Univention Bugzilla – Attachment 7427 Details for
Bug 33214
Include negotiate module for kerberos authentication
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
33214.patch (text/plain), 4.40 KB, created by
Florian Best
on 2016-01-25 12:05:04 CET
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Florian Best
Created:
2016-01-25 12:05:04 CET
Size:
4.40 KB
patch
obsolete
>diff --git a/saml/univention-saml/conffiles/etc/apache2/sites-available/univention-saml b/saml/univention-saml/conffiles/etc/apache2/sites-available/univention-saml >index 53a7c52..595ba04 100755 >--- a/saml/univention-saml/conffiles/etc/apache2/sites-available/univention-saml >+++ b/saml/univention-saml/conffiles/etc/apache2/sites-available/univention-saml >@@ -17,6 +17,8 @@ RewriteRule ^/?simplesamlphp/(.*) https://%{SERVER_NAME}/simplesamlphp/$1 [R,L] > @!@ > > <LocationMatch /simplesamlphp/> >+ SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 >+ > # AJAX-Requests via UMC must be possible > Header always set Access-Control-Allow-Origin "*" > SetEnvIf Origin "^https?://" origin=true >diff --git a/saml/univention-saml/conffiles/etc/simplesamlphp/00authsources.php b/saml/univention-saml/conffiles/etc/simplesamlphp/00authsources.php >index d4c52b3..0d64984 100755 >--- a/saml/univention-saml/conffiles/etc/simplesamlphp/00authsources.php >+++ b/saml/univention-saml/conffiles/etc/simplesamlphp/00authsources.php >@@ -29,7 +29,27 @@ $config = array( > // Can be NULL/unset, in which case a builtin discovery service will be used. > 'discoURL' => NULL, > ), >- >+ 'univention-negotiate' => array( >+ 'negotiate:Negotiate', >+ 'keytab' => '/etc/krb5.keytab', >+ 'fallback' => 'univention-ldap', >+@!@ >+ldap_user = 'uid=sys-idp-user,cn=users,%s' % configRegistry.get('ldap/base', 'null') >+if configRegistry.get('saml/idp/ldap/user'): >+ ldap_user = configRegistry.get('saml/idp/ldap/user') >+password = '' >+try: >+ password = open('/etc/idp-ldap-user.secret','r').read().strip() >+except (IOError, OSError): >+ import sys >+ print >> sys.stderr, '/etc/idp-ldap-user.secret could not be read!' >+print " 'hostname' => '%s.%s'," % (configRegistry['hostname'], configRegistry['domainname']) >+print " 'base' => '%s'," % (configRegistry['ldap/base'],) >+print " 'adminUser' => '%s'," % (ldap_user,) >+print " 'adminPassword' => '%s'," % (password,) >+print " )," >+print "" >+print """ > // LDAP authentication source. > 'univention-ldap' => array( > 'uldap:uLDAP', >@@ -43,9 +63,7 @@ $config = array( > //'hostname' => '127.0.0.1', > // Whether SSL/TLS should be used when contacting the LDAP server. > //'enable_tls' => FALSE, >- >- >-@!@ >+""" > from univention.lib.misc import getLDAPURIs > hostname = getLDAPURIs() > >@@ -61,20 +79,7 @@ print " 'debug' => %s," % configRegistry.get('saml/idp/ldap/debug', 'FALSE') > print " 'attributes' => array(%s)," % attributes > print " 'search.base' => '%s'," % configRegistry.get('ldap/base', 'null') > print " 'search.attributes' => array(%s)," % configRegistry.get('saml/idp/ldap/search_attributes', '\'uid\'') >- >-ldap_user = 'uid=sys-idp-user,cn=users,%s' % configRegistry.get('ldap/base', 'null') >-if configRegistry.get('saml/idp/ldap/user'): >- ldap_user = configRegistry.get('saml/idp/ldap/user') >- > print " 'search.username' => '%s'," % ldap_user >- >-password = '' >-try: >- password = open('/etc/idp-ldap-user.secret','r').read().strip() >-except (IOError, OSError): >- import sys >- print >> sys.stderr, '/etc/idp-ldap-user.secret could not be read!' >- > print " 'search.password' => '%s'," % password > @!@ > >diff --git a/saml/univention-saml/conffiles/etc/simplesamlphp/metadata/00_saml20-idp-hosted.php b/saml/univention-saml/conffiles/etc/simplesamlphp/metadata/00_saml20-idp-hosted.php >index 8414f24..2f349f8 100755 >--- a/saml/univention-saml/conffiles/etc/simplesamlphp/metadata/00_saml20-idp-hosted.php >+++ b/saml/univention-saml/conffiles/etc/simplesamlphp/metadata/00_saml20-idp-hosted.php >@@ -26,8 +26,9 @@ print " 'certificate' => '%s'," % configRegistry.get('saml/idp/certificate/certi > * Authentication source to use. Must be one that is configured in > * 'config/authsources.php'. > */ >- //'auth' => 'example-userpass', >- 'auth' => 'univention-ldap', >+@!@ >+print " 'auth' => '%s'," % (configRegistry.get('saml/idp/auth', 'univention-ldap'),) >+@!@ > > /* Uncomment the following to use the uri NameFormat on attributes. */ > /* >diff --git a/saml/univention-saml/debian/univention-saml.postinst b/saml/univention-saml/debian/univention-saml.postinst >index eb2d907..f7d6ea6 100755 >--- a/saml/univention-saml/debian/univention-saml.postinst >+++ b/saml/univention-saml/debian/univention-saml.postinst >@@ -63,6 +63,7 @@ configure) > if [ ! -e /etc/simplesamlphp/metadata/metadata_include.php ]; then > touch /etc/simplesamlphp/metadata/metadata_include.php > fi >+ touch /usr/share/simplesamlphp/modules/negotiate/enable > > chown -R root:samlcgi /etc/simplesamlphp >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7427">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 33214
: 7427