Hi,
On Wed, January 6, 2010 21:23, Janos SUTO wrote:
> Hello Christoph,
>
> >>can anybody give me some hints on how to set up a ldap userdb on a
> >>plain debian system?
>
> You have to install the openldap related packages (including the
> development packages too).
>
> Then please see http://clapf.acts.hu/doc/current/en/ldap.php and
> the 'Q: How to setup virtual users with LDAP?' part of the FAQ.
OK, thanks. I've edited the README.Debian in the package accordingly.
In the debian package, both schemas are copied to the debian specific
schema dir and the ldifs to datarootdir.
>
>
> >>Another thing which might be included in the installation procedure is
> >>a default config set for the webui. Can someone provide me an example
> >>config.php so the scripts could install it (with some changes made,
> >>depending on what database backend is used).
>
> I have attached mine.
Thanks.
If the database backend is sqlite3 it's possible to create this
during install of the clapf-webui package. Maybe I will implement this.
>
> >>Since we are at it, which files of the webui should be secured against
> >>unwanted access? I guess config.php and setup/*, what else?
>
> It depends on what you mean on 'unwanted access'. Definitely nobody
> should ever modify any of the webui files after the setup. If you are
> done with the setup you may remove the setup/ directory.
With "unwanted access" I mean something like pointing a browser onto
it. Should e.g. browsing to "http(s)://webui-url/system/misc.php" result
in a 403 rather than triggering the built in prevention systems --
probably directing to index.php?
If webui isn't configured yet, is it secure to allow access to it?
Since the debian package installs an empty config.php .
>
> Nobody should read the config.php as it may contain passwords. You
> should prevent access to the sqlite3 database files, so nobody could
> download it.
I will include this into the default httpd config stubs included in the
package.
Regards
Christoph Wilke
