3 commits - pykolab/setup
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Fri Aug 3 01:57:34 CEST 2012
pykolab/setup/setup_ldap.py | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
New commits:
commit 9d20b49533afad2488078e96e89b686a8b516063
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Thu Aug 2 23:57:03 2012 +0200
Add size, time and lookthrough limits, and idle timeout for the service account by default
diff --git a/pykolab/setup/setup_ldap.py b/pykolab/setup/setup_ldap.py
index 7c2bcf2..fd17d53 100644
--- a/pykolab/setup/setup_ldap.py
+++ b/pykolab/setup/setup_ldap.py
@@ -367,10 +367,10 @@ ServerAdminPwd = %(admin_pass)s
attrs['surname'] = "Service"
attrs['cn'] = "Kolab Service"
attrs['userPassword'] = _input['kolab_service_pass']
- attrs['nslookthroughlimit'] = -1
- attrs['nssizelimit'] = -1
- attrs['nstimelimit'] = -1
- attrs['nsidletimeout'] = -1
+ attrs['nslookthroughlimit'] = '-1'
+ attrs['nssizelimit'] = '-1'
+ attrs['nstimelimit'] = '-1'
+ attrs['nsidletimeout'] = '-1'
# Convert our dict to nice syntax for the add-function using modlist-module
ldif = ldap.modlist.addModlist(attrs)
commit 0686afc5f8bc1c4b01ad359fa82988d63954487e
Merge: 1d6cd67 c68eb41
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Thu Aug 2 16:43:38 2012 +0200
Merge branch 'master' of ssh://git.kolab.org/git/pykolab
commit 1d6cd67de1f83ac1db4daf37a3c54684db185edd
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Thu Aug 2 16:37:38 2012 +0200
Make the default installation refuse anonymous binds, but allow a command-line option to allow anonymous binds.
Add size, search, time and idle limits to the service account
diff --git a/pykolab/setup/setup_ldap.py b/pykolab/setup/setup_ldap.py
index 43ed653..84de47d 100644
--- a/pykolab/setup/setup_ldap.py
+++ b/pykolab/setup/setup_ldap.py
@@ -50,6 +50,14 @@ def cli_options():
help = _("Specify FQDN (overriding defaults).")
)
+ ldap_group.add_option(
+ "--allow-anonymous",
+ dest = "anonymous",
+ action = "store_true",
+ default = False,
+ help = _("Allow anonymous binds (default: no).")
+ )
+
def description():
return _("Setup LDAP.")
@@ -347,6 +355,10 @@ ServerAdminPwd = %(admin_pass)s
attrs['surname'] = "Service"
attrs['cn'] = "Kolab Service"
attrs['userPassword'] = _input['kolab_service_pass']
+ attrs['nslookthroughlimit'] = -1
+ attrs['nssizelimit'] = -1
+ attrs['nstimelimit'] = -1
+ attrs['nsidletimeout'] = -1
# Convert our dict to nice syntax for the add-function using modlist-module
ldif = ldap.modlist.addModlist(attrs)
@@ -418,11 +430,12 @@ ServerAdminPwd = %(admin_pass)s
ldif = ldap.modlist.addModlist(attrs)
auth._auth.ldap.add_s(dn, ldif)
- log.info(_("Disabling anonymous binds"))
- dn = "cn=config"
- modlist = []
- modlist.append((ldap.MOD_REPLACE, "nsslapd-allow-anonymous-access", "off"))
- auth._auth.ldap.modify_s(dn, modlist)
+ if not conf.anonymous:
+ log.info(_("Disabling anonymous binds"))
+ dn = "cn=config"
+ modlist = []
+ modlist.append((ldap.MOD_REPLACE, "nsslapd-allow-anonymous-access", "off"))
+ auth._auth.ldap.modify_s(dn, modlist)
# TODO: Ensure the uid attribute is unique
# TODO^2: Consider renaming the general "attribute uniqueness to "uid attribute uniqueness"
More information about the commits
mailing list