215,7 +215,7 @@ class KallitheaAuthPlugin(auth_modules.K @@
                 "type": "select",
                 "values": self._tls_kind_values,
                 "description": "TLS Type",
-                "default": 'PLAIN',
+                "default": 'LDAPS',
                 "formname": "Connection Security"
             },
+            {

0 comments (0 inline, 0 general)