|
29 |
// Can be NULL/unset, in which case a builtin discovery service will be used. |
29 |
// Can be NULL/unset, in which case a builtin discovery service will be used. |
30 |
'discoURL' => NULL, |
30 |
'discoURL' => NULL, |
31 |
), |
31 |
), |
32 |
|
32 |
'univention-negotiate' => array( |
|
|
33 |
'negotiate:Negotiate', |
34 |
'keytab' => '/etc/krb5.keytab', |
35 |
'fallback' => 'univention-ldap', |
36 |
@!@ |
37 |
ldap_user = 'uid=sys-idp-user,cn=users,%s' % configRegistry.get('ldap/base', 'null') |
38 |
if configRegistry.get('saml/idp/ldap/user'): |
39 |
ldap_user = configRegistry.get('saml/idp/ldap/user') |
40 |
password = '' |
41 |
try: |
42 |
password = open('/etc/idp-ldap-user.secret','r').read().strip() |
43 |
except (IOError, OSError): |
44 |
import sys |
45 |
print >> sys.stderr, '/etc/idp-ldap-user.secret could not be read!' |
46 |
print " 'hostname' => '%s.%s'," % (configRegistry['hostname'], configRegistry['domainname']) |
47 |
print " 'base' => '%s'," % (configRegistry['ldap/base'],) |
48 |
print " 'adminUser' => '%s'," % (ldap_user,) |
49 |
print " 'adminPassword' => '%s'," % (password,) |
50 |
print " )," |
51 |
print "" |
52 |
print """ |
33 |
// LDAP authentication source. |
53 |
// LDAP authentication source. |
34 |
'univention-ldap' => array( |
54 |
'univention-ldap' => array( |
35 |
'uldap:uLDAP', |
55 |
'uldap:uLDAP', |
|
43 |
//'hostname' => '127.0.0.1', |
63 |
//'hostname' => '127.0.0.1', |
44 |
// Whether SSL/TLS should be used when contacting the LDAP server. |
64 |
// Whether SSL/TLS should be used when contacting the LDAP server. |
45 |
//'enable_tls' => FALSE, |
65 |
//'enable_tls' => FALSE, |
46 |
|
66 |
""" |
47 |
|
|
|
48 |
@!@ |
49 |
from univention.lib.misc import getLDAPURIs |
67 |
from univention.lib.misc import getLDAPURIs |
50 |
hostname = getLDAPURIs() |
68 |
hostname = getLDAPURIs() |
51 |
|
69 |
|
Lines 61-80
print " 'debug' => %s," % configRegistry.get('saml/idp/ldap/debug', 'FALSE')
|
Link Here
|
---|
|
61 |
print " 'attributes' => array(%s)," % attributes |
79 |
print " 'attributes' => array(%s)," % attributes |
62 |
print " 'search.base' => '%s'," % configRegistry.get('ldap/base', 'null') |
80 |
print " 'search.base' => '%s'," % configRegistry.get('ldap/base', 'null') |
63 |
print " 'search.attributes' => array(%s)," % configRegistry.get('saml/idp/ldap/search_attributes', '\'uid\'') |
81 |
print " 'search.attributes' => array(%s)," % configRegistry.get('saml/idp/ldap/search_attributes', '\'uid\'') |
64 |
|
|
|
65 |
ldap_user = 'uid=sys-idp-user,cn=users,%s' % configRegistry.get('ldap/base', 'null') |
66 |
if configRegistry.get('saml/idp/ldap/user'): |
67 |
ldap_user = configRegistry.get('saml/idp/ldap/user') |
68 |
|
69 |
print " 'search.username' => '%s'," % ldap_user |
82 |
print " 'search.username' => '%s'," % ldap_user |
70 |
|
|
|
71 |
password = '' |
72 |
try: |
73 |
password = open('/etc/idp-ldap-user.secret','r').read().strip() |
74 |
except (IOError, OSError): |
75 |
import sys |
76 |
print >> sys.stderr, '/etc/idp-ldap-user.secret could not be read!' |
77 |
|
78 |
print " 'search.password' => '%s'," % password |
83 |
print " 'search.password' => '%s'," % password |
79 |
@!@ |
84 |
@!@ |
80 |
|
85 |
|