summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-08-03 16:36:41 +0100
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-08-03 16:36:41 +0100
commit670e4c5527b0199b748c651b6dde9b4e944088d8 (patch)
tree146931aa0dcbcdba72a10c4129e148ec92c51ad6
parentedac79c4a05fb7e04cc6a012b5ac3b40d5856ca9 (diff)
parent9d20b49533afad2488078e96e89b686a8b516063 (diff)
downloadpykolab-670e4c5527b0199b748c651b6dde9b4e944088d8.tar.gz
Merge branch 'master' of ssh://git.kolabsys.com/git/pykolab
-rw-r--r--pykolab/setup/setup_ldap.py23
1 files changed, 18 insertions, 5 deletions
diff --git a/pykolab/setup/setup_ldap.py b/pykolab/setup/setup_ldap.py
index 1e00616..fd17d53 100644
--- a/pykolab/setup/setup_ldap.py
+++ b/pykolab/setup/setup_ldap.py
@@ -50,6 +50,14 @@ def cli_options():
help = _("Specify FQDN (overriding defaults).")
)
+ ldap_group.add_option(
+ "--allow-anonymous",
+ dest = "anonymous",
+ action = "store_true",
+ default = False,
+ help = _("Allow anonymous binds (default: no).")
+ )
+
def description():
return _("Setup LDAP.")
@@ -359,6 +367,10 @@ ServerAdminPwd = %(admin_pass)s
attrs['surname'] = "Service"
attrs['cn'] = "Kolab Service"
attrs['userPassword'] = _input['kolab_service_pass']
+ attrs['nslookthroughlimit'] = '-1'
+ attrs['nssizelimit'] = '-1'
+ attrs['nstimelimit'] = '-1'
+ attrs['nsidletimeout'] = '-1'
# Convert our dict to nice syntax for the add-function using modlist-module
ldif = ldap.modlist.addModlist(attrs)
@@ -430,11 +442,12 @@ ServerAdminPwd = %(admin_pass)s
ldif = ldap.modlist.addModlist(attrs)
auth._auth.ldap.add_s(dn, ldif)
- log.info(_("Disabling anonymous binds"))
- dn = "cn=config"
- modlist = []
- modlist.append((ldap.MOD_REPLACE, "nsslapd-allow-anonymous-access", "off"))
- auth._auth.ldap.modify_s(dn, modlist)
+ if not conf.anonymous:
+ log.info(_("Disabling anonymous binds"))
+ dn = "cn=config"
+ modlist = []
+ modlist.append((ldap.MOD_REPLACE, "nsslapd-allow-anonymous-access", "off"))
+ auth._auth.ldap.modify_s(dn, modlist)
# TODO: Ensure the uid attribute is unique
# TODO^2: Consider renaming the general "attribute uniqueness to "uid attribute uniqueness"