Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1671 → Rev 1672

/alcasar.sh
693,6 → 693,7
$SED "s?^LoadModule speling_module.*?#LoadModule speling_module modules/mod_speling.so?g" /etc/httpd/conf/modules.d/00_base.conf
[ -e /etc/httpd/conf/conf.d/ssl.conf.default ] || cp /etc/httpd/conf/conf.d/ssl.conf /etc/httpd/conf/conf.d/ssl.conf.default
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" /etc/httpd/conf/conf.d/ssl.conf # Listen only on INTIF
$SED "s?^SSLCipherSuite.*SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!DSS?g" /etc/httpd/conf/conf.d/ssl.conf #DSS is no more secured
# Error page management
[ -e /etc/httpd/conf/conf.d/multilang-errordoc.conf.default ] || cp /etc/httpd/conf/conf.d/multilang-errordoc.conf /etc/httpd/conf/conf.d/multilang-errordoc.conf.default
cat <<EOF > /etc/httpd/conf/conf.d/multilang-errordoc.conf
/conf/blacklists.tar.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
/conf/nfsen/GeoLiteCity.dat.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
/conf/nfsen/GeoLiteCityv6.dat.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
/web/acc/admin/ldap.php
4,7 → 4,7
 
/* written by steweb57 */
/****************************************************************
* CONSTANTES AVEC CHEMINS DES FICHIERS DE CONFIGURATION *
* CONSTANTES AVEC CHEMINS DES FICHIERS DE CONFIGURATION *
*****************************************************************/
 
define ("ALCASAR_RADIUS_SITE", "/etc/raddb/sites-available/alcasar");
11,7 → 11,7
define ("ALCASAR_RADIUS_MODULE_LDAP", "/etc/raddb/modules/ldap");
 
/****************************************************************
* Choice of language *
* Choice of language *
*****************************************************************/
 
$Language = 'en';
19,29 → 19,29
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
$Language = strtolower(substr(chop($Langue[0]),0,2)); }
if($Language == 'fr'){
$l_file = "Fichier ";
$l_not_found = " non présent";
$l_file = "Fichier ";
$l_not_found = " non présent";
$l_no_writing_right_on_file = "Vous n'avez pas les droits d'écriture sur le fichier ";
$l_ldap_update_sucess = "Mise à jour des paramètres LDAP réalisée avec succès";
$l_ldap_title = "Authentification externe : LDAP";
$l_ldap_legend = "Authentification LDAP";
$l_ldap_title = "Authentification externe : LDAP";
$l_ldap_legend = "Authentification LDAP";
$l_ldap_auth_enable_label = "Activer l'authentification LDAP:";
$l_ldap_YES = "OUI";
$l_ldap_NO = "NON";
$l_ldap_YES = "OUI";
$l_ldap_NO = "NON";
$l_ldap_server_label = "Nom du serveur LDAP:";
$l_ldap_server_text = "Nom ou IP du serveur LDAP éventuel.";
$l_ldap_server_text = "Nom ou IP du serveur LDAP éventuel.";
$l_ldap_base_dn_label = "DN de la base LDAP:";
$l_ldap_base_dn_text = "DN est le 'Distinguished Name', il situe les informations utilisateurs, exemple: 'o=Mon entreprise, c=FR'.";
$l_ldap_filter_label = "Identifiant LDAP:";
$l_ldap_filter_text = "Clé utilisée pour la recherche d'un identifiant de connexion, exemple: 'uid', 'sn', etc. Pour un AD mettre 'sAMAccountName'.";
$l_ldap_filter_text = "Clé utilisée pour la recherche d'un identifiant de connexion, exemple: 'uid', 'sn', etc. Pour un AD mettre 'sAMAccountName'.";
$l_ldap_base_filter_label = "Filtre de l'utilisateur LDAP:";
$l_ldap_base_filter_text = "Sur option, vous pouvez en plus limiter les objets recherchés avec des filtres additionnels. Par exemple 'objectClass=posixGroup' aurait comme conséquence l'utilisation de '(&amp;(uid=username)(objectClass=posixGroup))'";
$l_ldap_user_label = "Utilisateur LDAP:";
$l_ldap_user_text = "Laissez vide pour utiliser un accès invité. Si renseigné, ALCASAR se connectera au serveur LDAP en tant qu'un utilisateur spécifié, exemple: 'uid=Utilisateur,ou=MonUnité,o=MaCompagnie,c=FR'. Requis pour les serveurs possédant un Active Directory.";
$l_ldap_user_label = "Utilisateur LDAP:";
$l_ldap_user_text = "Laissez vide pour utiliser un accès invité. Si renseigné, ALCASAR se connectera au serveur LDAP en tant qu'un utilisateur spécifié, exemple: 'uid=Utilisateur,ou=MonUnité,o=MaCompagnie,c=FR'. Requis pour les serveurs possédant un Active Directory.";
$l_ldap_password_label = "Mot de passe LDAP:";
$l_ldap_password_text = "Laissez vide pour un accès invité. Sinon, indiquez le mot de passe de connexion. Requis pour les serveurs possédant un Active Directory.";
$l_ldap_submit = "Enregistrer";
$l_ldap_reset = "Annuler";
$l_ldap_submit = "Enregistrer";
$l_ldap_reset = "Annuler";
$l_ldap_test_network_failed = "Pas de connectivité réseau avec le serveur LDAP.";
$l_ldap_test_connection_failed = "Impossible de se connecter au serveur LDAP.";
$l_ldap_test_bind_ok = "Connexion LDAP réussie...";
49,29 → 49,29
$l_ldap_test_dn_ok = "DN semble bon";
$l_ldap_test_dn_failed = "DN semble mauvais";
} else {
$l_file = "File ";
$l_not_found = " not found";
$l_file = "File ";
$l_not_found = " not found";
$l_no_writing_right_on_file = "You have no writting permission on the file ";
$l_ldap_update_sucess = "Successfull LDAP settings update";
$l_ldap_title = "External authentication : LDAP";
$l_ldap_legend = "LDAP authentication";
$l_ldap_title = "External authentication : LDAP";
$l_ldap_legend = "LDAP authentication";
$l_ldap_auth_enable_label = "Use LDAP authentication :";
$l_ldap_YES = "YES";
$l_ldap_NO = "NO";
$l_ldap_YES = "YES";
$l_ldap_NO = "NO";
$l_ldap_server_label = "LDAP server name:";
$l_ldap_server_text = "This is the hostname or IP address of the LDAP server.";
$l_ldap_server_text = "This is the hostname or IP address of the LDAP server.";
$l_ldap_base_dn_label = "LDAP base dn:";
$l_ldap_base_dn_text = "This is the 'Distinguished Name', locating the user information, e.g. 'o=My Company,c=US'.";
$l_ldap_filter_label = "LDAP uid:";
$l_ldap_filter_text = "This is the key under which to search for a given login identity, e.g. 'uid', 'sn', etc.. For AD use 'sAMAccountName'.";
$l_ldap_filter_text = "This is the key under which to search for a given login identity, e.g. 'uid', 'sn', etc.. For AD use 'sAMAccountName'.";
$l_ldap_base_filter_label = "LDAP user filter:";
$l_ldap_base_filter_text = "Optionally you can further limit the searched objects with additional filters. For example 'objectClass=posixGroup' would result in the use of '(&amp;(uid=username)(objectClass=posixGroup))'";
$l_ldap_user_label = "LDAP user dn:";
$l_ldap_user_text = "Leave blank to use anonymous binding. If filled, ALCASAR uses the specified distinguished name on login attempts to find the correct user, e.g. 'uid=Username,ou=MyUnit,o=MyCompany,c=US'. Required for Active Directory Servers.";
$l_ldap_user_label = "LDAP user dn:";
$l_ldap_user_text = "Leave blank to use anonymous binding. If filled, ALCASAR uses the specified distinguished name on login attempts to find the correct user, e.g. 'uid=Username,ou=MyUnit,o=MyCompany,c=US'. Required for Active Directory Servers.";
$l_ldap_password_label = "LDAP password:";
$l_ldap_password_text = "Leave blank to use anonymous binding. Else fill in the password for the above user. Required for Active Directory Servers.";
$l_ldap_submit = "Save";
$l_ldap_reset = "Reset";
$l_ldap_submit = "Save";
$l_ldap_reset = "Reset";
$l_ldap_test_network_failed = "LDAP server is not reachable.";
$l_ldap_test_connection_failed = "LDAP connexion failed...";
$l_ldap_test_bind_ok = "LDAP connexion success...";
138,7 → 138,7
//par défaut : # base_filter = "(objectclass=radiusprofile)"
 
/********************************************************
* Fichier ALCASAR_RADIUS_SITE *
* Fichier ALCASAR_RADIUS_SITE *
*********************************************************/
$site = new siteConfig();
$site->load(ALCASAR_RADIUS_SITE);
145,7 → 145,7
$ldap_on = $site->authorize->ldap;
 
/********************************************************
* Fichier ALCASAR_RADIUS_MODULE_LDAP *
* Fichier ALCASAR_RADIUS_MODULE_LDAP *
*********************************************************/
//Lecture du fichier /etc/raddb/modules/ldap
$ldap = new ldapConfig();
/web/acc/admin/lib/alcasar/freeradius/siteconfig.php
249,10 → 249,10
# is meant to mirror the \"users\" file.
#
# See \"Authorization Queries\" in sql.conf
".$this->_writeModule($this->_sections['authorize']->sql, 'sql')."
".$this->_writeModule($this->_sections['authorize']->noresetcounter, 'noresetcounter')."
".$this->_writeModule($this->_sections['authorize']->dailycounter, 'dailycounter')."
".$this->_writeModule($this->_sections['authorize']->monthlycounter, 'monthlycounter')."
".$this->_writeModule($this->_sections['authorize']->sql, 'sql')."
".$this->_writeModule($this->_sections['authorize']->noresetcounter, 'noresetcounter')."
".$this->_writeModule($this->_sections['authorize']->dailycounter, 'dailycounter')."
".$this->_writeModule($this->_sections['authorize']->monthlycounter, 'monthlycounter')."
#
# If you are using /etc/smbpasswd, and are also doing
# mschap authentication, the un-comment this line, and
262,8 → 262,8
# The ldap module will set Auth-Type to LDAP if it has not
# already been set
".$this->_writeModule($this->_sections['authorize']->ldap, '# ldap {
# fail = 1
# }')."
# fail = 1
# }')."
#
# Enforce daily limits on time spent logged in.
".$this->_writeModule($this->_sections['authorize']->daily, '# daily')."
429,7 → 429,7
# Due to packet losses in the network, the data here
# may be incorrect. There is little we can do about it.
".$this->_writeModule($this->_sections['accounting']->radutmp, '# radutmp')."
".$this->_writeModule($this->_sections['accounting']->sradutmp, 'sradutmp')."
".$this->_writeModule($this->_sections['accounting']->sradutmp, '# sradutmp')."
 
# Return an address to the IP Pool when we see a stop record.
".$this->_writeModule($this->_sections['accounting']->main_pool, '# main_pool')."
438,7 → 438,7
# Log traffic to an SQL database.
#
# See \"Accounting queries\" in sql.conf
".$this->_writeModule($this->_sections['accounting']->sql, 'sql')."
".$this->_writeModule($this->_sections['accounting']->sql, 'sql')."
 
#
# Instead of sending the query to the SQL server,
470,7 → 470,7
 
#
# See \"Simultaneous Use Checking Queries\" in sql.conf
".$this->_writeModule($this->_sections['session']->sql, '# sql')."
".$this->_writeModule($this->_sections['session']->sql, '# sql')."
}
 
 
518,7 → 518,7
Post-Auth-Type REJECT {
attr_filter.access_reject
}
".$this->_writeModule($this->_sections['post-auth']->files, '# files')."
".$this->_writeModule($this->_sections['post-auth']->files, '# files')."
}
 
#