Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- tachtler:phpldapadmin_centos_7 [2014/12/09 14:27] – [/etc/phpldapadmin/config.php] klaus
+++ tachtler:phpldapadmin_centos_7 [2021/01/01 12:43] (aktuell) – [/usr/share/phpldapadmin/locale/de_DE/LC_MESSAGES/messages.mo] klaus
@@ Zeile 841: / Zeile 841: @@
 <code php>
+<?php
+/** NOTE **
+ ** Make sure that <?php is the FIRST line of this file!
+ ** IE: There should NOT be any blank lines or spaces BEFORE <?php
+ **/
+/**
+ * The phpLDAPadmin config file
+ * See: http://phpldapadmin.sourceforge.net/wiki/index.php/Config.php
+ *
+ * This is where you can customise some of the phpLDAPadmin defaults
+ * that are defined in config_default.php.
+ *
+ * To override a default, use the $config->custom variable to do so.
+ * For example, the default for defining the language in config_default.php
+ *
+ * $this->default->appearance['language'] = array(
+ *  'desc'=>'Language',
+ *  'default'=>'auto');
+ *
+ * to override this, use $config->custom->appearance['language'] = 'en_EN';
+ *
+ * This file is also used to configure your LDAP server connections.
+ *
+ * You must specify at least one LDAP server there. You may add
+ * as many as you like. You can also specify your language, and
+ * many other options.
+ *
+ * NOTE: Commented out values in this file prefixed by //, represent the
+ * defaults that have been defined in config_default.php.
+ * Commented out values prefixed by #, dont reflect their default value, you can
+ * check config_default.php if you want to see what the default is.
+ *
+ * DONT change config_default.php, you changes will be lost by the next release
+ * of PLA. Instead change this file - as it will NOT be replaced by a new
+ * version of phpLDAPadmin.
+ */
+/*********************************************
+ * Useful important configuration overrides  *
+ *********************************************/
+/* If you are asked to put PLA in debug mode, this is how you do it: */
+#  $config->custom->debug['level'] = 255;
+#  $config->custom->debug['syslog'] = true;
+#  $config->custom->debug['file'] = '/tmp/pla_debug.log';
+/* phpLDAPadmin can encrypt the content of sensitive cookies if you set this
+   to a big random string. */
+$config->custom->session['blowfish'] = '921b408e1ce141b2652136971cb2683a';  # Autogenerated for server90.idmz.tachtler.net
+/* If your auth_type is http, you can override your HTTP Authentication Realm. */
+// $config->custom->session['http_realm'] = sprintf('%s %s',app_name(),'login');
+/* The language setting. If you set this to 'auto', phpLDAPadmin will attempt
+   to determine your language automatically. Otherwise, available lanaguages
+   are: 'ct', 'de', 'en', 'es', 'fr', 'it', 'nl', and 'ru'
+   Localization is not complete yet, but most strings have been translated.
+   Please help by writing language files. See lang/en.php for an example. */
+// $config->custom->appearance['language'] = 'auto';
+# Tachtler
+$config->custom->appearance['language'] = 'de_DE';
+/* The temporary storage directory where we will put jpegPhoto data
+   This directory must be readable and writable by your web server. */
+// $config->custom->jpeg['tmpdir'] = '/tmp';     // Example for Unix systems
+#  $config->custom->jpeg['tmpdir'] = 'c:\\temp'; // Example for Windows systems
+/* Set this to (bool)true if you do NOT want a random salt used when
+   calling crypt().  Instead, use the first two letters of the user's
+   password.  This is insecure but unfortunately needed for some older
+   environments. */
+#  $config->custom->password['no_random_crypt_salt'] = true;
+/* PHP script timeout control. If php runs longer than this many seconds then
+   PHP will stop with an Maximum Execution time error. Increase this value from
+   the default if queries to your LDAP server are slow. The default is either
+seconds or the setting of max_exection_time if this is null. */
+// $config->custom->session['timelimit'] = 30;
+// $config->custom->appearance['show_clear_password'] = false;
+// $config->custom->search['size_limit'] = 50;
+#  $config->custom->search['size_limit'] = 1000;
+/* Our local timezone
+   This is to make sure that when we ask the system for the current time, we
+   get the right local time. If this is not set, all time() calculations will
+   assume UTC if you have not set PHP date.timezone. */
+// $config->custom->appearance['timezone'] = null;
+#  $config->custom->appearance['timezone'] = 'Australia/Melbourne';
+# Tachtler
+$config->custom->appearance['timezone'] = 'Europe/Berlin';
+/*********************************************
+ * Commands                                  *
+ *********************************************/
+/* Command availability ; if you don't authorize a command the command
+   links will not be shown and the command action will not be permitted.
+   For better security, set also ACL in your ldap directory. */
+/*
+$config->custom->commands['cmd'] = array(
+        'entry_internal_attributes_show' => true,
+        'entry_refresh' => true,
+        'oslinks' => true,
+        'switch_template' => true
+);
+$config->custom->commands['script'] = array(
+        'add_attr_form' => true,
+        'add_oclass_form' => true,
+        'add_value_form' => true,
+        'collapse' => true,
+        'compare' => true,
+        'compare_form' => true,
+        'copy' => true,
+        'copy_form' => true,
+        'create' => true,
+        'create_confirm' => true,
+        'delete' => true,
+        'delete_attr' => true,
+        'delete_form' => true,
+        'draw_tree_node' => true,
+        'expand' => true,
+        'export' => true,
+        'export_form' => true,
+        'import' => true,
+        'import_form' => true,
+        'login' => true,
+        'logout' => true,
+        'login_form' => true,
+        'mass_delete' => true,
+        'mass_edit' => true,
+        'mass_update' => true,
+        'modify_member_form' => true,
+        'monitor' => true,
+        'purge_cache' => true,
+        'query_engine' => true,
+        'rename' => true,
+        'rename_form' => true,
+        'rdelete' => true,
+        'refresh' => true,
+        'schema' => true,
+        'server_info' => true,
+        'show_cache' => true,
+        'template_engine' => true,
+        'update_confirm' => true,
+        'update' => true
+);
+*/
+/*********************************************
+ * Appearance                                *
+ *********************************************/
+/* If you want to choose the appearance of the tree, specify a class name which
+   inherits from the Tree class. */
+// $config->custom->appearance['tree'] = 'AJAXTree';
+#  $config->custom->appearance['tree'] = 'HTMLTree';
+/* Just show your custom templates. */
+// $config->custom->appearance['custom_templates_only'] = false;
+/* Disable the default template. */
+// $config->custom->appearance['disable_default_template'] = false;
+/* Hide the warnings for invalid objectClasses/attributes in templates. */
+// $config->custom->appearance['hide_template_warning'] = false;
+# Tachtler
+$config->custom->appearance['hide_template_warning'] = true;
+/* Configure what objects are shown in left hand tree */
+// $config->custom->appearance['tree_filter'] = '(objectclass=*)';
+/* The height and width of the tree. If these values are not set, then
+   no tree scroll bars are provided. */
+// $config->custom->appearance['tree_height'] = null;
+#  $config->custom->appearance['tree_height'] = 600;
+// $config->custom->appearance['tree_width'] = null;
+#  $config->custom->appearance['tree_width'] = 250;
+/* Confirm create and update operations, allowing you to review the changes
+   and optionally skip attributes during the create/update operation. */
+// $config->custom->confirm['create'] = true;
+// $config->custom->confirm['update'] = true;
+/* Confirm copy operations, and treat them like create operations. This allows
+   you to edit the attributes (thus changing any that might conflict with
+   uniqueness) before creating the new entry. */
+// $config->custom->confirm['copy'] = true;
+# Tachtler - new -
+/* Disable HTTP-LOGO-Download from sourceforge */
+$config->custom->appearance['remoteurls'] = false;
+/*********************************************
+ * User-friendly attribute translation       *
+ *********************************************/
+/* Use this array to map attribute names to user friendly names. For example, if
+   you don't want to see "facsimileTelephoneNumber" but rather "Fax". */
+// $config->custom->appearance['friendly_attrs'] = array();
+$config->custom->appearance['friendly_attrs'] = array(
+# Tachtler
+# default:      'facsimileTelephoneNumber' => 'Fax',
+# default:      'gid'                      => 'Group',
+# default:      'mail'                     => 'Email',
+# default:      'telephoneNumber'          => 'Telephone',
+# default:      'uid'                      => 'User Name',
+# default:      'userPassword'             => 'Password'
+#       'facsimileTelephoneNumber' => 'Fax',
+#       'gid'                      => 'Group',
+#       'mail'                     => 'Email',
+#       'telephoneNumber'          => 'Telephone',
+#       'uid'                      => 'User Name',
+#       'userPassword'             => 'Password'
+);
+/*********************************************
+ * Hidden attributes                         *
+ *********************************************/
+/* You may want to hide certain attributes from being edited. If you want to
+   hide attributes from the user, you should use your LDAP servers ACLs.
+   NOTE: The user must be able to read the hide_attrs_exempt entry to be
+   excluded. */
+// $config->custom->appearance['hide_attrs'] = array();
+#  $config->custom->appearance['hide_attrs'] = array('objectClass');
+/* Members of this list will be exempt from the hidden attributes. */
+// $config->custom->appearance['hide_attrs_exempt'] = null;
+#  $config->custom->appearance['hide_attrs_exempt'] = 'cn=PLA UnHide,ou=Groups,c=AU';
+/*********************************************
+ * Read-only attributes                      *
+ *********************************************/
+/* You may want to phpLDAPadmin to display certain attributes as read only,
+   meaning that users will not be presented a form for modifying those
+   attributes, and they will not be allowed to be modified on the "back-end"
+   either. You may configure this list here:
+   NOTE: The user must be able to read the readonly_attrs_exempt entry to be
+   excluded. */
+// $config->custom->appearance['readonly_attrs'] = array();
+/* Members of this list will be exempt from the readonly attributes. */
+// $config->custom->appearance['readonly_attrs_exempt'] = null;
+#  $config->custom->appearance['readonly_attrs_exempt'] = 'cn=PLA ReadWrite,ou=Groups,c=AU';
+/*********************************************
+ * Group attributes                          *
+ *********************************************/
+/* Add "modify group members" link to the attribute. */
+// $config->custom->modify_member['groupattr'] = array('member','uniqueMember','memberUid');
+/* Configure filter for member search. This only applies to "modify group members" feature */
+// $config->custom->modify_member['filter'] = '(objectclass=Person)';
+/* Attribute that is added to the group member attribute. */
+// $config->custom->modify_member['attr'] = 'dn';
+/* For Posix attributes */
+// $config->custom->modify_member['posixattr'] = 'uid';
+// $config->custom->modify_member['posixfilter'] = '(uid=*)';
+// $config->custom->modify_member['posixgroupattr'] = 'memberUid';
+/*********************************************
+ * Support for attrs display order           *
+ *********************************************/
+/* Use this array if you want to have your attributes displayed in a specific
+   order. You can use default attribute names or their fridenly names.
+   For example, "sn" will be displayed right after "givenName". All the other
+   attributes that are not specified in this array will be displayed after in
+   alphabetical order. */
+// $config->custom->appearance['attr_display_order'] = array();
+#  $config->custom->appearance['attr_display_order'] = array(
+#   'givenName',
+#   'sn',
+#   'cn',
+#   'displayName',
+#   'uid',
+#   'uidNumber',
+#   'gidNumber',
+#   'homeDirectory',
+#   'mail',
+#   'userPassword'
+#  );
+/*********************************************
+ * Define your LDAP servers in this section  *
+ *********************************************/
+$servers = new Datastore();
+/* $servers->NewServer('ldap_pla') must be called before each new LDAP server
+   declaration. */
+$servers->newServer('ldap_pla');
+/* A convenient name that will appear in the tree viewer and throughout
+   phpLDAPadmin to identify this LDAP server to users. */
+# Tachtler
+# default: $servers->setValue('server','name','Local LDAP Server');
+$servers->setValue('server','name','ldap.idmz.tachtler.net');
+/* Examples:
+   'ldap.example.com',
+   'ldaps://ldap.example.com/',
+   'ldapi://%2fusr%local%2fvar%2frun%2fldapi'
+           (Unix socket at /usr/local/var/run/ldap) */
+// $servers->setValue('server','host','127.0.0.1');
+# Tachtler
+$servers->setValue('server','host','ldaps://ldap.idmz.tachtler.net');
+/* The port your LDAP server listens on (no quotes). 389 is standard. */
+// $servers->setValue('server','port',389);
+/* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin
+   auto-detect it for you. */
+// $servers->setValue('server','base',array(''));
+/* Four options for auth_type:
+. 'cookie': you will login via a web form, and a client-side cookie will
+      store your login dn and password.
+. 'session': same as cookie but your login dn and password are stored on the
+      web server in a persistent session variable.
+. 'http': same as session but your login dn and password are retrieved via
+      HTTP authentication.
+. 'config': specify your login dn and password here in this config file. No
+      login will be required to use phpLDAPadmin for this server.
+   Choose wisely to protect your authentication information appropriately for
+   your situation. If you choose 'cookie', your cookie contents will be
+   encrypted using blowfish and the secret your specify above as
+   session['blowfish']. */
+// $servers->setValue('login','auth_type','session');
+/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or
+   'cookie' or 'session' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS BLANK. If
+   you specify a login_attr in conjunction with a cookie or session auth_type,
+   then you can also specify the bind_id/bind_pass here for searching the
+   directory for users (ie, if your LDAP server does not allow anonymous binds. */
+// $servers->setValue('login','bind_id','');
+#  $servers->setValue('login','bind_id','cn=Manager,dc=example,dc=com');
+# Tachtler
+$servers->setValue('login','bind_id','cn=Manager,dc=tachtler,dc=net');
+/* Your LDAP password. If you specified an empty bind_id above, this MUST also
+   be blank. */
+// $servers->setValue('login','bind_pass','');
+#  $servers->setValue('login','bind_pass','secret');
+/* Use TLS (Transport Layer Security) to connect to the LDAP server. */
+// $servers->setValue('server','tls',false);
+/************************************
+ *      SASL Authentication         *
+ ************************************/
+/* Enable SASL authentication LDAP SASL authentication requires PHP 5.x
+   configured with --with-ldap-sasl=DIR. If this option is disabled (ie, set to
+   false), then all other sasl options are ignored. */
+// $servers->setValue('server','sasl_auth',false);
+/* SASL auth mechanism */
+// $servers->setValue('server','sasl_mech','PLAIN');
+/* SASL authentication realm name */
+// $servers->setValue('server','sasl_realm','');
+#  $servers->setValue('server','sasl_realm','example.com');
+/* SASL authorization ID name
+   If this option is undefined, authorization id will be computed from bind DN,
+   using sasl_authz_id_regex and sasl_authz_id_replacement. */
+// $servers->setValue('server','sasl_authz_id', null);
+/* SASL authorization id regex and replacement
+   When sasl_authz_id property is not set (default), phpLDAPAdmin will try to
+   figure out authorization id by itself from bind distinguished name (DN).
+   This procedure is done by calling preg_replace() php function in the
+   following way:
+   $authz_id = preg_replace($sasl_authz_id_regex,$sasl_authz_id_replacement,
+    $bind_dn);
+   For info about pcre regexes, see:
+   - pcre(3), perlre(3)
+   - http://www.php.net/preg_replace */
+// $servers->setValue('server','sasl_authz_id_regex',null);
+// $servers->setValue('server','sasl_authz_id_replacement',null);
+#  $servers->setValue('server','sasl_authz_id_regex','/^uid=([^,]+)(.+)/i');
+#  $servers->setValue('server','sasl_authz_id_replacement','$1');
+/* SASL auth security props.
+   See http://beepcore-tcl.sourceforge.net/tclsasl.html#anchor5 for explanation. */
+// $servers->setValue('server','sasl_props',null);
+/* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5,
+   blowfish, crypt or leave blank for now default algorithm. */
+// $servers->setValue('appearance','password_hash','md5');
+# Tachtler
+# default: $servers->setValue('appearance','password_hash','');
+$servers->setValue('appearance','password_hash','ssha');
+/* If you specified 'cookie' or 'session' as the auth_type above, you can
+   optionally specify here an attribute to use when logging in. If you enter
+   'uid' and login as 'dsmith', phpLDAPadmin will search for (uid=dsmith)
+   and log in as that user.
+   Leave blank or specify 'dn' to use full DN for logging in. Note also that if
+   your LDAP server requires you to login to perform searches, you can enter the
+   DN to use when searching in 'bind_id' and 'bind_pass' above. */
+// $servers->setValue('login','attr','dn');
+# Tachtler
+# default: $servers->setValue('login','attr','uid');
+$servers->setValue('login','attr','dn');
+/* Base DNs to used for logins. If this value is not set, then the LDAP server
+   Base DNs are used. */
+// $servers->setValue('login','base',array());
+/* If 'login,attr' is used above such that phpLDAPadmin will search for your DN
+   at login, you may restrict the search to a specific objectClasses. EG, set this
+   to array('posixAccount') or array('inetOrgPerson',..), depending upon your
+   setup. */
+// $servers->setValue('login','class',array());
+/* If you specified something different from 'dn', for example 'uid', as the
+   login_attr above, you can optionally specify here to fall back to
+   authentication with dn.
+   This is useful, when users should be able to log in with their uid, but
+   the ldap administrator wants to log in with his root-dn, that does not
+   necessarily have the uid attribute.
+   When using this feature, login_class is ignored. */
+// $servers->setValue('login','fallback_dn',false);
+/* Specify true If you want phpLDAPadmin to not display or permit any
+   modification to the LDAP server. */
+// $servers->setValue('server','read_only',false);
+/* Specify false if you do not want phpLDAPadmin to draw the 'Create new' links
+   in the tree viewer. */
+// $servers->setValue('appearance','show_create',true);
+/* This feature allows phpLDAPadmin to automatically determine the next
+   available uidNumber for a new entry. */
+// $servers->setValue('auto_number','enable',true);
+/* The mechanism to use when finding the next available uidNumber. Two possible
+   values: 'uidpool' or 'search'.
+   The 'uidpool' mechanism uses an existing uidPool entry in your LDAP server to
+   blindly lookup the next available uidNumber. The 'search' mechanism searches
+   for entries with a uidNumber value and finds the first available uidNumber
+   (slower). */
+// $servers->setValue('auto_number','mechanism','search');
+/* The DN of the search base when the 'search' mechanism is used above. */
+#  $servers->setValue('auto_number','search_base','ou=People,dc=example,dc=com');
+/* The minimum number to use when searching for the next available number
+   (only when 'search' is used for auto_number. */
+// $servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500));
+/* If you set this, then phpldapadmin will bind to LDAP with this user ID when
+   searching for the uidnumber. The idea is, this user id would have full
+   (readonly) access to uidnumber in your ldap directory (the logged in user
+   may not), so that you can be guaranteed to get a unique uidnumber for your
+   directory. */
+// $servers->setValue('auto_number','dn',null);
+/* The password for the dn above. */
+// $servers->setValue('auto_number','pass',null);
+/* Enable anonymous bind login. */
+// $servers->setValue('login','anon_bind',true);
+# Tachtler
+$servers->setValue('login','anon_bind',false);
+/* Use customized page with prefix when available. */
+#  $servers->setValue('custom','pages_prefix','custom_');
+/* If you set this, then only these DNs are allowed to log in. This array can
+   contain individual users, groups or ldap search filter(s). Keep in mind that
+   the user has not authenticated yet, so this will be an anonymous search to
+   the LDAP server, so make your ACLs allow these searches to return results! */
+#  $servers->setValue('login','allowed_dns',array(
+#   'uid=stran,ou=People,dc=example,dc=com',
+#   '(&(gidNumber=811)(objectClass=groupOfNames))',
+#   '(|(uidNumber=200)(uidNumber=201))',
+#   'cn=callcenter,ou=Group,dc=example,dc=com'));
+/* Set this if you dont want this LDAP server to show in the tree */
+// $servers->setValue('server','visible',true);
+/* This is the time out value in minutes for the server. After as many minutes
+   of inactivity you will be automatically logged out. If not set, the default
+   value will be ( session_cache_expire()-1 ) */
+#  $servers->setValue('login','timeout',30);
+/* Set this if you want phpldapadmin to perform rename operation on entry which
+   has children. Certain servers are known to allow it, certain are not. */
+// $servers->setValue('server','branch_rename',false);
+/* If you set this, then phpldapadmin will show these attributes as
+   internal attributes, even if they are not defined in your schema. */
+// $servers->setValue('server','custom_sys_attrs',array(''));
+#  $servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','passwordAllowChangeTime'));
+/* If you set this, then phpldapadmin will show these attributes on
+   objects, even if they are not defined in your schema. */
+// $servers->setValue('server','custom_attrs',array(''));
+#  $servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock'));
+/* These attributes will be forced to MAY attributes and become option in the
+   templates. If they are not defined in the templates, then they wont appear
+   as per normal template processing. You may want to do this because your LDAP
+   server may automatically calculate a default value.
+   In Fedora Directory Server using the DNA Plugin one could ignore uidNumber,
+   gidNumber and sambaSID. */
+// $servers->setValue('force_may','attrs',array(''));
+#  $servers->setValue('force_may','attrs',array('uidNumber','gidNumber','sambaSID'));
+/*********************************************
+ * Unique attributes                         *
+ *********************************************/
+/* You may want phpLDAPadmin to enforce some attributes to have unique values
+   (ie: not belong to other entries in your tree. This (together with
+   'unique','dn' and 'unique','pass' option will not let updates to
+   occur with other attributes have the same value. */
+#  $servers->setValue('unique','attrs',array('mail','uid','uidNumber'));
+/* If you set this, then phpldapadmin will bind to LDAP with this user ID when
+   searching for attribute uniqueness. The idea is, this user id would have full
+   (readonly) access to your ldap directory (the logged in user may not), so
+   that you can be guaranteed to get a unique uidnumber for your directory. */
+// $servers->setValue('unique','dn',null);
+/* The password for the dn above. */
+// $servers->setValue('unique','pass',null);
+/**************************************************************************
+ * If you want to configure additional LDAP servers, do so below.         *
+ * Remove the commented lines and use this section as a template for all  *
+ * your other LDAP servers.                                               *
+ **************************************************************************/
+/*
+$servers->newServer('ldap_pla');
+$servers->setValue('server','name','LDAP Server');
+$servers->setValue('server','host','127.0.0.1');
+$servers->setValue('server','port',389);
+$servers->setValue('server','base',array(''));
+$servers->setValue('login','auth_type','cookie');
+$servers->setValue('login','bind_id','');
+$servers->setValue('login','bind_pass','');
+$servers->setValue('server','tls',false);
+# SASL auth
+$servers->setValue('server','sasl_auth',true);
+$servers->setValue('server','sasl_mech','PLAIN');
+$servers->setValue('server','sasl_realm','EXAMPLE.COM');
+$servers->setValue('server','sasl_authz_id',null);
+$servers->setValue('server','sasl_authz_id_regex','/^uid=([^,]+)(.+)/i');
+$servers->setValue('server','sasl_authz_id_replacement','$1');
+$servers->setValue('server','sasl_props',null);
+$servers->setValue('appearance','password_hash','md5');
+$servers->setValue('login','attr','dn');
+$servers->setValue('login','fallback_dn',false);
+$servers->setValue('login','class',null);
+$servers->setValue('server','read_only',false);
+$servers->setValue('appearance','show_create',true);
+$servers->setValue('auto_number','enable',true);
+$servers->setValue('auto_number','mechanism','search');
+$servers->setValue('auto_number','search_base',null);
+$servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500));
+$servers->setValue('auto_number','dn',null);
+$servers->setValue('auto_number','pass',null);
+$servers->setValue('login','anon_bind',true);
+$servers->setValue('custom','pages_prefix','custom_');
+$servers->setValue('unique','attrs',array('mail','uid','uidNumber'));
+$servers->setValue('unique','dn',null);
+$servers->setValue('unique','pass',null);
+$servers->setValue('server','visible',true);
+$servers->setValue('login','timeout',30);
+$servers->setValue('server','branch_rename',false);
+$servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','passwordAllowChangeTime'));
+$servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock'));
+$servers->setValue('force_may','attrs',array('uidNumber','gidNumber','sambaSID'));
+*/
+?>
 </code>
+Nachfolgend die Erklärungen zu den **Änderungen** in der oben **vollständig** gezeigten Konfigurationsdatei.
+=== Sprache ===
+<code php>
+/* The language setting. If you set this to 'auto', phpLDAPadmin will attempt
+   to determine your language automatically. Otherwise, available lanaguages
+   are: 'ct', 'de', 'en', 'es', 'fr', 'it', 'nl', and 'ru'
+   Localization is not complete yet, but most strings have been translated.
+   Please help by writing language files. See lang/en.php for an example. */
+// $config->custom->appearance['language'] = 'auto';
+# Tachtler
+$config->custom->appearance['language'] = 'de_DE';
+</code>
+* //Die Standardsprache wird hier auf **de_DE** (deutsch) gesetzt//
+=== Zeitzone ===
+<code php>
+/* Our local timezone
+   This is to make sure that when we ask the system for the current time, we
+   get the right local time. If this is not set, all time() calculations will
+   assume UTC if you have not set PHP date.timezone. */
+// $config->custom->appearance['timezone'] = null;
+#  $config->custom->appearance['timezone'] = 'Australia/Melbourne';
+# Tachtler
+$config->custom->appearance['timezone'] = 'Europe/Berlin';
+</code>
+* //Die Zeitzone wird hier auf **Europe/Berlin** (Standard in Deutschland) gesetzt//
+=== Fehlermeldungen zu ungültigen Objekten in Vorlagen ===
+<code php>
+/* Hide the warnings for invalid objectClasses/attributes in templates. */
+// $config->custom->appearance['hide_template_warning'] = false;
+# Tachtler
+$config->custom->appearance['hide_template_warning'] = true;
+</code>
+* //Ausblenden von überflüssigen Warnmeldungen//
+=== LOGO-Download unterbinden ===
+<code php>
+# Tachtler - new -
+/* Disable HTTP-LOGO-Download from sourceforge */
+$config->custom->appearance['remoteurls'] = false;
+</code>
+* //Unterbindet das Herunterladen des HTTP-LOGO für [[http://phpldapadmin.sourceforge.net/|phpLDAPadmin]] von [[http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page|sourceforge]]//
+=== Benutzerfreundliche Feldnamen ===
+<code php>
+/* Use this array to map attribute names to user friendly names. For example, if
+   you don't want to see "facsimileTelephoneNumber" but rather "Fax". */
+// $config->custom->appearance['friendly_attrs'] = array();
+$config->custom->appearance['friendly_attrs'] = array(
+# Tachtler
+# default:      'facsimileTelephoneNumber' => 'Fax',
+# default:      'gid'                      => 'Group',
+# default:      'mail'                     => 'Email',
+# default:      'telephoneNumber'          => 'Telephone',
+# default:      'uid'                      => 'User Name',
+# default:      'userPassword'             => 'Password'
+#       'facsimileTelephoneNumber' => 'Fax',
+#       'gid'                      => 'Group',
+#       'mail'                     => 'Email',
+#       'telephoneNumber'          => 'Telephone',
+#       'uid'                      => 'User Name',
+#       'userPassword'             => 'Password'
+);
+</code>
+* //Die Übersetzung einieger Feldnamen in benutzerfreundliche Bezeichnungen soll, um keine verfälschte Ausgabe zu erzeugen, unterbunden werden//
+=== Anzeige LDAP-Server Name  ===
+<code php>
+/* A convenient name that will appear in the tree viewer and throughout
+   phpLDAPadmin to identify this LDAP server to users. */
+# Tachtler
+# default: $servers->setValue('server','name','Local LDAP Server');
+$servers->setValue('server','name','ldap.idmz.tachtler.net');
+</code>
+* //Der Name des LDAP-Servers im Objektbaum//
+=== LDAP-URL ===
+<code php>
+/* Examples:
+   'ldap.example.com',
+   'ldaps://ldap.example.com/',
+   'ldapi://%2fusr%local%2fvar%2frun%2fldapi'
+           (Unix socket at /usr/local/var/run/ldap) */
+// $servers->setValue('server','host','127.0.0.1');
+# Tachtler
+$servers->setValue('server','host','ldaps://ldap.idmz.tachtler.net');
+</code>
+* //Die URL zum LDAP-Server - **hier eine URL mit SSL/TLS-Verschlüsseltem Aufruf**//
+=== LDAP BIND ID ===
+<code php>
+/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or
+   'cookie' or 'session' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS BLANK. If
+   you specify a login_attr in conjunction with a cookie or session auth_type,
+   then you can also specify the bind_id/bind_pass here for searching the
+   directory for users (ie, if your LDAP server does not allow anonymous binds. */
+// $servers->setValue('login','bind_id','');
+#  $servers->setValue('login','bind_id','cn=Manager,dc=example,dc=com');
+# Tachtler
+$servers->setValue('login','bind_id','cn=Manager,dc=tachtler,dc=net');
+</code>
+* //Der Benutzer, bzw. das Objekt, mit dessen die Authentifizierung durchgeführt werden soll **Standard ist hier das Manager-Objekt**//
+=== Standard Passwort Algorithmus ===
+<code php>
+/* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5,
+   blowfish, crypt or leave blank for now default algorithm. */
+// $servers->setValue('appearance','password_hash','md5');
+# Tachtler
+# default: $servers->setValue('appearance','password_hash','');
+$servers->setValue('appearance','password_hash','ssha');
+</code>
+* //Hier aufgrund der gestiegenen Sicherheitsanforderungen **ssha** und __**NICHT**__ mehr md5//
+=== Login Attribut ===
+<code php>
+/* If you specified 'cookie' or 'session' as the auth_type above, you can
+   optionally specify here an attribute to use when logging in. If you enter
+   'uid' and login as 'dsmith', phpLDAPadmin will search for (uid=dsmith)
+   and log in as that user.
+   Leave blank or specify 'dn' to use full DN for logging in. Note also that if
+   your LDAP server requires you to login to perform searches, you can enter the
+   DN to use when searching in 'bind_id' and 'bind_pass' above. */
+// $servers->setValue('login','attr','dn');
+# Tachtler
+# default: $servers->setValue('login','attr','uid');
+$servers->setValue('login','attr','dn');
+</code>
+:!: **WICHTIG** - //Der Standard ist **dn** und __**NICHT**__ uid !!!//
+=== Anonymous BIND ===
+<code php>
+/* Enable anonymous bind login. */
+// $servers->setValue('login','anon_bind',true);
+# Tachtler
+$servers->setValue('login','anon_bind',false);
+</code>
+:!: **WICHTIG** //Falls der OpenLDAP-Server keinen **anonymous bind** erlaubt, kann dies hier deaktiviert werden !!!//
+Bei der Konfiguration eines [[http://www.openldap.org|OpenLDAP]]-Servers wie unter nachfolgendem Link beschrieben, ist das deaktivieren eines **anonymous bind** erforderlich:
+  * [[tachtler:ldap_centos_7#anonymous_bind_deaktivieren|LDAP CentOS 7 - "Anonymous bind" deaktivieren]]
+==== Apache VHOST-Konfiguration ====
+Es soll **__anstelle__ der mitgelieferten Konfigurationsdatei** in nachfolgendem Verzeichnis, mit nachfolgendem Namen:
+  * ''/etc/httpd/conf.d/phpldapadmin.conf''
+ein **virtueller Host** im [[http://httpd.apache.org|Apache HTTP Server]] eingerichtet werden.
+Siehe dazu auch nachfolgende interne Links:
+  * [[tachtler:apache_http_server_centos_7|Apache HTTP Server CentOS 7]]
+  * [[tachtler:apache_http_server_centos_7#basis-konfiguration|Apache HTTP Server CentOS 7 - Basis-Konfiguration]]
+  * [[tachtler:apache_http_server_centos_7#virtuelle_hosts|Apache HTTP Server CentOS 7 - Virtuelle Hosts]]
+Dazu soll zuerst die **mitgelieferte Konfigurationsdatei** mit nachfolgendem Befehl **kopiert** werden:
+<code>
+# cp -a /etc/httpd/conf.d/phpldapadmin.conf /etc/httpd/conf.d/phpldapadmin.conf.orig
+</code>
+Anschließend kann dann der Inhalt der Konfigurationsdatei ''/etc/httpd/conf.d/phpldapadmin.conf'' wie nachfolgend dargestellt entsprechend abgeändert werden:
+(**Komplette Konfigurationsdatei**)
+<code apache>
+#
+# phpldapadmin.tachtler.net (phpLDAPadmin for OpenLDAP)
+#
+<VirtualHost *:80>
+        ServerAdmin webmaster@tachtler.net
+        ServerName phpldapadmin.tachtler.net
+        ServerAlias www.phpldapadmin.tachtler.net
+        ServerPath /
+        DocumentRoot "/usr/share/phpldapadmin/htdocs"
+        <Directory "/usr/share/phpldapadmin/htdocs">
+                Options -Indexes +FollowSymLinks
+                # Tachtler (enable for .htaccess file support)
+                # AllowOverride AuthConfig
+                AllowOverride None
+                # Tachtler (enable for unlimited access)
+		Require all granted
+        </Directory>
+        DirectoryIndex index.php
+        ErrorLog logs/phpldapadmin_error.log
+        SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+        CustomLog logs/phpldapadmin_access.log combined env=!forwarded
+        CustomLog logs/phpldapadmin_access.log combined_proxypass env=forwarded
+</VirtualHost>
+</code>
+===== Apache Neustart =====
+Nach Durchführung der vorhergehenden **Konfigurationsschritte**, sollte einem **Neustart** nichts im Wege stehen und die **Apache VHOST-Konfiguration** angezogen werden:
+<code>
+# systemctl restart httpd.service
+</code>
+:!: **HINWEIS** - **Es erfolgen __keine__ weiteren Ausgaben, wenn der Start erfolgreich war !**
+===== Erster Aufruf =====
+Nachdem die Installation und die Basis-Konfiguration abgeschlossen sind, kann nun der erste Aufruf mit nachfolgender URL erfolgen:
+  * [[http://www.phpldapadmin.tachtler.net]]
+wodurch nachfolgender Bildschirm zur Anzeige kommen sollte, in dem die Anmeldedaten nun eingegeben werden müssen, um eine erfolgreiche Anmeldung durchzuführen:
+{{:tachtler:phpldapadmin:phpldapadmin_-_startseite.png|phpLDAPadmin - Startseite}}
+===== Fehlerbehebung =====
+==== /usr/share/phpldapadmin/locale/de_DE/LC_MESSAGES/messages.mo ====
+Bei der Anzeige eines Objekt im LDAP-Baum, wir der Eintrag für
+  * ''Neues Attribut hinzufügen''
+nicht angezeigt, stattdessen kommt nachfolgende Anzeige zum vorschein:
+{{:tachtler:phpldapadmin:phpldapadmin_-_anzeige_fehlerhaft.png|phpLDAPadmin - fehlerhafte Anzeige}}
+Nachfolgend die fehlerhafte Darstellung:
+<code>
+../../lib/TemplateRender.php:1217
+../../lib/TemplateRender.php:1220
+../../htdocs/add_attr_form.php:29
+../../htdocs/add_attr_form.php:48
+</code>
+Diese fehlerhafte Anzeige, kann durch Austausch der aktuellen **Sprachdatei**
+  * **''/usr/share/phpldapadmin/locale/de_DE/LC_MESSAGES/messages.mo''**
+durch die Version, welche in Vorgängerversion von [[http://phpldapadmin.sourceforge.net/|phpLDAPadmin]] - **Version 1.2.2** - enthalten war, behoben werden.
+Das gesammte **phpldapadmin-1.2.2.zip-Archiv** oder **phpldapadmin-1.2.2.tgz-Archiv**, kann unter nachfolgendem externen Link, mit nachfolgendem Befehl, heruntergeladen werden:
+  * [[https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.2/|phpLADPAdmin - Sourceforge]]
+<code>
+# wget -P /tmp/ https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.2/phpldapadmin-
+.2.2.tgz/download
+--2017-07-31 09:32:08--  https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.2
+/phpldapadmin-1.2.2.tgz/download
+Resolving sourceforge.net (sourceforge.net)... 216.34.181.60
+Connecting to sourceforge.net (sourceforge.net)|216.34.181.60|:443... connected.
+HTTP request sent, awaiting response... 302 Found
+Location: https://downloads.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/1.2.2/phpldapadmin-
+.2.2.tgz?r=&ts=1501486329&use_mirror=netcologne [following]
+--2017-07-31 09:32:09--  https://downloads.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/1.2.2
+/phpldapadmin-1.2.2.tgz?r=&ts=1501486329&use_mirror=netcologne
+Resolving downloads.sourceforge.net (downloads.sourceforge.net)... 216.34.181.59
+Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:443... connected.
+HTTP request sent, awaiting response... 302 Found
+Location: https://netcologne.dl.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/1.2.2/phpldapadmin-
+.2.2.tgz [following]
+--2017-07-31 09:32:09--  https://netcologne.dl.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/1.2.2
+/phpldapadmin-1.2.2.tgz
+Resolving netcologne.dl.sourceforge.net (netcologne.dl.sourceforge.net)... 78.35.24.46, 2001:4dd0:1234:6::5f
+Connecting to netcologne.dl.sourceforge.net (netcologne.dl.sourceforge.net)|78.35.24.46|:443... connected.
+HTTP request sent, awaiting response... 200 OK
+Length: 1415565 (1.3M) [application/octet-stream]
+Saving to: ‘/tmp/download’
+%[======================================>] 1,415,565   1.24MB/s   in 1.1s
+-07-31 09:32:11 (1.24 MB/s) - ‘/tmp/download’ saved [1415565/1415565]
+</code>
+Nach dem entpacken des z.B. ''phpldapadmin-1.2.2.zip''-Archivs nach z.B. ''/tmp'', was mit nachfolgendem Befehl durchgeführt werden kann
+<code>
+# tar xzvf /tmp/download -C /tmp/
+</code>
+und im Verzeichnis ''/tmp'' ein neues Unterverzeichnis
+  * ''phpldapadmin-1.2.2''
+erstellt.
+Anschließend kann eine Sicherungskopie der **Sprachdatei** ''/usr/share/phpldapadmin/locale/de_DE/LC_MESSAGES/messages.mo'' mit nachfolgendem Befehl erstellt werden:
+<code>
+# cp -a /usr/share/phpldapadmin/locale/de_DE/LC_MESSAGES/messages.mo /usr/share/phpldapadmin/locale/de_DE/LC_MESSAGES/messages.mo.orig
+</code>
+Jetzt kann die **Sprachdatei** ''/usr/share/phpldapadmin/locale/de_DE/LC_MESSAGES/messages.mo'' gegen dessen Vorgängerversion mit nachfolgendem Befehl ausgetauscht werden:
+<code>
+# cp -a /tmp/phpldapadmin-1.2.2/locale/de_DE/LC_MESSAGES/messages.mo /usr/share/phpldapadmin/locale/de_DE/LC_MESSAGES/messages.mo
+</code>
+Für zukünftige Updates von [[http://phpldapadmin.sourceforge.net/|phpLDAPadmin]], kann auch eine Sicherungskopie der [[http://phpldapadmin.sourceforge.net/|phpLDAPadmin]] - **Version 1.2.2** noch in das Verzeichnis ''/usr/share/phpldapadmin/locale/de_DE/LC_MESSAGES/'' gelegt werden, was mit nachfolgendem Befehl durchgeführt werden kann und das Herunterladen ersparen kann:
+<code>
+# cp -a /tmp/phpldapadmin-1.2.2/locale/de_DE/LC_MESSAGES/messages.mo /usr/share/phpldapadmin/locale/de_DE/LC_MESSAGES/messages_1.2.2.mo
+</code>
+Zum Abschluss kann nun noch die heruntergeladene [[http://phpldapadmin.sourceforge.net/|phpLDAPadmin]] - **Version 1.2.2** - aus dem ''/tmp''-Verzeichnis gelöscht werden, was nachfolgender Befehl ermöglicht:
+<code>
+# rm -rf /tmp/phpldapadmin-1.2.2
+# rm /tmp/download
+</code>
+Nach Durchführung der vorhergehenden **Konfigurationsschritte**, sollte einem **Neustart** nichts im Wege stehen und die **Apache VHOST-Konfiguration** angezogen werden:
+<code>
+# systemctl restart httpd.service
+</code>
+bzw.
+<code>
+# systemctl restart httpd.service php-fpm.service
+</code>
+:!: **HINWEIS** - **Es erfolgen __keine__ weiteren Ausgaben, wenn der Start erfolgreich war !**
+Anschließend sollte die Anzeige dann wie folgt aussehen:
-:!: FIXME **Hier geht es weiter... / under construction ** FIXME :!:
+{{:tachtler:phpldapadmin:phpldapadmin_-_anzeige_korrigiert.png|phpLDAPadmin - fehlerhafte Anzeige}}