2,7 → 2,7 |
Overview of all config.inc.php settings |
======================================= |
|
The file userdata/baseconfig/config.inc.php contains various settings |
The file **userdata/baseconfig/config.inc.php** contains various settings |
which are essential to connect to your database and other |
things that should be known before the database connection |
is opened. |
10,7 → 10,7 |
and can be accessed using the admin login area. |
|
The setup assistant (/setup/) will lead you through |
the creation of the most important settings of config.inc.php. |
the creation of the most important settings of **config.inc.php**. |
|
Below you will find a list of all possible config settings |
of the default OIDplus installation/plugins. |
20,10 → 20,14 |
(1) Config settings provided by the setup assistant |
--------------------------------------------------- |
|
###CONFIG_VERSION |
|
OIDplus::baseConfig()->setValue('CONFIG_VERSION', 2.1); |
|
Always set to 2.1 in the latest format. |
|
###ADMIN_PASSWORD |
|
OIDplus::baseConfig()->setValue('ADMIN_PASSWORD', '<BCrypt hash, or base64 encoded SHA3-512 hash>'); |
|
If you want to have multiple valid administrator passwords |
30,12 → 34,18 |
(e.g. if you want multiple users), then this value can |
also be an array containing hashes. |
|
###DATABASE_PLUGIN |
|
OIDplus::baseConfig()->setValue('DATABASE_PLUGIN', ''); |
|
Valid values: see plugins (setup/). |
|
###OCI_CONN_STR |
|
OIDplus::baseConfig()->setValue('OCI_CONN_STR', 'localhost/orcl'); |
|
###OCI_* |
|
Can be a Oracle connection string/TNS or a hostname like. |
|
OIDplus::baseConfig()->setValue('OCI_USERNAME', 'hr'); |
43,6 → 53,8 |
|
Used by the Oracle database plugin. |
|
###ODBC_* |
|
OIDplus::baseConfig()->setValue('ODBC_DSN', 'DRIVER={SQL Server};SERVER=localhost;DATABASE=oidplus;CHARSET=UTF8'); |
OIDplus::baseConfig()->setValue('ODBC_USERNAME', 'sa'); |
OIDplus::baseConfig()->setValue('ODBC_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
53,6 → 65,8 |
"looks over your shoulder" at your display while you have the configuration file opened. |
(Obviously, it doesn't protect you if they can make a photo or screenshot) |
|
###PDO_* |
|
OIDplus::baseConfig()->setValue('PDO_DSN', 'pgsql:host=localhost;dbname=oidplus'); |
OIDplus::baseConfig()->setValue('PDO_USERNAME', 'postgres'); |
OIDplus::baseConfig()->setValue('PDO_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
63,6 → 77,8 |
"looks over your shoulder" at your display while you have the configuration file opened. |
(Obviously, it doesn't protect you if they can make a photo or screenshot) |
|
###MYSQL_* |
|
OIDplus::baseConfig()->setValue('MYSQL_HOST', 'localhost:3306'); |
|
The hostname to connect to. Port (:3306) is optional. |
82,6 → 98,8 |
"looks over your shoulder" at your display while you have the configuration file opened. |
(Obviously, it doesn't protect you if they can make a photo or screenshot) |
|
###PGSQL_* |
|
OIDplus::baseConfig()->setValue('PGSQL_HOST', 'localhost:5432'); |
OIDplus::baseConfig()->setValue('PGSQL_SOCKET', ''); |
OIDplus::baseConfig()->setValue('PGSQL_USERNAME', 'postgres'); |
99,6 → 117,8 |
"looks over your shoulder" at your display while you have the configuration file opened. |
(Obviously, it doesn't protect you if they can make a photo or screenshot) |
|
###SQLITE3_* |
|
OIDplus::baseConfig()->setValue('SQLITE3_FILE', 'userdata/database/oidplus.db'); |
OIDplus::baseConfig()->setValue('SQLITE3_ENCRYPTION', ''); |
|
106,10 → 126,14 |
|
The encryption is optional. |
|
###TABLENAME_PREFIX |
|
OIDplus::baseConfig()->setValue('TABLENAME_PREFIX', 'oidplus_'); |
|
Every table has this prefix, e.g. oidplus_config. |
|
###SERVER_SECRET |
|
OIDplus::baseConfig()->setValue('SERVER_SECRET', 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'); |
|
It is very very important that you choose a long sequence of |
117,6 → 141,8 |
security related purposes. If someone accidently received this secret, |
please change the sequence. |
|
###CAPTCHA_PLUGIN |
|
OIDplus::baseConfig()->setValue('CAPTCHA_PLUGIN', 'None'); |
|
Alternative Values (installed plugins) |
124,6 → 150,7 |
- hCaptcha |
- ViaThinkSoft Client Challenge |
|
###RECAPTCHA_VERSION |
|
OIDplus::baseConfig()->setValue('RECAPTCHA_VERSION', \ViaThinkSoft\OIDplus\OIDplusCaptchaPluginRecaptcha::RECAPTCHA_V2_CHECKBOX); |
|
132,6 → 159,7 |
- `\ViaThinkSoft\OIDplus\OIDplusCaptchaPluginRecaptcha::RECAPTCHA_V2_INVISIBLE` |
- `\ViaThinkSoft\OIDplus\OIDplusCaptchaPluginRecaptcha::RECAPTCHA_V3` |
|
###RECAPTCHA_ENABLED |
|
OIDplus::baseConfig()->setValue('RECAPTCHA_ENABLED', true); |
|
139,6 → 167,7 |
- `RECAPTCHA_ENABLED=true` becomes `CAPTCHA_PLUGIN=reCAPTCHA` |
- `RECAPTCHA_ENABLED=false` becomes `CAPTCHA_PLUGIN=None` |
|
###RECAPTCHA_* |
|
OIDplus::baseConfig()->setValue('RECAPTCHA_PUBLIC', ''); |
OIDplus::baseConfig()->setValue('RECAPTCHA_PRIVATE', ''); |
145,11 → 174,23 |
|
Only used if `CAPTCHA_PLUGIN=ReCAPTCHA`. |
|
###HCAPTCHA_* |
|
OIDplus::baseConfig()->setValue('HCAPTCHA_SITEKEY', ''); |
OIDplus::baseConfig()->setValue('HCAPTCHA_SECRET', ''); |
|
Only used if `CAPTCHA_PLUGIN=hCaptcha`. |
|
###VTS_CAPTCHA_* |
|
OIDplus::baseConfig()->setValue('VTS_CAPTCHA_COMPLEXITY', 50000); |
OIDplus::baseConfig()->setValue('VTS_CAPTCHA_AUTOSOLVE', true); |
OIDplus::baseConfig()->setValue('VTS_CAPTCHA_MAXTIME', 10*60/*10 minutes*/); |
|
Only used if `CAPTCHA_PLUGIN=ViaThinkSoft Client Challenge`. |
|
###ENFORCE_SSL |
|
OIDplus::baseConfig()->setValue('ENFORCE_SSL', OIDplus::ENFORCE_SSL_AUTO); |
|
Values are: |
158,13 → 199,6 |
- `OIDplus::ENFORCE_SSL_AUTO` (2) = (auto detect SSL) |
|
|
OIDplus::baseConfig()->setValue('VTS_CAPTCHA_COMPLEXITY', 50000); |
OIDplus::baseConfig()->setValue('VTS_CAPTCHA_AUTOSOLVE', true); |
OIDplus::baseConfig()->setValue('VTS_CAPTCHA_MAXTIME', 10*60/*10 minutes*/); |
|
Only used if `CAPTCHA_PLUGIN=ViaThinkSoft Client Challenge`. |
|
|
(2) System limitations |
---------------------- |
|
171,6 → 205,8 |
The system limitations are defined and documented in includes/oidplus_limits.inc.php |
and can be overwritten by config.inc.php. |
|
###LIMITS_MAX_ID_LENGTH |
|
OIDplus::baseConfig()->setValue('LIMITS_MAX_ID_LENGTH', 255); |
|
Example: OID 2.999.123.456 has a length of 13 characters in dot notation. |
186,6 → 222,8 |
and the OID will have the prefix 'oid:' (4 bytes). |
You can increase the limit by changing the field definition in the database. |
|
###LIMITS_MAX_OID_ASN1_ID_LEN |
|
OIDplus::baseConfig()->setValue('LIMITS_MAX_OID_ASN1_ID_LEN', 255); |
|
Default value: 255 characters |
193,6 → 231,8 |
Maximum value: 255, as defined in the database fields *_asn1id.name |
You can change the database field definition if you really need more. |
|
###LIMITS_MAX_OID_UNICODE_LABEL_LEN |
|
OIDplus::baseConfig()->setValue('LIMITS_MAX_OID_UNICODE_LABEL_LEN', 255); |
|
Default value: 255 bytes (UTF-8 encoded!) |
204,16 → 244,22 |
(3) "Hidden"/undocumented config settings |
----------------------------------------- |
|
###OFFLINE_MODE |
|
OIDplus::baseConfig()->setValue('OFFLINE_MODE', false); |
|
If set to true, OIDplus will not contact other servers. No system registration, |
no hCaptcha, no reCAPTCHA, no system updates, etc. |
|
###OIDINFO_API_URL |
|
OIDplus::baseConfig()->setValue('OIDINFO_API_URL', '<url>'); |
|
Currently only internal use for development utilities (dev/). |
The API to oid-info.com is currently not public. |
|
###REGISTRATION_HIDE_SYSTEM |
|
OIDplus::baseConfig()->setValue('REGISTRATION_HIDE_SYSTEM', true); |
|
Set this if you have a clone of a productive system and you want |
221,6 → 267,8 |
(which would overwrite the URL of the productive system and reveal |
the URL of your testing system) |
|
###MYSQL_FORCE_MYSQLND_SUPPLEMENT |
|
OIDplus::baseConfig()->setValue('MYSQL_FORCE_MYSQLND_SUPPLEMENT', false); |
|
The MySQLi plugin contains a supplement code to handle |
228,6 → 276,8 |
installed. Set this flag to force the supplement to be used, |
even if MySQLnd is available. (For testing purposes only) |
|
###QUERY_LOGFILE |
|
OIDplus::baseConfig()->setValue('QUERY_LOGFILE', ''); |
|
Set this setting to a filename where all queries including timestamps would be written. |
234,15 → 284,21 |
This is used for performance analysis. |
Please choose a directory that cannot be accessed by world-wide. |
|
###SESSION_LIFETIME |
|
OIDplus::baseConfig()->setValue('SESSION_LIFETIME', 30*60); |
|
Session lifetime in seconds. |
|
###OBJECT_CACHING |
|
OIDplus::baseConfig()->setValue('OBJECT_CACHING', true); |
|
Object caching reads all objects in the memory. This increases performance |
performance but also increases memory usage on large databases. |
|
###FORCE_DBMS_SLANG |
|
OIDplus::baseConfig()->setValue('FORCE_DBMS_SLANG', ''); |
|
Currently valid values: |
253,6 → 309,7 |
- `pgsql` |
- `sqlite` |
|
###PREPARED_STATEMENTS_EMULATION |
|
OIDplus::baseConfig()->setValue('PREPARED_STATEMENTS_EMULATION', 'auto'); |
|
261,6 → 318,7 |
- `'on'` = Always emulate prepared statements |
- `'off'` = Never emulate prepared statements |
|
###MINIFY_CSS |
|
OIDplus::baseConfig()->setValue('MINIFY_CSS', true); |
|
268,6 → 326,7 |
- Compressed approx: 220 KB |
- Uncompressed approx: 224 KB |
|
###MINIFY_JS |
|
OIDplus::baseConfig()->setValue('MINIFY_JS', true); |
|
279,6 → 338,7 |
- Compressed approx: 1133 KB |
- Unompressed approx: 2761 KB |
|
###DISABLE_PLUGIN_* |
|
OIDplus::baseConfig()->setValue('DISABLE_PLUGIN_...', true); |
|
292,6 → 352,8 |
`"DISABLE_PLUGIN_ViaThinkSoft\OIDplus\OIDplusLoggerPluginUserdataLogfile"` |
disables the plugin "logger/300_userdata_logfile". |
|
###DISABLE_AJAX_TRANSACTIONS |
|
OIDplus::baseConfig()->setValue('DISABLE_AJAX_TRANSACTIONS', false); |
|
This will disable the usage of database transactions in ajax.php |
299,6 → 361,8 |
It might result in inconsistent data e.g. if you update an OID |
and an error occurs in the middle of that process. |
|
###CANONICAL_SYSTEM_URL |
|
OIDplus::baseConfig()->setValue('CANONICAL_SYSTEM_URL', ''); |
|
Setting this value to a system URL will override the absolute system URL detection. |
320,6 → 384,7 |
OIDplus runs on a system (which detects itself as "X"), |
while the canonical URL "Y" is a reverse-proxy. |
|
###DEBUG |
|
OIDplus::baseConfig()->setValue('DEBUG', false); |
|
331,6 → 396,8 |
However, after installing a new plugin, you might want to enable |
it for a few minutes, to make sure the plugin is working correctly. |
|
###COOKIE_SAMESITE_POLICY |
|
OIDplus::baseConfig()->setValue('COOKIE_SAMESITE_POLICY', 'Strict'); |
|
Defined which "SameSite" policy should be used for the cookies OIDplus uses. |
342,6 → 409,8 |
However, OIDplus itself provides an Anti-CSRF mechanism, so you should be |
still safe. |
|
###COOKIE_DOMAIN |
|
OIDplus::baseConfig()->setValue('COOKIE_DOMAIN', ''); |
|
Can be used to increase security by setting an explicit domain-name in the cookies. |
348,6 → 417,8 |
Set to '' (empty string) to allow all (sub)domains. |
Set to '(auto)' to automatically detect the domain based on the absolute canonical path. |
|
###COOKIE_PATH |
|
OIDplus::baseConfig()->setValue('COOKIE_PATH', '/'); |
|
Can be used to increase security by setting an explicit pathname in the cookies. |
356,15 → 427,20 |
Note: If supported, you can use Apache's "ProxyPassReverseCookiePath" to translate |
the cookie path in a reverse-proxy setting. |
|
###RA_PASSWORD_PEPPER |
|
OIDplus::baseConfig()->getValue('RA_PASSWORD_PEPPER', ''); |
|
The pepper is stored inside the base configuration file |
It prevents that an attacker with SQL write rights can |
create accounts. |
|
ATTENTION!!! If a pepper is used, then the |
hashes are bound to that pepper. If you change the pepper, |
then ALL passwords of RAs become INVALID! |
|
###RA_PASSWORD_PEPPER_ALGO |
|
OIDplus::baseConfig()->getValue('RA_PASSWORD_PEPPER_ALGO', 'sha512'); |
|
The pepper is stored inside the base configuration file |
374,6 → 450,8 |
hashes are bound to that pepper. If you change the pepper, |
then ALL passwords of RAs become INVALID! |
|
###DEFAULT_LANGUAGE |
|
OIDplus::baseConfig()->setValue('DEFAULT_LANGUAGE', 'enus'); |
|
Default language of the system. This is the language |
389,10 → 467,14 |
|
(see also document ldap_installation.md) |
|
###LDAP_ENABLED |
|
OIDplus::baseConfig()->setValue('LDAP_ENABLED', true); |
|
Set to true if you want to enable that users can log-in using LDAP / ActiveDirectory. |
|
###LDAP_NUM_DOMAINS |
|
OIDplus::baseConfig()->setValue('LDAP_NUM_DOMAINS', 1); |
|
Contains the number of domains/servers which are used. |
402,27 → 484,39 |
LDAP_BASE_DN__2 |
... |
|
###LDAP_SERVER |
|
OIDplus::baseConfig()->setValue('LDAP_SERVER', 'ldap://server1.contoso.local'); |
|
The LDAP server of your company. |
|
###LDAP_PORT |
|
OIDplus::baseConfig()->setValue('LDAP_PORT', 389); |
|
The port of the LDAP server. |
|
###LDAP_BASE_DN |
|
OIDplus::baseConfig()->setValue('LDAP_BASE_DN', 'DC=CONTOSO,DC=local'); |
|
The base Distinguished Name (DN) of your directory. |
|
###LDAP_UPN_SUFFIX |
|
OIDplus::baseConfig()->setValue('LDAP_UPN_SUFFIX', '@contoso.local'); |
|
The UPN suffix of this domain. |
|
###LDAP_AUTHENTICATE_UPN |
|
OIDplus::baseConfig()->setValue('LDAP_AUTHENTICATE_UPN', true); |
|
In the login mask, the users will log in using the UPN ("principal name") e.g. username@contoso.local, |
and in OIDplus, a RA account with an email equal to the UPN will be created. |
|
###LDAP_AUTHENTICATE_EMAIL |
|
OIDplus::baseConfig()->setValue('LDAP_AUTHENTICATE_EMAIL', false); |
|
In the login mask, the users will log in using the UPN ("principal name") e.g. username@contoso.local, |
433,6 → 527,8 |
e.g. email address. If this is the case, you must not enable this setting, otherwise, |
users could authenticate with any address! |
|
###LDAP_ADMIN_GROUP |
|
OIDplus::baseConfig()->setValue('LDAP_ADMIN_GROUP', ''); |
|
If set to an empty string, the OIDplus administrator account cannot be accessed using LDAP authentication. |
444,6 → 540,7 |
- `CN=OIDplus Administrators,CN=Users,DC=CONTOSO,DC=local` |
makes every user of the group (OIDplus Administrators) to OIDplus administrators |
|
###LDAP_RA_GROUP |
|
OIDplus::baseConfig()->setValue('LDAP_RA_GROUP', ''); |
|
457,6 → 554,8 |
|
(see also document google_oauth2_installation.md) |
|
###GOOGLE_OAUTH2_* |
|
OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_ENABLED', true); |
OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_CLIENT_ID', '..............apps.googleusercontent.com'); |
OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_CLIENT_SECRET', '.............'); |
467,6 → 566,8 |
|
(see also document facebook_oauth2_installation.md) |
|
###FACEBOOK_OAUTH2_* |
|
OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_ENABLED', true); |
OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_CLIENT_ID', '.............'); // Your App ID |
OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_CLIENT_SECRET', '.............'); // Your App Secret |
480,24 → 581,34 |
This feature is used in the plugins "Automated AJAX calls" for admins and RAs. |
With these switches you can disable this feature. |
|
###JWT_ALLOW_AJAX_ADMIN |
|
OIDplus::baseConfig()->setValue('JWT_ALLOW_AJAX_ADMIN', true); |
|
Allow JWT tokens that were created using the admin-plugin |
"Automated AJAX calls". |
|
###JWT_ALLOW_AJAX_USER |
|
OIDplus::baseConfig()->setValue('JWT_ALLOW_AJAX_USER', true); |
|
Allow JWT tokens that were created using the RA-plugin |
"Automated AJAX calls". |
|
###JWT_ALLOW_LOGIN_ADMIN |
|
OIDplus::baseConfig()->setValue('JWT_ALLOW_LOGIN_ADMIN', true); |
|
Allow "Remember me" logins for the administrator account. |
|
###JWT_ALLOW_LOGIN_USER |
|
OIDplus::baseConfig()->setValue('JWT_ALLOW_LOGIN_USER', true); |
|
Allow "Remember me" logins for a RA. |
|
###JWT_ALLOW_MANUAL |
|
OIDplus::baseConfig()->setValue('JWT_ALLOW_MANUAL', false); |
|
Allow JWT tokens which were manually created "by hand". |
504,11 → 615,15 |
These can have any content you like, but they must |
contain the claim "oidplus_generator" with value "2". |
|
###JWT_TTL_LOGIN_USER |
|
OIDplus::baseConfig()->setValue('JWT_TTL_LOGIN_USER', 10*365*24*60*60); |
|
How many seconds will a "remember me" login JWT token be valid? |
(RA login) |
|
###JWT_TTL_LOGIN_ADMIN |
|
OIDplus::baseConfig()->setValue('JWT_TTL_LOGIN_ADMIN', 10*365*24*60*60); |
|
How many seconds will a "remember me" login JWT token be valid? |
518,6 → 633,8 |
(8) Third-party plugins |
----------------------- |
|
###FrdlWeb RDAP plugin |
|
OIDplus::baseConfig()->setValue('RDAP_CACHE_ENABLED', false ); |
OIDplus::baseConfig()->setValue('RDAP_CACHE_DIRECTORY', OIDplus::localpath().'userdata/cache/' ); |
OIDplus::baseConfig()->setValue('RDAP_BASE_URI', OIDplus::webpath() ); |