web2ldap - misc.py

The configuration module for general options
General
<Download> <Features> <Roadmap> <News> <Demo> <Related>
Support
<Commercial> <Feedback> <FAQ>
Documentation
<Installing> <Customizing UI> <Configuration> <Compability> <Security> <Changes> <Files>

This document describes the parameter which influence the basic behaviour of web2ldap.

[dumpasn1cfg] [gzip_level] [html_bodybegin] [html_head] [input_maxattrs] [input_maxbinattrs] [input_maxfieldlen] [input_maxfilelen] [ldap_opt_debug_level] [ldap_trace_level] [ldif_maxbytes] [ldif_url_schemes] [max_searchparams] [print_rawutf8] [pylibdirs] [search_attrs] [search_attrsonly] [sec_expire] [sec_sslacceptedciphers] [session_checkvars] [session_limit] [session_paranoid] [session_remove]

pylibdirs
A list of strings with the full pathnames of directories containing the required Python modules.

Example:

pylibdirs = ['/opt/web2ldap/pylib','/usr/local/python/ldapmodule']
ldif_maxbytes
Maximum length (in bytes) of LDIF data in the <textarea> of addform/modifyform.
ldif_url_schemes
List of strings which specifies the URL schemes to process in LDIF input (marker :< in LDIF notation, see RFC 2849).
Think twice!!!
This can be a security nightmare! Every resource addressable by URL which is accessible by the system running web2ldap can be revealed. Usually you MUST not allow file if others can access your web2ldap installation and you MUST not allow any URL retrieval when running at a security border (like somewhere at firewall border).

If unsure leave as empty list to ignore all URLs in LDIF.
Once again. This is the safe setting:
ldif_url_schemes = []
input_maxattrs
Maximum count of input attribute fields in addform/modifyform.
input_maxfieldlen
Maximum length of attribute data input fields in addform/modifyform.
input_maxattrs
Maximum count of file upload attribute fields in addform/modifyform.
input_maxfieldlen
Maximum length of attribute uploaded via file in addform/modifyform.
max_searchparams
Maximum count of search parameters in advanced search form.

Example:

max_searchparams=9
search_attrsonly
There are some situations where web2ldap just wants to determine the existing attribute types of an entry and not the data itself for saving bandwidth.
However some LDAP hosts (e.g. Notes Domino 4.61 and prior versions) have problems with such an search requesting only attribute types, they won't return any matches for a search. If you experience this problems (no matching entry) set this to 0.

Example:

search_attrsonly=1
ldap_opt_debug_level
If non-zero this turns on debug output of the OpenLDAP libs and sets the debug level. Warning! Confidential information might be disclosed to the log! If unsure leave zero! Only set to non-zero if you have protected logs!
ldap_trace_level
Trace output of the LDAP connection can be written to error output. Set to non-zero if you want debug your LDAP connection. Warning! Passwords (credentials) are written to this trace log! If unsure leave zero! Only set to non-zero for testing purposes and if you have protected logs!
dumpasn1cfg
Path name to file dumpasn1.cfg needed for displaying names of OIDs in subject and issuer name and X.509v3 extensions of certificates.

HTML and HTTP options

print_rawutf8
UTF-8 data is printed as is and charset is set to utf-8 in HTTP header. This speeds up displaying dramatically! The browser has to set the required HTTP header and your web server has to set the environment variable.
0
Never
1
if the browser sends Accept-Charset: utf-8 in HTTP header and the web server sets HTTP_ACCEPT_CHARSET environment variable
2
Always

Example:

print_rawutf8=1
gzip_level
The HTTP body can be sent compressed with gzip algorithm if this parameter is set to a non-zero compressing level, the HTTP client sends Accept-Encoding: gzip in the HTTP request header and the web server sets HTTP_ACCEPT_CHARSET environment variable. This also needs zlibmodule which is automatically detected.
Note:
This might speed things up if the server's CPU rather fast compared to the network link. Even with large search results you won't gain much by choosing gzip level higher than 1.

Example:

gzip_level=1
html_head
Additional information in <HEAD></HEAD> section, e.g. CSS definitions or links. Do not put <TITLE> tags in here!

Example (note the preceding r for Python raw string!):

	html_head = r"""
	  <LINK
	    rel=stylesheet
	    type="text/css"
	    href="http://www.web2ldap.de/css/readandgreen.css"
	  >
	"""
      
html_bodybegin
Rudimental configuration for <BODY>-tag. There should be at least <BODY> written here.

Example (note the preceding r for Python raw string!):

	html_bodybegin = r"""
	<BODY LINK="Red" VLINK="Maroon" BGCOLOR="#fffffe">
	"""
      

Security options

You should think about these parameters a little bit longer...

session_limit
Maximum number of currently persistent web sessions.
session_paranoid
If non-zero or True there's a new session ID generated for each hit.
Disadvantage: The browser's back button does not work anymore.
Default: 0 (disabled)
session_remove
Amount of time in seconds after which inactive sessions will be expired and the session data is removed silently without the possibility to relogin.
session_checkvars
List of environment variables assumed to be constant throughout web sessions with the same ID if existent. These env vars are cross-checked for each hit while restoring a web session to reduce the risk of session-hijacking.
Note: REMOTE_ADDR and REMOTE_HOST might not be constant if the client accesses web2ldap through a network of web proxy siblings.
sec_expire
You can set sec_expire to define the amount of time (in seconds) the data is valid in the browser (HTTP header Expires: is set).
Note: If you're doing modifications you might get a very nasty behaviour if the pages are cached by your browser.

Example:

sec_expire = 600
sec_sslacceptedciphers
Specifies a list of strings with the acceptable symmetric key ciphers to reach at least security level 1. See also http://www.apache-ssl.org/docs.html and the ApacheSSL run-time directives SSLBanCipher, SSLRequireCipher, SSLRequiredCiphers or similar options in your SSL capable web server.

Example (accepts only strong ciphers):

sec_sslacceptedciphers = [
'IDEA-CBC-SHA','RC4-MD5','RC4-SHA','IDEA-CBC-MD5',
'DES-CBC3-SHA','DH-DSS-DES-CBC3-SHA','DH-RSA-DES-CBC3-SHA',
'EDH-DSS-DES-CBC3-SHA','EDH-RSA-DES-CBC3-SHA','ADH-RC4-MD5',
'ADH-DES-CBC3-SHA','FZA-RC4-SHA','RC2-CBC-MD5','DES-CBC3-MD5'
]
print_rawutf8
Integer which defines if UTF-8 is used as character set.
0 ISO-8859-1 is used in any case
1 If the browser sends utf-8 in Accept-charset header and the web server sets HTTP_ACCEPT_CHARSET environment the used character set is negotiated. UTF-8 is preferred.
2 UTF-8 is always used no matter what the browser sends.

www.nosoftwarepatents.com