[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Debian-sf-devel] Re: [Debian-sf-users] how to configure ldap password?
From: |
Christian BAYLE |
Subject: |
[Debian-sf-devel] Re: [Debian-sf-users] how to configure ldap password? |
Date: |
Thu, 21 Mar 2002 09:44:54 +0100 |
Here is my working installed laptop config, i develop the package with
Soon-Son Kwon wrote:
>
> Can anyone please send me a working copy of
> slapd.conf and local.inc after installing sourceforge correctly?
> (The up-to-date version is preferred of course. :-))
>
> The default slapd/sourceforge combination seems to have
> some configuration problem and I want to root cause it.
>
> Thanks very much....
>
local.inc
===============================================================================
<?php
// SourceForge Universal Site Modifications
// by David HM Spector <address@hidden>
//
// Really Important Safety Tip: --> DO NOT LEAVE ANY WHITE
// SPACE AFTER THE CLOSING PHP TAG AT THE END OF THIS FILE!
//
// Doing so will really confuse the software and cause
// 1) cookies to fail and 2) HTML page headers to fail
// which will give you some preally hard-to-debug problems.
// Why? PHP is a *pre-processor* -- anything that's not PHP gets
// emitted as part of the HTML stream and processed by the browser,
// so white space is meaningful!
//
//
// PART I - SourceForge hostnames
//
// Hostnames should be fully qualified domain names (FQDNs); using short
names
// would be prettier but would stop you from distributing your
SourceForge
// implementation across multiple domains.
//
// Of course, if you have a lot of machines serving a particular purpose
// such as FTP or for shell accounts, the "hostname" here might be in
// reality an addr_list of machines that is serviced by a round-robin
// mechanism or something fancy like a local-director.
//
// The default SourceForge domain
// this is used where ever the "naked" form of the SourceForge domain
// might be used. E.g., "mailto:address@hidden"
$sys_default_domain = "g-tt.rd.francetelecom.fr";
// Machine that hosts CVS
$sys_cvs_host = "cvs.g-tt.rd.francetelecom.fr";
// Machine used for downloading sources/packages
$sys_download_host = "download.g-tt.rd.francetelecom.fr";
// Machine used for downloading sources/packages
$sys_upload_host = "upload.g-tt.rd.francetelecom.fr";
// Machine(s) that host users' shell accounts
// N.B. to the SourceForge Crew: What's the difference between the user
// host and the shell host? They are clearly two different hostnames
// in the source code, but they seem to serve the same purpose..?
$sys_shell_host = "g-tt.rd.francetelecom.fr";
$sys_users_host = "g-tt.rd.francetelecom.fr";
// Machine that hosts docs (such as the FAQs and the various software
// licenses (*BSD, [L]GPL, etc.). You REALLY want this to be the same
// machine that the SourceForge code is running on because all of the
// PHP makes reference to these documents in terms of relative paths
that
// are part of the SourceForge code tree.
$sys_docs_host = "g-tt.rd.francetelecom.fr";
// Machine that hosts the SourceForge mailing lists (This could also be
// the mail host if you have enough horsepower & bandwidth)
$sys_lists_host = "lists.g-tt.rd.francetelecom.fr";
// Domain Name Servers
// N.B.: Use terminated FQDNs here (with the final ".") so the
resolver
// doesn't attempt to recurse in the case of a slightly broken DNS
// configuration
$sys_dns1_host = "ns1.g-tt.rd.francetelecom.fr";
$sys_dns2_host = "ns2.g-tt.rd.francetelecom.fr";
// Part II - Databases, html/php/other paths
if (getenv ('SERVER_SOFTWARE')) { // We're on the web
$sys_dbhost=getenv('sys_dbhost');
$sys_dbname=getenv('sys_dbname');
$sys_dbuser=getenv('sys_dbuser');
$sys_dbpasswd=getenv('sys_dbpasswd');
$sys_ldap_passwd=getenv('sys_ldap_passwd');
} else {
require ('/etc/sourceforge/database.inc');
}
//whether or not to use replication
//$sys_db_use_replication=false;
//$sys_dbreadhost='localhost';
//$sys_dbreaddb='stats';
//$sys_server="pgsql";
//
// LDAP configuration
//
// enable ldap use altogether
$sys_use_ldap=1;
$sys_ldap_host="g-tt.rd.francetelecom.fr";
$sys_ldap_port=389;
// this is dn under which all information stored
$sys_ldap_base_dn="dc=g-tt,dc=rd,dc=francetelecom,dc=fr";
// and this, how we do access it (add permission required)
$sys_ldap_bind_dn="cn=SF_robot,dc=g-tt,dc=rd,dc=francetelecom,dc=fr";
// admin dn - login dn which has permissions to delete entries
// NOT used by web code, only by support utilities
// note that password NOT stored here
$sys_ldap_admin_dn="cn=admin,dc=g-tt,dc=rd,dc=francetelecom,dc=fr";
// If you change something here don't forget to update fileforge
// Where files are placed when uploaded
$FTPINCOMING_DIR =
"/var/lib/sourceforge/chroot/home/users/<USER>/incoming";
// Where the released files are located
$FTPFILES_DIR = "/var/lib/sourceforge/download/<GROUP>";
// groups and homes dir prefix
$homedir_prefix="/var/lib/sourceforge/chroot/home/users";
$groupdir_prefix="/var/lib/sourceforge/chroot/home/groups";
// Where the SourceForge files are placed
// *** IMPORTANT: sys_urlroot *MUST* be an ABSOLUTE FILEYSTEM PATH NAME
// that points to the www directory of the SourceForge
// installation. If you use ANY form of relative path
// you will break the html_image function in
include/html.php
//
$sys_urlroot="/usr/lib/sourceforge/www/";
// Cache location -- this is needed by include/cache.php
// This directory must be world reachable, but writable only by the
web-server
$sf_cache_dir = "/var/cache/sourceforge";
// Name of the system as a whole (needed by various utils and titles)
$sys_name="Sourceforge";
// session cookie settings
//
$sys_session_key = "foobar";
$sys_session_expire = 60 * 60 * 24 * 7;
$sys_session_cypher = MCRYPT_TWOFISH;
// Temporary workaround for libmcrypt if MCRYPT_TWOFISH segfault
//$sys_session_cypher = MCRYPT_TripleDES;
$sys_session_cyphermode = MCRYPT_MODE_ECB;
// username cookie settings
//
$sys_username_cookie_key = "frobaz";
$sys_username_cookie_urlspace = ".g-tt.rd.francetelecom.fr";
$sys_username_cookie_expiration = 60 * 60 * 24 * 7;
$sys_username_cookie_plaintext = true;
$sys_username_cookie_cypher = MCRYPT_BLOWFISH;
$sys_username_cookie_cyphermode = MCRYPT_MODE_ECB;
// Require that user give unique (not yet existent in db) email upon
// registration
$sys_require_unique_email=0;
// Part III - GUI modifications (menu colors, etc.)
// See the top of the file include/html.php, this is where the menu
colors
// and colors used throughout SourceForge are defined.
// Themeing related vars... Some of this needs to change in the session
stuff
// The theme base directory, everything else is handled by
theme_sysinit()
$sys_themeroot=$sys_urlroot."themes/";
// Akamization of images
$sys_images_url="//g-tt.rd.francetelecom.fr/";
// Part IV - Groups
// The SourceForge permission model is based on groups
// certain parts of the site, like news, stats, etc
// are based on special group_id numbers
// group_id #1 is the super-user group of sitewide admins
$sys_news_group = 2;
$sys_stats_group = 3;
// Part V - Stuff added by Debian-SF
$sys_show_banner_1 = 0 ;
$sys_show_banner_2 = 1 ;
// End of customizations -- place nothing after the closing PHP tag!
?>
===============================================================================
slapd.conf
===============================================================================
include /etc/ldap/schema/core.schema #Added by Sourceforge install
include /etc/ldap/schema/cosine.schema #Added by Sourceforge install
include /etc/ldap/schema/inetorgperson.schema #Added by Sourceforge
install
include /etc/ldap/schema/nis.schema #Added by Sourceforge install
include /etc/sourceforge/sourceforge.schema #Added by Sourceforge
install
# This is the main ldapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
# Schema and objectClass definitions
#Comment by Sourceforge install#include /etc/ldap/schema/core.schema
#Comment by Sourceforge install#include /etc/ldap/schema/cosine.schema
#Comment by Sourceforge install#include /etc/ldap/schema/nis.schema
#Comment by Sourceforge install#include
/etc/ldap/schema/inetorgperson.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd.args
# Where to store the replica logs
replogfile /var/lib/ldap/replog
# Read slapd.conf(5) for possible values
loglevel 0
#######################################################################
# ldbm database definitions
#######################################################################
# The backend type, ldbm, is the default standard
database ldbm
# The base of your directory
suffix "dc=g-tt,dc=rd,dc=francetelecom,dc=fr"
# Where the database file are physically stored
directory "/var/lib/ldap"
# Indexing options
index objectClass eq
# Save the time that the entry gets modified
lastmod on
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# Next second line added by Sourceforge install
access to attribute=userPassword
by dn="cn=SF_robot,dc=g-tt,dc=rd,dc=francetelecom,dc=fr" write
by dn="cn=admin,dc=g-tt,dc=rd,dc=francetelecom,dc=fr" write
by anonymous auth
by self write
by * none
# The admin dn has full write access
# Next lines added by Sourceforge install
access to dn=".*,ou=People,dc=g-tt,dc=rd,dc=francetelecom,dc=fr"
by dn="cn=admin,dc=g-tt,dc=rd,dc=francetelecom,dc=fr" write
by dn="cn=SF_robot,dc=g-tt,dc=rd,dc=francetelecom,dc=fr" write
by * read
access to dn="ou=People,dc=g-tt,dc=rd,dc=francetelecom,dc=fr"
by dn="cn=admin,dc=g-tt,dc=rd,dc=francetelecom,dc=fr" write
by dn="cn=SF_robot,dc=g-tt,dc=rd,dc=francetelecom,dc=fr" write
by * read
access to dn="ou=Group,dc=g-tt,dc=rd,dc=francetelecom,dc=fr"
by dn="cn=admin,dc=g-tt,dc=rd,dc=francetelecom,dc=fr" write
by dn="cn=SF_robot,dc=g-tt,dc=rd,dc=francetelecom,dc=fr" write
by * read
access to dn="ou=cvsGroup,dc=g-tt,dc=rd,dc=francetelecom,dc=fr"
by dn="cn=admin,dc=g-tt,dc=rd,dc=francetelecom,dc=fr" write
by dn="cn=SF_robot,dc=g-tt,dc=rd,dc=francetelecom,dc=fr" write
by * read
# End of sourceforge add
access to *
by dn="cn=admin,dc=g-tt,dc=rd,dc=francetelecom,dc=fr" write
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
access to dn=".*,ou=Roaming,o=morsnet"
by dn="cn=admin,dc=g-tt,dc=rd,dc=francetelecom,dc=fr" write
by dnattr=owner write
--
Christian Bayle
===============================================================================
E-mail: address@hidden
- [Debian-sf-devel] Re: [Debian-sf-users] how to configure ldap password?,
Christian BAYLE <=
- [Debian-sf-devel] Re: [Debian-sf-users] how to configure ldap password?, Soon-Son Kwon, 2002/03/23
- Message not available
- Message not available
- [Debian-sf-devel] Re: [Debian-sf-users] how to configure ldap password?, Christian BAYLE, 2002/03/25
- Re: [Debian-sf-devel] Re: [Debian-sf-users] how to configure ldap password?, Soon-Son Kwon, 2002/03/25
- Re: [Debian-sf-devel] Re: [Debian-sf-users] how to configure ldap password?, Roland Mas, 2002/03/25
- Re: [Debian-sf-devel] Re: [Debian-sf-users] how to configure ldap password?, Soon-Son Kwon, 2002/03/25
- Re: [Debian-sf-devel] Re: [Debian-sf-users] how to configure ldap password?, Roland Mas, 2002/03/26