3 commits - pykolab/setup

[Jeroen van Meeuwen]

 pykolab/setup/setup_ldap.py |   23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

New commits:
commit 9d20b49533afad2488078e96e89b686a8b516063
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Thu Aug 2 23:57:03 2012 +0200

    Add size, time and lookthrough limits, and idle timeout for the service account by default

diff --git a/pykolab/setup/setup_ldap.py b/pykolab/setup/setup_ldap.py
index 7c2bcf2..fd17d53 100644
--- a/pykolab/setup/setup_ldap.py
+++ b/pykolab/setup/setup_ldap.py
@@ -367,10 +367,10 @@ ServerAdminPwd = %(admin_pass)s
     attrs['surname'] = "Service"
     attrs['cn'] = "Kolab Service"
     attrs['userPassword'] = _input['kolab_service_pass']
-    attrs['nslookthroughlimit'] = -1
-    attrs['nssizelimit'] = -1
-    attrs['nstimelimit'] = -1
-    attrs['nsidletimeout'] = -1
+    attrs['nslookthroughlimit'] = '-1'
+    attrs['nssizelimit'] = '-1'
+    attrs['nstimelimit'] = '-1'
+    attrs['nsidletimeout'] = '-1'
 
     # Convert our dict to nice syntax for the add-function using modlist-module
     ldif = ldap.modlist.addModlist(attrs)


commit 0686afc5f8bc1c4b01ad359fa82988d63954487e
Merge: 1d6cd67 c68eb41
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Thu Aug 2 16:43:38 2012 +0200

    Merge branch 'master' of ssh://git.kolab.org/git/pykolab



commit 1d6cd67de1f83ac1db4daf37a3c54684db185edd
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Thu Aug 2 16:37:38 2012 +0200

    Make the default installation refuse anonymous binds, but allow a command-line option to allow anonymous binds.
    Add size, search, time and idle limits to the service account

diff --git a/pykolab/setup/setup_ldap.py b/pykolab/setup/setup_ldap.py
index 43ed653..84de47d 100644
--- a/pykolab/setup/setup_ldap.py
+++ b/pykolab/setup/setup_ldap.py
@@ -50,6 +50,14 @@ def cli_options():
             help    = _("Specify FQDN (overriding defaults).")
         )
 
+    ldap_group.add_option(
+            "--allow-anonymous",
+            dest    = "anonymous",
+            action  = "store_true",
+            default = False,
+            help    = _("Allow anonymous binds (default: no).")
+        )
+
 def description():
     return _("Setup LDAP.")
 
@@ -347,6 +355,10 @@ ServerAdminPwd = %(admin_pass)s
     attrs['surname'] = "Service"
     attrs['cn'] = "Kolab Service"
     attrs['userPassword'] = _input['kolab_service_pass']
+    attrs['nslookthroughlimit'] = -1
+    attrs['nssizelimit'] = -1
+    attrs['nstimelimit'] = -1
+    attrs['nsidletimeout'] = -1
 
     # Convert our dict to nice syntax for the add-function using modlist-module
     ldif = ldap.modlist.addModlist(attrs)
@@ -418,11 +430,12 @@ ServerAdminPwd = %(admin_pass)s
     ldif = ldap.modlist.addModlist(attrs)
     auth._auth.ldap.add_s(dn, ldif)
 
-    log.info(_("Disabling anonymous binds"))
-    dn = "cn=config"
-    modlist = []
-    modlist.append((ldap.MOD_REPLACE, "nsslapd-allow-anonymous-access", "off"))
-    auth._auth.ldap.modify_s(dn, modlist)
+    if not conf.anonymous:
+        log.info(_("Disabling anonymous binds"))
+        dn = "cn=config"
+        modlist = []
+        modlist.append((ldap.MOD_REPLACE, "nsslapd-allow-anonymous-access", "off"))
+        auth._auth.ldap.modify_s(dn, modlist)
 
     # TODO: Ensure the uid attribute is unique
     # TODO^2: Consider renaming the general "attribute uniqueness to "uid attribute uniqueness"