mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-14 02:42:40 +01:00
Move LDAP config into PHP
Summary: This config section is weak (poorly documented) and inconsistent (keys with "_" instead of "-") but I'm going to keep punting on improving it until after T1536. Test Plan: Loaded, examined LDAP config. Reviewers: btrahan, codeblock Reviewed By: codeblock CC: aran Maniphest Tasks: T2255 Differential Revision: https://secure.phabricator.com/D4322
This commit is contained in:
parent
a5c7286df7
commit
962b432bfb
5 changed files with 80 additions and 10 deletions
|
@ -683,16 +683,16 @@ return array(
|
||||||
'ldap.auth-enabled' => false,
|
'ldap.auth-enabled' => false,
|
||||||
|
|
||||||
// The LDAP server hostname
|
// The LDAP server hostname
|
||||||
'ldap.hostname' => '',
|
'ldap.hostname' => null,
|
||||||
|
|
||||||
// The LDAP server port
|
// The LDAP server port
|
||||||
'ldap.port' => 389,
|
'ldap.port' => 389,
|
||||||
|
|
||||||
// The LDAP base domain name
|
// The LDAP base domain name
|
||||||
'ldap.base_dn' => '',
|
'ldap.base_dn' => null,
|
||||||
|
|
||||||
// The attribute to be regarded as 'username'. Has to be unique
|
// The attribute to be regarded as 'username'. Has to be unique
|
||||||
'ldap.search_attribute' => '',
|
'ldap.search_attribute' => null,
|
||||||
|
|
||||||
// Perform a search to find a user
|
// Perform a search to find a user
|
||||||
// Many LDAP installations do not have the username in the dn, if this is
|
// Many LDAP installations do not have the username in the dn, if this is
|
||||||
|
@ -700,7 +700,7 @@ return array(
|
||||||
'ldap.search-first' => false,
|
'ldap.search-first' => false,
|
||||||
|
|
||||||
// The attribute to search for if you have to search for a user
|
// The attribute to search for if you have to search for a user
|
||||||
'ldap.username-attribute' => '',
|
'ldap.username-attribute' => null,
|
||||||
|
|
||||||
// The attribute(s) to be regarded as 'real name'.
|
// The attribute(s) to be regarded as 'real name'.
|
||||||
// If more then one attribute is supplied the values of the attributes in
|
// If more then one attribute is supplied the values of the attributes in
|
||||||
|
@ -709,7 +709,7 @@ return array(
|
||||||
|
|
||||||
// A domain name to use when authenticating against Active Directory
|
// A domain name to use when authenticating against Active Directory
|
||||||
// (e.g. 'example.com')
|
// (e.g. 'example.com')
|
||||||
'ldap.activedirectory_domain' => '',
|
'ldap.activedirectory_domain' => null,
|
||||||
|
|
||||||
// The LDAP version
|
// The LDAP version
|
||||||
'ldap.version' => 3,
|
'ldap.version' => 3,
|
||||||
|
@ -717,15 +717,15 @@ return array(
|
||||||
// LDAP Referrals Option
|
// LDAP Referrals Option
|
||||||
// Whether referrals should be followed by the client
|
// Whether referrals should be followed by the client
|
||||||
// Should be set to 0 if you use Windows 2003 AD
|
// Should be set to 0 if you use Windows 2003 AD
|
||||||
'ldap.referrals' => 1,
|
'ldap.referrals' => true,
|
||||||
|
|
||||||
// The anonymous user name to use before searching a user.
|
// The anonymous user name to use before searching a user.
|
||||||
// Many LDAP installations require login even before searching a user, set
|
// Many LDAP installations require login even before searching a user, set
|
||||||
// this option to enable it.
|
// this option to enable it.
|
||||||
'ldap.anonymous-user-name' => '',
|
'ldap.anonymous-user-name' => null,
|
||||||
|
|
||||||
// The password of the LDAP anonymous user.
|
// The password of the LDAP anonymous user.
|
||||||
'ldap.anonymous-user-password' => '',
|
'ldap.anonymous-user-password' => null,
|
||||||
|
|
||||||
|
|
||||||
// -- Disqus OAuth ---------------------------------------------------------- //
|
// -- Disqus OAuth ---------------------------------------------------------- //
|
||||||
|
|
|
@ -727,7 +727,7 @@ celerity_register_resource_map(array(
|
||||||
),
|
),
|
||||||
'config-options-css' =>
|
'config-options-css' =>
|
||||||
array(
|
array(
|
||||||
'uri' => '/res/c67b0cbf/rsrc/css/application/config/config-options.css',
|
'uri' => '/res/6f7f64e8/rsrc/css/application/config/config-options.css',
|
||||||
'type' => 'css',
|
'type' => 'css',
|
||||||
'requires' =>
|
'requires' =>
|
||||||
array(
|
array(
|
||||||
|
|
|
@ -874,6 +874,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorJavelinLinter' => 'infrastructure/lint/linter/PhabricatorJavelinLinter.php',
|
'PhabricatorJavelinLinter' => 'infrastructure/lint/linter/PhabricatorJavelinLinter.php',
|
||||||
'PhabricatorJumpNavHandler' => 'applications/search/engine/PhabricatorJumpNavHandler.php',
|
'PhabricatorJumpNavHandler' => 'applications/search/engine/PhabricatorJumpNavHandler.php',
|
||||||
'PhabricatorKeyValueDatabaseCache' => 'applications/cache/PhabricatorKeyValueDatabaseCache.php',
|
'PhabricatorKeyValueDatabaseCache' => 'applications/cache/PhabricatorKeyValueDatabaseCache.php',
|
||||||
|
'PhabricatorLDAPConfigOptions' => 'applications/config/option/PhabricatorLDAPConfigOptions.php',
|
||||||
'PhabricatorLDAPLoginController' => 'applications/auth/controller/PhabricatorLDAPLoginController.php',
|
'PhabricatorLDAPLoginController' => 'applications/auth/controller/PhabricatorLDAPLoginController.php',
|
||||||
'PhabricatorLDAPProvider' => 'applications/auth/ldap/PhabricatorLDAPProvider.php',
|
'PhabricatorLDAPProvider' => 'applications/auth/ldap/PhabricatorLDAPProvider.php',
|
||||||
'PhabricatorLDAPRegistrationController' => 'applications/auth/controller/PhabricatorLDAPRegistrationController.php',
|
'PhabricatorLDAPRegistrationController' => 'applications/auth/controller/PhabricatorLDAPRegistrationController.php',
|
||||||
|
@ -2205,6 +2206,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorInlineSummaryView' => 'AphrontView',
|
'PhabricatorInlineSummaryView' => 'AphrontView',
|
||||||
'PhabricatorJavelinLinter' => 'ArcanistLinter',
|
'PhabricatorJavelinLinter' => 'ArcanistLinter',
|
||||||
'PhabricatorKeyValueDatabaseCache' => 'PhutilKeyValueCache',
|
'PhabricatorKeyValueDatabaseCache' => 'PhutilKeyValueCache',
|
||||||
|
'PhabricatorLDAPConfigOptions' => 'PhabricatorApplicationConfigOptions',
|
||||||
'PhabricatorLDAPLoginController' => 'PhabricatorAuthController',
|
'PhabricatorLDAPLoginController' => 'PhabricatorAuthController',
|
||||||
'PhabricatorLDAPRegistrationController' => 'PhabricatorAuthController',
|
'PhabricatorLDAPRegistrationController' => 'PhabricatorAuthController',
|
||||||
'PhabricatorLDAPUnknownUserException' => 'Exception',
|
'PhabricatorLDAPUnknownUserException' => 'Exception',
|
||||||
|
|
|
@ -46,7 +46,7 @@ abstract class PhabricatorApplicationConfigOptions extends Phobject {
|
||||||
if (!is_array($value)) {
|
if (!is_array($value)) {
|
||||||
throw new PhabricatorConfigValidationException(
|
throw new PhabricatorConfigValidationException(
|
||||||
pht(
|
pht(
|
||||||
"Option '%s' must be a list of strings, but value is not a ".
|
"Option '%s' must be a list of strings, but value is not ".
|
||||||
"an array.",
|
"an array.",
|
||||||
$option->getKey()));
|
$option->getKey()));
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,68 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
final class PhabricatorLDAPConfigOptions
|
||||||
|
extends PhabricatorApplicationConfigOptions {
|
||||||
|
|
||||||
|
public function getName() {
|
||||||
|
return pht("Integration with LDAP");
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getDescription() {
|
||||||
|
return pht("LDAP authentication and integration options.");
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getOptions() {
|
||||||
|
return array(
|
||||||
|
$this->newOption('ldap.auth-enabled', 'bool', false)
|
||||||
|
->setOptions(
|
||||||
|
array(
|
||||||
|
pht("Disable LDAP Authentication"),
|
||||||
|
pht("Enable LDAP Authentication"),
|
||||||
|
))
|
||||||
|
->setDescription(
|
||||||
|
pht('Enable LDAP for authentication and registration.')),
|
||||||
|
$this->newOption('ldap.hostname', 'string', null)
|
||||||
|
->setDescription(pht('LDAP server host name.')),
|
||||||
|
$this->newOption('ldap.port', 'int', 389)
|
||||||
|
->setDescription(pht('LDAP server port.')),
|
||||||
|
$this->newOption('ldap.anonymous-user-name', 'string', null)
|
||||||
|
->setDescription(
|
||||||
|
pht('Username to login to LDAP server with.')),
|
||||||
|
$this->newOption('ldap.anonymous-user-password', 'string', null)
|
||||||
|
->setDescription(
|
||||||
|
pht('Password to login to LDAP server with.')),
|
||||||
|
|
||||||
|
// TODO: I have only a vague understanding of what these options do;
|
||||||
|
// improve the documentation here and provide examples.
|
||||||
|
|
||||||
|
$this->newOption('ldap.base_dn', 'string', null)
|
||||||
|
->setDescription(pht('LDAP base domain name.')),
|
||||||
|
$this->newOption('ldap.search_attribute', 'string', null),
|
||||||
|
$this->newOption('ldap.search-first', 'bool', false)
|
||||||
|
->setOptions(
|
||||||
|
array(
|
||||||
|
pht("Disabled"),
|
||||||
|
pht("Enabled"),
|
||||||
|
)),
|
||||||
|
$this->newOption('ldap.username-attribute', 'string', null),
|
||||||
|
$this->newOption('ldap.real_name_attributes', 'list<string>', array())
|
||||||
|
->setDescription(
|
||||||
|
pht(
|
||||||
|
"Attribute or attributes to use as the user's real name. If ".
|
||||||
|
"multiple attributes are provided, they will be joined with ".
|
||||||
|
"spaces.")),
|
||||||
|
$this->newOption('ldap.activedirectory_domain', 'string', null),
|
||||||
|
$this->newOption('ldap.version', 'int', 3),
|
||||||
|
$this->newOption('ldap.referrals', 'bool', true)
|
||||||
|
->setOptions(
|
||||||
|
array(
|
||||||
|
pht("Do Not Follow Referrals"),
|
||||||
|
pht("Follow Referrals"),
|
||||||
|
))
|
||||||
|
->setDescription(
|
||||||
|
pht("You may need to disable this if you use Windows 2003 ".
|
||||||
|
"Active Directory.")),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in a new issue