comparison MoinMoin/config/multiconfig.py @ 3004:0ae378dc1edf

updated ldap support from 1.5 branch: tls support, configuration defaults, comments/docs (port from 1.6)
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sun, 06 Jan 2008 18:48:58 +0100
parents c678e73b7730
children ca0bf3aefa0f
comparison
equal deleted inserted replaced
3003:f54c41b3b7ce 3004:0ae378dc1edf
328 328
329 language_default = 'en' 329 language_default = 'en'
330 language_ignore_browser = False # ignore browser settings, use language_default 330 language_ignore_browser = False # ignore browser settings, use language_default
331 # or user prefs 331 # or user prefs
332 332
333 # ldap / active directory server URI: 333 # ldap / active directory server URI
334 # use ldaps://server:636 url for ldaps,
335 # use ldap://server for ldap without tls (and set ldap_start_tls to 0),
336 # use ldap://server for ldap with tls (and set ldap_start_tls to 1 or 2).
334 ldap_uri = 'ldap://localhost' 337 ldap_uri = 'ldap://localhost'
335 338
336 # We can either use some fixed user and password for binding to LDAP. 339 # We can either use some fixed user and password for binding to LDAP.
337 # Be careful if you need a % char in those strings - as they are used as 340 # Be careful if you need a % char in those strings - as they are used as
338 # a format string, you have to write %% to get a single % in the end. 341 # a format string, you have to write %% to get a single % in the end.
340 #ldap_binddn = 'cn=admin,dc=example,dc=org' # (OpenLDAP) 343 #ldap_binddn = 'cn=admin,dc=example,dc=org' # (OpenLDAP)
341 #ldap_bindpw = 'secret' 344 #ldap_bindpw = 'secret'
342 # or we can use the username and password we got from the user: 345 # or we can use the username and password we got from the user:
343 #ldap_binddn = '%(username)s@example.org' # DN we use for first bind (AD) 346 #ldap_binddn = '%(username)s@example.org' # DN we use for first bind (AD)
344 #ldap_bindpw = '%(password)s' # password we use for first bind 347 #ldap_bindpw = '%(password)s' # password we use for first bind
348 # or we can bind anonymously (if that is supported by your directory).
349 # In any case, ldap_binddn and ldap_bindpw must be defined.
345 ldap_binddn = '' 350 ldap_binddn = ''
346 ldap_bindpw = '' 351 ldap_bindpw = ''
347 352
348 # base DN we use for searching 353 # base DN we use for searching
349 #ldap_base = 'ou=SOMEUNIT,dc=example,dc=org' 354 #ldap_base = 'ou=SOMEUNIT,dc=example,dc=org'
350 ldap_base = '' 355 ldap_base = ''
351 356
352 # scope of the search we do (2 == ldap.SCOPE_SUBTREE) 357 # scope of the search we do (2 == ldap.SCOPE_SUBTREE)
353 ldap_scope = 2 # we do not want to import ldap for everybody just for that 358 ldap_scope = 2 # we do not want to import ldap for everybody just for that
359
360 # LDAP REFERRALS
361 ldap_referrals = 0 # (0 needed for AD)
354 362
355 # ldap filter used for searching: 363 # ldap filter used for searching:
356 #ldap_filter = '(sAMAccountName=%(username)s)' # (AD) 364 #ldap_filter = '(sAMAccountName=%(username)s)' # (AD)
357 ldap_filter = '(uid=%(username)s)' # (OpenLDAP) 365 ldap_filter = '(uid=%(username)s)' # (OpenLDAP)
358 # you can also do more complex filtering like: 366 # you can also do more complex filtering like:
366 ldap_email_callback = None # called to make up email address 374 ldap_email_callback = None # called to make up email address
367 375
368 ldap_coding = 'utf-8' # coding used for ldap queries and result values 376 ldap_coding = 'utf-8' # coding used for ldap queries and result values
369 ldap_timeout = 10 # how long we wait for the ldap server [s] 377 ldap_timeout = 10 # how long we wait for the ldap server [s]
370 ldap_verbose = True # if True, put lots of LDAP debug info into the log 378 ldap_verbose = True # if True, put lots of LDAP debug info into the log
379
380 # TLS / SSL related defaults
381 ldap_start_tls = 0 # 0 = No, 1 = Try, 2 = Required
382 ldap_tls_cacertdir = ''
383 ldap_tls_cacertfile = ''
384 ldap_tls_certfile = ''
385 ldap_tls_keyfile = ''
386 ldap_tls_require_cert = 0 # 0 == ldap.OPT_X_TLS_NEVER (needed for self-signed certs)
371 387
372 log_reverse_dns_lookups = True # if we do reverse dns lookups for logging hostnames 388 log_reverse_dns_lookups = True # if we do reverse dns lookups for logging hostnames
373 # instead of just IPs 389 # instead of just IPs
374 log_timing = False # update <data_dir>/timing.log? 390 log_timing = False # update <data_dir>/timing.log?
375 391