hallo,
ich habe ein bscw server hier und der soll eine ldap anbindung bekommne.
mein system ist fedora core 2 mit dem standart httpd und dem neusten bscw.
mein problem ist, wie kann ich die config_ldap.py richtig einstellen?
mein ldap server ist hier zu erreichen:
-> blade.stg.hdg-viss.net
man hat mir gesagt, das ich dafür kein account brauche.
der source von der config_ldap.py:
# LDAP default data
# hosts
# Map from base-DNs to LDAP-hosts
# For distinguished names, use lower case only and no spaces before
# or behind ','. Portnumbers might be specified as 'host.domain:port'
# (the default LDAP port number is 389).
# You might also use a triple ('host.domain:port', DefaultDN, password)
# for the default binding if an anonymous binding to the LDAP-server
# is not possible (e.g. for seaching DN's).
#
# hosts = {
# The default binding is an anonymous binding:
# 'o=snakeoil,c=de': 'ldap.snakeoil.de',
#
# The default binding is explicitly specified:
# 'o=snakeoil2,c=de': (
# 'ldap.snakeoil.de:389', 'cn=default,o=snakeoil,c=de', 'passwd'),
# }
hosts = {
}
# auto_registration
# DN patterns and Search patterns for auto_registration during login.
# If a user is not registered at BSCW but her DN can be found on an LDAP
# server with one of the patterns listed in auto_registration, then BSCW
# makes an attempt to register the user automatically and assigns
# (binds) the DN to the user object if the registration process succeeds.
# Two patterns are possible here (%s is ubstituted by the login name):
# a pattern that expands to the DN directly or a pair that specifies
# the LDAP server and a search expression. The latter results in a
# 2-step process for the required bindig: At first the DN is looked up
# on the LDAP-server using the default binding. Then a bind is tried
# with the retulting DN (must be unique) and the given password.
#
# auto_registration = (
# # A DN pattern:
# 'cn=%s,o=snakeoil,c=de',
#
# # Two search patterns for binding in a 2-step process:
# ('o=snakeoil2,c=de', '(mail=*%s@*)')
# ('o=snakeoil2,c=de', '(uid=%s)') # LDAP
# ('o=snakeoil2,c=de', '(sAMAccountName=%s)') # MS Active Directory
# )
auto_registration = (
)
# auto_registration_email
# Use auto_registration_email = 'reg_done' if you want the standard
# registration mail sent to an automatically registered user
auto_registration_email = None
# auto_registration_roles
# Define initial roles for automatically registered users.
# The list consists of pairs ('attribute=value', role).
# Note: at the moment the 'attribute=value' string is only looked up
# in the DN (user.ldap_bind) of the user. The LDAP attributes of
# the user are ignored. This might be changed in the future.
auto_registration_roles = [
]
# use_ldap_passwords
#
# defines how BSCW handles users with LDAP binding and local BSCW users
# (without LDAP binding):
#
# - If use_ldap_passwords is 1 then FOR ALL USERS passwords are verified
# against the LDAP-server. Hence an existing user who is not found
# on an LDAP server cannot login to the system anymore.
# - If use_ldap_passwords is 2 then the user password is verified
# against the LDAP-server for users with a LDAP binding or users
# found on an LDAP server. Hence an existing local BSCW user who is
# not found on an LDAP server and who don't have a LDAP binding can
# still login to the system.
# - If use_ldap_passwords is 3 then the user password is verified
# against the LDAP-server only for users that have a LDAP binding
#
# Note: BSCW does password checking by LDAP only if the BSCW server and
# not the HTTP server does authentication, e.g. when cookie
# authentication is enabeled or BSCW gets the HTTP_AUTHORIZATION value).
# Because this is not a very fast way to do authentication, it is
# strongly recommended to configure the HTTP server to do LDAP
# authentication (e.g. via the Apache HTTP server auth_ldap module)
# instead of setting use_ldap_passwords = 1 which requires all users to
# pass LDAP authentication.
#
# Note: If the Apache HTTP Server auth_ldap module is used
# use_ldap_passwords must be set to 3, otherwise the BSCW change
# password action interferes with the auth_ldap modules internal
# password cache.
use_ldap_passwords = 2
# ldap_searches
# A list of member search options (id, pattern) or (id, pattern, rdnlist)
# for the workspace invite member action (op_addmb):
# + id is an unique identifier for the search and must be translated
# in packages/ldap/messages/*/lg_msgconfig.py
#
# + pattern is a LDAP query where '%(query)s' is replaced by the user
# input of the addmb search form
#
# + rdnlist defines an optional filter for a relative DN type, which allows
# to additionally remove query results which do not match the
# given RDN value list
#
# Examples of LDAP queries:
#
# + search subtree of defined base DN(s) for the given query:
# ('mb_search_ldap_uid', 'cn=*%(query)s*'),
# ('mb_search_ldap_uid', '(|(cn=*%(query)s*)(uid=*%(query)s*))'),
# ('mb_search_ldap_uid', '(sAMAccountName=*%(query)s*)'), # MS Active Directory
#
# + search subtree of defined base DN(s) for query 'ou=*%(query)s*'
# and remove results which relative DN of type 'ou' does not match
# the given list ['sales', 'external']:
# ('mb_search_ldap_org', '(ou=*%(query)s*)', ('ou', ['sales', 'extern'])),
ldap_searches = [
('mb_search_ldap_uid', '(|(cn=*%(query)s*)(uid=*%(query)s*))'),
]
# List of alternate class names for persons (users)
person_classes = ['person'] # LDAP class 'person'
#person_classes = ['user'] # MS Active Directory class 'user'
# Attribute translations LDAP (or MS Active Directory) -> BSCW
update_bscw = (
('cn', 'fullname'), # LDAP class 'person'
#('displayname', 'fullname'), # MS Active Directory class 'user'
('o', 'org'), # LDAP class 'person'
('telephonenumber', 'phone'),
('facsimiletelephonenumber', 'fax'),
('homephone', 'homephone'),
('mobile', 'mobile'),
('labeledURI', 'home_url'),
('postaladdress', 'post'), # LDAP 'person' class
)
# Allow BSCW to update user details in LDAP
# If update_bscw_edit is False BSCW will not perform any LDAP
# attribute updates and the action chdetails does not allow to edit
# personal details
update_bscw_edit = True
# Allow BSCW to update user password in LDAP
update_pwd = True
# BSCW user <-> LDAP attribute mapping
# optional filter function:
# if value in 'ldap_attr' is a 2-tuple the filter function tuple[0]
# is applied on all LDAP results for attribute tuple[1]. The filter
# function returns the filtered attribute or None if the attribute should
# be skipped.
# filter function:
#def smtp(v):
# """smtp(mailaddress) -> filtered mailaddress string or None
# """
# if v.startswith('SMTP:'):
# return v[5:]
# return None
ldap_attr = {
# LDAP class 'person'
'user': 'uid',
'fullname': 'cn',
'mailaddress': 'mail',
# MS Active Directory class 'user'
#'user': 'sAMAccountName',
#'fullname': 'displayName',
#'mailaddress': 'userPrincipalName',
#'mailaddress': (smtp, 'proxyAddresses'),
}
# The following stuff is used by op_ldap.py it might not be supported in
# the future
# Supported attributes. They will be displayed in the given order
attributes = (
'cn', 'sn', 'givenname', 'initials', 'title',
'o', 'ou',
'telephonenumber', 'facsimiletelephonenumber',
'homephone', 'mobile',
'labeledURI', 'postaladdress', 'streetaddress',
'mail', 'uid',
'description',
'c', 'st', 'l',
)
# The following attributes are ignored
ignore = ('photo', 'jpegphoto', )
# The following attributes allow multiline textarrays (line separator \n)
textarrays_allowed = ('iattr', )
# The following attributes have faked multiline textarrays (line separator
# is textsep)
textarrays_faked = ('streetaddress', 'description', 'postaladdress', )
textsep = ' $ '
