Rev 1296 | Rev 1305 | Go to most recent revision | Only display areas with differences | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 1296 | Rev 1300 | ||
---|---|---|---|
1 | 1 | ||
2 | Overview of all config.inc.php settings |
2 | Overview of all config.inc.php settings |
3 | ======================================= |
3 | ======================================= |
4 | 4 | ||
5 | The file **userdata/baseconfig/config.inc.php** contains various settings |
5 | The file **userdata/baseconfig/config.inc.php** contains various settings |
6 | which are essential to connect to your database and other |
6 | which are essential to connect to your database and other |
7 | things that should be known before the database connection |
7 | things that should be known before the database connection |
8 | is opened. |
8 | is opened. |
9 | Other settings are stored in the database (table "config") |
9 | Other settings are stored in the database (table "config") |
10 | and can be accessed using the admin login area. |
10 | and can be accessed using the admin login area. |
11 | 11 | ||
12 | The setup assistant (/setup/) will lead you through |
12 | The setup assistant (/setup/) will lead you through |
13 | the creation of the most important settings of **config.inc.php**. |
13 | the creation of the most important settings of **config.inc.php**. |
14 | 14 | ||
15 | Below you will find a list of all possible config settings |
15 | Below you will find a list of all possible config settings |
16 | of the default OIDplus installation/plugins. |
16 | of the default OIDplus installation/plugins. |
17 | Please note that a plugin can define any key. |
17 | Please note that a plugin can define any key. |
18 | 18 | ||
19 | 19 | ||
20 | (1) Config settings provided by the setup assistant |
20 | (1) Config settings provided by the setup assistant |
21 | --------------------------------------------------- |
21 | --------------------------------------------------- |
22 | 22 | ||
23 | ### CONFIG_VERSION |
23 | ### CONFIG_VERSION |
24 | 24 | ||
25 | OIDplus::baseConfig()->setValue('CONFIG_VERSION', 2.1); |
25 | OIDplus::baseConfig()->setValue('CONFIG_VERSION', 2.1); |
26 | 26 | ||
27 | Always set to 2.1 in the latest format. |
27 | Always set to 2.1 in the latest format. |
28 | 28 | ||
29 | ### ADMIN_PASSWORD |
29 | ### ADMIN_PASSWORD |
30 | 30 | ||
31 | OIDplus::baseConfig()->setValue('ADMIN_PASSWORD', '<BCrypt hash, or base64 encoded SHA3-512 hash>'); |
31 | OIDplus::baseConfig()->setValue('ADMIN_PASSWORD', '<BCrypt hash, or base64 encoded SHA3-512 hash>'); |
32 | 32 | ||
33 | If you want to have multiple valid administrator passwords |
33 | If you want to have multiple valid administrator passwords |
34 | (e.g. if you want multiple users), then this value can |
34 | (e.g. if you want multiple users), then this value can |
35 | also be an array containing hashes. |
35 | also be an array containing hashes. |
36 | 36 | ||
37 | ### DATABASE_PLUGIN |
37 | ### DATABASE_PLUGIN |
38 | 38 | ||
39 | OIDplus::baseConfig()->setValue('DATABASE_PLUGIN', ''); |
39 | OIDplus::baseConfig()->setValue('DATABASE_PLUGIN', ''); |
40 | 40 | ||
41 | Valid values: see plugins (setup/). |
41 | Valid values: see plugins (setup/). |
42 | 42 | ||
43 | ### OCI_CONN_STR |
43 | ### OCI_CONN_STR |
44 | 44 | ||
45 | OIDplus::baseConfig()->setValue('OCI_CONN_STR', 'localhost/orcl'); |
45 | OIDplus::baseConfig()->setValue('OCI_CONN_STR', 'localhost/orcl'); |
46 | 46 | ||
47 | ### OCI_* |
47 | ### OCI_* |
48 | 48 | ||
49 | Can be a Oracle connection string/TNS or a hostname like. |
49 | Can be a Oracle connection string/TNS or a hostname like. |
50 | 50 | ||
51 | OIDplus::baseConfig()->setValue('OCI_USERNAME', 'hr'); |
51 | OIDplus::baseConfig()->setValue('OCI_USERNAME', 'hr'); |
52 | OIDplus::baseConfig()->setValue('OCI_PASSWORD', 'oracle'); |
52 | OIDplus::baseConfig()->setValue('OCI_PASSWORD', 'oracle'); |
53 | 53 | ||
54 | Used by the Oracle database plugin. |
54 | Used by the Oracle database plugin. |
55 | 55 | ||
56 | ### ODBC_* |
56 | ### ODBC_* |
57 | 57 | ||
58 | OIDplus::baseConfig()->setValue('ODBC_DSN', 'DRIVER={SQL Server};SERVER=localhost;DATABASE=oidplus;CHARSET=UTF8'); |
58 | OIDplus::baseConfig()->setValue('ODBC_DSN', 'DRIVER={SQL Server};SERVER=localhost;DATABASE=oidplus;CHARSET=UTF8'); |
59 | OIDplus::baseConfig()->setValue('ODBC_USERNAME', 'sa'); |
59 | OIDplus::baseConfig()->setValue('ODBC_USERNAME', 'sa'); |
60 | OIDplus::baseConfig()->setValue('ODBC_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
60 | OIDplus::baseConfig()->setValue('ODBC_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
61 | 61 | ||
62 | Used by the ODBC database plugin. |
62 | Used by the ODBC database plugin. |
63 | 63 | ||
64 | Username and password are not required if you want to use SQL Server Integrated Security, |
64 | Username and password are not required if you want to use SQL Server Integrated Security, |
65 | or if the DBMS does not require credentials (e.g. a File DB). |
65 | or if the DBMS does not require credentials (e.g. a File DB). |
66 | 66 | ||
67 | The base64 encoding protects your password from being read if someone |
67 | The base64 encoding protects your password from being read if someone |
68 | "looks over your shoulder" at your display while you have the configuration file opened. |
68 | "looks over your shoulder" at your display while you have the configuration file opened. |
69 | (Obviously, it doesn't protect you if they can make a photo or screenshot) |
69 | (Obviously, it doesn't protect you if they can make a photo or screenshot) |
70 | 70 | ||
71 | ### PDO_* |
71 | ### PDO_* |
72 | 72 | ||
73 | OIDplus::baseConfig()->setValue('PDO_DSN', 'pgsql:host=localhost;dbname=oidplus'); |
73 | OIDplus::baseConfig()->setValue('PDO_DSN', 'pgsql:host=localhost;dbname=oidplus'); |
74 | OIDplus::baseConfig()->setValue('PDO_USERNAME', 'postgres'); |
74 | OIDplus::baseConfig()->setValue('PDO_USERNAME', 'postgres'); |
75 | OIDplus::baseConfig()->setValue('PDO_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
75 | OIDplus::baseConfig()->setValue('PDO_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
76 | 76 | ||
77 | Used by the PDO datbase plugin. |
77 | Used by the PDO datbase plugin. |
78 | 78 | ||
79 | Username and password are not required if you want to use SQL Server Integrated Security, |
79 | Username and password are not required if you want to use SQL Server Integrated Security, |
80 | or if the DBMS does not require credentials (e.g. a File DB). |
80 | or if the DBMS does not require credentials (e.g. a File DB). |
81 | 81 | ||
82 | The base64 encoding protects your password from being read if someone |
82 | The base64 encoding protects your password from being read if someone |
83 | "looks over your shoulder" at your display while you have the configuration file opened. |
83 | "looks over your shoulder" at your display while you have the configuration file opened. |
84 | (Obviously, it doesn't protect you if they can make a photo or screenshot) |
84 | (Obviously, it doesn't protect you if they can make a photo or screenshot) |
85 | 85 | ||
86 | ### ADO_* |
86 | ### ADO_* |
87 | 87 | ||
88 | OIDplus::baseConfig()->setValue('ADO_CONNECTION_STRING', 'Provider=MSOLEDBSQL;Data Source=LOCALHOST\SQLEXPRESS;Initial Catalog=oidplus;Integrated Security=SSPI'); |
88 | OIDplus::baseConfig()->setValue('ADO_CONNECTION_STRING', 'Provider=MSOLEDBSQL;Data Source=LOCALHOST\SQLEXPRESS;Initial Catalog=oidplus;Integrated Security=SSPI'); |
89 | 89 | ||
90 | Used by the ADO datbase plugin. |
90 | Used by the ADO datbase plugin. |
91 | 91 | ||
92 | ### SQLSRV_* |
92 | ### SQLSRV_* |
93 | 93 | ||
94 | OIDplus::baseConfig()->setValue('SQLSRV_SERVER', 'localhost\oidplus'); |
94 | OIDplus::baseConfig()->setValue('SQLSRV_SERVER', 'localhost\oidplus'); |
95 | OIDplus::baseConfig()->setValue('SQLSRV_USERNAME', ''); |
95 | OIDplus::baseConfig()->setValue('SQLSRV_USERNAME', ''); |
96 | OIDplus::baseConfig()->setValue('SQLSRV_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
96 | OIDplus::baseConfig()->setValue('SQLSRV_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
97 | OIDplus::baseConfig()->setValue('SQLSRV_DATABASE', 'oidplus'); |
97 | OIDplus::baseConfig()->setValue('SQLSRV_DATABASE', 'oidplus'); |
98 | OIDplus::baseConfig()->setValue('SQLSRV_OPTIONS', array()); |
98 | OIDplus::baseConfig()->setValue('SQLSRV_OPTIONS', array()); |
99 | 99 | ||
100 | Used by the SQLSRV datbase plugin. |
100 | Used by the SQLSRV datbase plugin. |
101 | 101 | ||
102 | SQLSRV_OPTIONS can be filled with various connection info options |
102 | SQLSRV_OPTIONS can be filled with various connection info options |
103 | (see PHP documentation for sqlsrv_connect). |
103 | (see PHP documentation for sqlsrv_connect). |
104 | The following fields will be automatically filled if they are not explicitly overridden: |
104 | The following fields will be automatically filled if they are not explicitly overridden: |
105 | - `UID` will be filled with `SQLSRV_USERNAME` |
105 | - `UID` will be filled with `SQLSRV_USERNAME` |
106 | - `PWD` will be filled with `SQLSRV_PASSWORD` |
106 | - `PWD` will be filled with `SQLSRV_PASSWORD` |
107 | - `Database` will be filled with `SQLSRV_DATABASE` |
107 | - `Database` will be filled with `SQLSRV_DATABASE` |
108 | - `CharacterSet` will be filled with `"UTF-8"` |
108 | - `CharacterSet` will be filled with `"UTF-8"` |
109 | 109 | ||
110 | Username and password are not required if you want to use SQL Server Integrated Security, |
110 | Username and password are not required if you want to use SQL Server Integrated Security, |
111 | or if the DBMS does not require credentials (e.g. a File DB). |
111 | or if the DBMS does not require credentials (e.g. a File DB). |
112 | 112 | ||
113 | The base64 encoding protects your password from being read if someone |
113 | The base64 encoding protects your password from being read if someone |
114 | "looks over your shoulder" at your display while you have the configuration file opened. |
114 | "looks over your shoulder" at your display while you have the configuration file opened. |
115 | (Obviously, it doesn't protect you if they can make a photo or screenshot) |
115 | (Obviously, it doesn't protect you if they can make a photo or screenshot) |
116 | 116 | ||
117 | ### MYSQL_* |
117 | ### MYSQL_* |
118 | 118 | ||
119 | OIDplus::baseConfig()->setValue('MYSQL_HOST', 'localhost:3306'); |
119 | OIDplus::baseConfig()->setValue('MYSQL_HOST', 'localhost:3306'); |
120 | 120 | ||
121 | The hostname to connect to. Port (:3306) is optional. |
121 | The hostname to connect to. Port (:3306) is optional. |
122 | 122 | ||
123 | OIDplus::baseConfig()->setValue('MYSQL_SOCKET', ''); |
123 | OIDplus::baseConfig()->setValue('MYSQL_SOCKET', ''); |
124 | 124 | ||
125 | In case you connect via MySQL through a socket, use this setting. |
125 | In case you connect via MySQL through a socket, use this setting. |
126 | (It is currently not included in setup/ and needs to be set manually). |
126 | (It is currently not included in setup/ and needs to be set manually). |
127 | 127 | ||
128 | OIDplus::baseConfig()->setValue('MYSQL_USERNAME', 'root'); |
128 | OIDplus::baseConfig()->setValue('MYSQL_USERNAME', 'root'); |
129 | OIDplus::baseConfig()->setValue('MYSQL_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
129 | OIDplus::baseConfig()->setValue('MYSQL_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
130 | OIDplus::baseConfig()->setValue('MYSQL_DATABASE', 'oidplus'); |
130 | OIDplus::baseConfig()->setValue('MYSQL_DATABASE', 'oidplus'); |
131 | 131 | ||
132 | Used by the MySQL database plugin. |
132 | Used by the MySQL database plugin. |
133 | 133 | ||
134 | The base64 encoding protects your password from being read if someone |
134 | The base64 encoding protects your password from being read if someone |
135 | "looks over your shoulder" at your display while you have the configuration file opened. |
135 | "looks over your shoulder" at your display while you have the configuration file opened. |
136 | (Obviously, it doesn't protect you if they can make a photo or screenshot) |
136 | (Obviously, it doesn't protect you if they can make a photo or screenshot) |
137 | 137 | ||
138 | ### PGSQL_* |
138 | ### PGSQL_* |
139 | 139 | ||
140 | OIDplus::baseConfig()->setValue('PGSQL_HOST', 'localhost:5432'); |
140 | OIDplus::baseConfig()->setValue('PGSQL_HOST', 'localhost:5432'); |
141 | OIDplus::baseConfig()->setValue('PGSQL_SOCKET', ''); |
141 | OIDplus::baseConfig()->setValue('PGSQL_SOCKET', ''); |
142 | OIDplus::baseConfig()->setValue('PGSQL_USERNAME', 'postgres'); |
142 | OIDplus::baseConfig()->setValue('PGSQL_USERNAME', 'postgres'); |
143 | OIDplus::baseConfig()->setValue('PGSQL_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
143 | OIDplus::baseConfig()->setValue('PGSQL_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
144 | OIDplus::baseConfig()->setValue('PGSQL_DATABASE', 'oidplus'); |
144 | OIDplus::baseConfig()->setValue('PGSQL_DATABASE', 'oidplus'); |
145 | 145 | ||
146 | Used by the PgSQL databse plugin. |
146 | Used by the PgSQL databse plugin. |
147 | 147 | ||
148 | The hostname to connect to. Port (:5432) is optional. |
148 | The hostname to connect to. Port (:5432) is optional. |
149 | 149 | ||
150 | In case you connect via PostgreSQL through a socket, use this setting. |
150 | In case you connect via PostgreSQL through a socket, use this setting. |
151 | (It is currently not included in setup/ and needs to be set manually). |
151 | (It is currently not included in setup/ and needs to be set manually). |
152 | 152 | ||
153 | The base64 encoding protects your password from being read if someone |
153 | The base64 encoding protects your password from being read if someone |
154 | "looks over your shoulder" at your display while you have the configuration file opened. |
154 | "looks over your shoulder" at your display while you have the configuration file opened. |
155 | (Obviously, it doesn't protect you if they can make a photo or screenshot) |
155 | (Obviously, it doesn't protect you if they can make a photo or screenshot) |
156 | 156 | ||
157 | ### SQLITE3_* |
157 | ### SQLITE3_* |
158 | 158 | ||
159 | OIDplus::baseConfig()->setValue('SQLITE3_FILE', 'userdata/database/oidplus.db'); |
159 | OIDplus::baseConfig()->setValue('SQLITE3_FILE', 'userdata/database/oidplus.db'); |
160 | OIDplus::baseConfig()->setValue('SQLITE3_ENCRYPTION', ''); |
160 | OIDplus::baseConfig()->setValue('SQLITE3_ENCRYPTION', ''); |
161 | 161 | ||
162 | Attention: This file must be located in a location that is not world-readable/downloadable! |
162 | Attention: This file must be located in a location that is not world-readable/downloadable! |
163 | 163 | ||
164 | The encryption is optional. |
164 | The encryption is optional. |
165 | 165 | ||
166 | ### TABLENAME_PREFIX |
166 | ### TABLENAME_PREFIX |
167 | 167 | ||
168 | OIDplus::baseConfig()->setValue('TABLENAME_PREFIX', 'oidplus_'); |
168 | OIDplus::baseConfig()->setValue('TABLENAME_PREFIX', 'oidplus_'); |
169 | 169 | ||
170 | Every table has this prefix, e.g. oidplus_config. |
170 | Every table has this prefix, e.g. oidplus_config. |
171 | 171 | ||
172 | ### SERVER_SECRET |
172 | ### SERVER_SECRET |
173 | 173 | ||
174 | OIDplus::baseConfig()->setValue('SERVER_SECRET', 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'); |
174 | OIDplus::baseConfig()->setValue('SERVER_SECRET', 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'); |
175 | 175 | ||
176 | It is very very important that you choose a long sequence of |
176 | It is very very important that you choose a long sequence of |
177 | random characters. OIDplus uses this secret for various |
177 | random characters. OIDplus uses this secret for various |
178 | security related purposes. If someone accidently received this secret, |
178 | security related purposes. If someone accidently received this secret, |
179 | please change the sequence. |
179 | please change the sequence. |
180 | 180 | ||
181 | ### CAPTCHA_PLUGIN |
181 | ### CAPTCHA_PLUGIN |
182 | 182 | ||
183 | OIDplus::baseConfig()->setValue('CAPTCHA_PLUGIN', 'None'); |
183 | OIDplus::baseConfig()->setValue('CAPTCHA_PLUGIN', 'None'); |
184 | 184 | ||
185 | Alternative Values (installed plugins) |
185 | Alternative Values (installed plugins) |
186 | - `reCAPTCHA` |
186 | - `reCAPTCHA` |
187 | - `hCaptcha` |
187 | - `hCaptcha` |
188 | - `ViaThinkSoft Client Challenge` |
188 | - `ViaThinkSoft Client Challenge` |
189 | 189 | ||
190 | Please note that the value is case-sensitive. |
190 | Please note that the value is case-sensitive. |
191 | 191 | ||
192 | ### RECAPTCHA_VERSION |
192 | ### RECAPTCHA_VERSION |
193 | 193 | ||
194 | OIDplus::baseConfig()->setValue('RECAPTCHA_VERSION', \ViaThinkSoft\OIDplus\OIDplusCaptchaPluginRecaptcha::RECAPTCHA_V2_CHECKBOX); |
194 | OIDplus::baseConfig()->setValue('RECAPTCHA_VERSION', \ViaThinkSoft\OIDplus\OIDplusCaptchaPluginRecaptcha::RECAPTCHA_V2_CHECKBOX); |
195 | 195 | ||
196 | Possible values: |
196 | Possible values: |
197 | - `\ViaThinkSoft\OIDplus\OIDplusCaptchaPluginRecaptcha::RECAPTCHA_V2_CHECKBOX` |
197 | - `\ViaThinkSoft\OIDplus\OIDplusCaptchaPluginRecaptcha::RECAPTCHA_V2_CHECKBOX` |
198 | - `\ViaThinkSoft\OIDplus\OIDplusCaptchaPluginRecaptcha::RECAPTCHA_V2_INVISIBLE` |
198 | - `\ViaThinkSoft\OIDplus\OIDplusCaptchaPluginRecaptcha::RECAPTCHA_V2_INVISIBLE` |
199 | - `\ViaThinkSoft\OIDplus\OIDplusCaptchaPluginRecaptcha::RECAPTCHA_V3` |
199 | - `\ViaThinkSoft\OIDplus\OIDplusCaptchaPluginRecaptcha::RECAPTCHA_V3` |
200 | 200 | ||
201 | ### RECAPTCHA_ENABLED |
201 | ### RECAPTCHA_ENABLED |
202 | 202 | ||
203 | OIDplus::baseConfig()->setValue('RECAPTCHA_ENABLED', true); |
203 | OIDplus::baseConfig()->setValue('RECAPTCHA_ENABLED', true); |
204 | 204 | ||
205 | Deprecated! |
205 | Deprecated! |
206 | - `RECAPTCHA_ENABLED=true` becomes `CAPTCHA_PLUGIN=reCAPTCHA` |
206 | - `RECAPTCHA_ENABLED=true` becomes `CAPTCHA_PLUGIN=reCAPTCHA` |
207 | - `RECAPTCHA_ENABLED=false` becomes `CAPTCHA_PLUGIN=None` |
207 | - `RECAPTCHA_ENABLED=false` becomes `CAPTCHA_PLUGIN=None` |
208 | 208 | ||
209 | ### RECAPTCHA_* |
209 | ### RECAPTCHA_* |
210 | 210 | ||
211 | OIDplus::baseConfig()->setValue('RECAPTCHA_PUBLIC', ''); |
211 | OIDplus::baseConfig()->setValue('RECAPTCHA_PUBLIC', ''); |
212 | OIDplus::baseConfig()->setValue('RECAPTCHA_PRIVATE', ''); |
212 | OIDplus::baseConfig()->setValue('RECAPTCHA_PRIVATE', ''); |
213 | 213 | ||
214 | Only used if `CAPTCHA_PLUGIN=reCAPTCHA`. |
214 | Only used if `CAPTCHA_PLUGIN=reCAPTCHA`. |
215 | 215 | ||
216 | ### HCAPTCHA_* |
216 | ### HCAPTCHA_* |
217 | 217 | ||
218 | OIDplus::baseConfig()->setValue('HCAPTCHA_SITEKEY', ''); |
218 | OIDplus::baseConfig()->setValue('HCAPTCHA_SITEKEY', ''); |
219 | OIDplus::baseConfig()->setValue('HCAPTCHA_SECRET', ''); |
219 | OIDplus::baseConfig()->setValue('HCAPTCHA_SECRET', ''); |
220 | 220 | ||
221 | Only used if `CAPTCHA_PLUGIN=hCaptcha`. |
221 | Only used if `CAPTCHA_PLUGIN=hCaptcha`. |
222 | 222 | ||
223 | ### VTS_CAPTCHA_* |
223 | ### VTS_CAPTCHA_* |
224 | 224 | ||
225 | OIDplus::baseConfig()->setValue('VTS_CAPTCHA_COMPLEXITY', 50000); |
225 | OIDplus::baseConfig()->setValue('VTS_CAPTCHA_COMPLEXITY', 50000); |
226 | OIDplus::baseConfig()->setValue('VTS_CAPTCHA_AUTOSOLVE', true); |
226 | OIDplus::baseConfig()->setValue('VTS_CAPTCHA_AUTOSOLVE', true); |
227 | OIDplus::baseConfig()->setValue('VTS_CAPTCHA_MAXTIME', 10*60/*10 minutes*/); |
227 | OIDplus::baseConfig()->setValue('VTS_CAPTCHA_MAXTIME', 10*60/*10 minutes*/); |
228 | 228 | ||
229 | Only used if `CAPTCHA_PLUGIN=ViaThinkSoft Client Challenge`. |
229 | Only used if `CAPTCHA_PLUGIN=ViaThinkSoft Client Challenge`. |
230 | 230 | ||
231 | ### ENFORCE_SSL |
231 | ### ENFORCE_SSL |
232 | 232 | ||
233 | OIDplus::baseConfig()->setValue('ENFORCE_SSL', OIDplus::ENFORCE_SSL_AUTO); |
233 | OIDplus::baseConfig()->setValue('ENFORCE_SSL', OIDplus::ENFORCE_SSL_AUTO); |
234 | 234 | ||
235 | Values are: |
235 | Values are: |
236 | - `OIDplus::ENFORCE_SSL_NO` (0) = (off) |
236 | - `OIDplus::ENFORCE_SSL_NO` (0) = (off) |
237 | - `OIDplus::ENFORCE_SSL_YES` (1) = (on) |
237 | - `OIDplus::ENFORCE_SSL_YES` (1) = (on) |
238 | - `OIDplus::ENFORCE_SSL_AUTO` (2) = (auto detect SSL) |
238 | - `OIDplus::ENFORCE_SSL_AUTO` (2) = (auto detect SSL) |
239 | 239 | ||
240 | 240 | ||
241 | (2) System limitations |
241 | (2) System limitations |
242 | ---------------------- |
242 | ---------------------- |
243 | 243 | ||
244 | The system limitations are defined and documented in includes/oidplus_limits.inc.php |
244 | The system limitations are defined and documented in includes/oidplus_limits.inc.php |
245 | and can be overwritten by config.inc.php. |
245 | and can be overwritten by config.inc.php. |
246 | 246 | ||
247 | ### LIMITS_MAX_ID_LENGTH |
247 | ### LIMITS_MAX_ID_LENGTH |
248 | 248 | ||
249 | OIDplus::baseConfig()->setValue('LIMITS_MAX_ID_LENGTH', 255); |
249 | OIDplus::baseConfig()->setValue('LIMITS_MAX_ID_LENGTH', 255); |
250 | 250 | ||
251 | Example: OID 2.999.123.456 has a length of 13 characters in dot notation. |
251 | Example: OID 2.999.123.456 has a length of 13 characters in dot notation. |
252 | OIDplus adds the prefix "oid:" in front of every OID, |
252 | OIDplus adds the prefix "oid:" in front of every OID, |
253 | so the overal length of the ID would be 17. |
253 | so the overal length of the ID would be 17. |
254 | 254 | ||
255 | Default value: 255 digits (OIDs 251 digits) |
255 | Default value: 255 digits (OIDs 251 digits) |
256 | 256 | ||
257 | Which value is realistic? In the oid-info.com database (April 2020), the OID with the greatest size is 65 characters (dot notation) |
257 | Which value is realistic? In the oid-info.com database (April 2020), the OID with the greatest size is 65 characters (dot notation) |
258 | 258 | ||
259 | Maximum value: OIDs may only have a size of max 251 characters in dot notation. |
259 | Maximum value: OIDs may only have a size of max 251 characters in dot notation. |
260 | Reason: The field defintion of *_objects.oid is defined as varchar(255), |
260 | Reason: The field defintion of *_objects.oid is defined as varchar(255), |
261 | and the OID will have the prefix 'oid:' (4 bytes). |
261 | and the OID will have the prefix 'oid:' (4 bytes). |
262 | You can increase the limit by changing the field definition in the database. |
262 | You can increase the limit by changing the field definition in the database. |
263 | 263 | ||
264 | ### LIMITS_MAX_OID_ASN1_ID_LEN |
264 | ### LIMITS_MAX_OID_ASN1_ID_LEN |
265 | 265 | ||
266 | OIDplus::baseConfig()->setValue('LIMITS_MAX_OID_ASN1_ID_LEN', 255); |
266 | OIDplus::baseConfig()->setValue('LIMITS_MAX_OID_ASN1_ID_LEN', 255); |
267 | 267 | ||
268 | Default value: 255 characters |
268 | Default value: 255 characters |
269 | 269 | ||
270 | Maximum value: 255, as defined in the database fields *_asn1id.name |
270 | Maximum value: 255, as defined in the database fields *_asn1id.name |
271 | You can change the database field definition if you really need more. |
271 | You can change the database field definition if you really need more. |
272 | 272 | ||
273 | ### LIMITS_MAX_OID_UNICODE_LABEL_LEN |
273 | ### LIMITS_MAX_OID_UNICODE_LABEL_LEN |
274 | 274 | ||
275 | OIDplus::baseConfig()->setValue('LIMITS_MAX_OID_UNICODE_LABEL_LEN', 255); |
275 | OIDplus::baseConfig()->setValue('LIMITS_MAX_OID_UNICODE_LABEL_LEN', 255); |
276 | 276 | ||
277 | Default value: 255 bytes (UTF-8 encoded!) |
277 | Default value: 255 bytes (UTF-8 encoded!) |
278 | 278 | ||
279 | Maximum value: 255, as defined in the database fields *_iri.name |
279 | Maximum value: 255, as defined in the database fields *_iri.name |
280 | You can change the database field definition if you really need more. |
280 | You can change the database field definition if you really need more. |
281 | 281 | ||
282 | 282 | ||
283 | (3) "Hidden"/undocumented config settings |
283 | (3) "Hidden"/undocumented config settings |
284 | ----------------------------------------- |
284 | ----------------------------------------- |
285 | 285 | ||
286 | ### OFFLINE_MODE |
286 | ### OFFLINE_MODE |
287 | 287 | ||
288 | OIDplus::baseConfig()->setValue('OFFLINE_MODE', false); |
288 | OIDplus::baseConfig()->setValue('OFFLINE_MODE', false); |
289 | 289 | ||
290 | If set to true, OIDplus will not contact other servers. No system registration, |
290 | If set to true, OIDplus will not contact other servers. No system registration, |
291 | no hCaptcha, no reCAPTCHA, no system updates, etc. |
291 | no hCaptcha, no reCAPTCHA, no system updates, etc. |
292 | 292 | ||
293 | ### OIDINFO_API_URL |
293 | ### OIDINFO_API_URL |
294 | 294 | ||
295 | OIDplus::baseConfig()->setValue('OIDINFO_API_URL', '<url>'); |
295 | OIDplus::baseConfig()->setValue('OIDINFO_API_URL', '<url>'); |
296 | 296 | ||
297 | Currently only internal use for development utilities (dev/). |
297 | Currently only internal use for development utilities (dev/). |
298 | The API to oid-info.com is currently not public. |
298 | The API to oid-info.com is currently not public. |
299 | 299 | ||
300 | ### REGISTRATION_HIDE_SYSTEM |
300 | ### REGISTRATION_HIDE_SYSTEM |
301 | 301 | ||
302 | OIDplus::baseConfig()->setValue('REGISTRATION_HIDE_SYSTEM', true); |
302 | OIDplus::baseConfig()->setValue('REGISTRATION_HIDE_SYSTEM', true); |
303 | 303 | ||
304 | Set this if you have a clone of a productive system and you want |
304 | Set this if you have a clone of a productive system and you want |
305 | to avoid that the clone registers at the ViaThinkSoft directory |
305 | to avoid that the clone registers at the ViaThinkSoft directory |
306 | (which would overwrite the URL of the productive system and reveal |
306 | (which would overwrite the URL of the productive system and reveal |
307 | the URL of your testing system) |
307 | the URL of your testing system) |
308 | 308 | ||
309 | ### MYSQL_FORCE_MYSQLND_SUPPLEMENT |
309 | ### MYSQL_FORCE_MYSQLND_SUPPLEMENT |
310 | 310 | ||
311 | OIDplus::baseConfig()->setValue('MYSQL_FORCE_MYSQLND_SUPPLEMENT', false); |
311 | OIDplus::baseConfig()->setValue('MYSQL_FORCE_MYSQLND_SUPPLEMENT', false); |
312 | 312 | ||
313 | The MySQLi plugin contains a supplement code to handle |
313 | The MySQLi plugin contains a supplement code to handle |
314 | prepared statements on servers which do not have the MySQLnd extension |
314 | prepared statements on servers which do not have the MySQLnd extension |
315 | installed. Set this flag to force the supplement to be used, |
315 | installed. Set this flag to force the supplement to be used, |
316 | even if MySQLnd is available. (For testing purposes only) |
316 | even if MySQLnd is available. (For testing purposes only) |
317 | 317 | ||
318 | ### QUERY_LOGFILE |
318 | ### QUERY_LOGFILE |
319 | 319 | ||
320 | OIDplus::baseConfig()->setValue('QUERY_LOGFILE', ''); |
320 | OIDplus::baseConfig()->setValue('QUERY_LOGFILE', ''); |
321 | 321 | ||
322 | Set this setting to a filename where all queries including timestamps would be written. |
322 | Set this setting to a filename where all queries including timestamps would be written. |
323 | This is used for performance analysis. |
323 | This is used for performance analysis. |
324 | Please choose a directory that cannot be accessed by world-wide. |
324 | Please choose a directory that cannot be accessed by world-wide. |
325 | 325 | ||
326 | ### SESSION_LIFETIME |
326 | ### SESSION_LIFETIME |
327 | 327 | ||
328 | OIDplus::baseConfig()->setValue('SESSION_LIFETIME', 30*60); |
328 | OIDplus::baseConfig()->setValue('SESSION_LIFETIME', 30*60); |
329 | 329 | ||
330 | Session lifetime in seconds. |
330 | Session lifetime in seconds. |
331 | 331 | ||
332 | ### OBJECT_CACHING |
332 | ### OBJECT_CACHING |
333 | 333 | ||
334 | OIDplus::baseConfig()->setValue('OBJECT_CACHING', true); |
334 | OIDplus::baseConfig()->setValue('OBJECT_CACHING', true); |
335 | 335 | ||
336 | Object caching reads all objects in the memory. This increases performance |
336 | Object caching reads all objects in the memory. This increases performance |
337 | performance but also increases memory usage on large databases. |
337 | performance but also increases memory usage on large databases. |
338 | 338 | ||
339 | ### FORCE_DBMS_SLANG |
339 | ### FORCE_DBMS_SLANG |
340 | 340 | ||
341 | OIDplus::baseConfig()->setValue('FORCE_DBMS_SLANG', ''); |
341 | OIDplus::baseConfig()->setValue('FORCE_DBMS_SLANG', ''); |
342 | 342 | ||
343 | Currently valid values: |
343 | Currently valid values: |
344 | - `access` |
344 | - `access` |
345 | - `firebird` |
345 | - `firebird` |
346 | - `mssql` |
346 | - `mssql` |
347 | - `mysql` |
347 | - `mysql` |
348 | - `oracle` |
348 | - `oracle` |
349 | - `pgsql` |
349 | - `pgsql` |
350 | - `sqlite` |
350 | - `sqlite` |
351 | 351 | ||
352 | ### PREPARED_STATEMENTS_EMULATION |
352 | ### PREPARED_STATEMENTS_EMULATION |
353 | 353 | ||
354 | OIDplus::baseConfig()->setValue('PREPARED_STATEMENTS_EMULATION', 'auto'); |
354 | OIDplus::baseConfig()->setValue('PREPARED_STATEMENTS_EMULATION', 'auto'); |
355 | 355 | ||
356 | Currently only for ODBC database plugin. |
356 | Currently only for ODBC database plugin. |
357 | - `auto` = Auto detect if prepared statements should be emulated |
357 | - `auto` = Auto detect if prepared statements should be emulated |
358 | - `on` = Always emulate prepared statements |
358 | - `on` = Always emulate prepared statements |
359 | - `off` = Never emulate prepared statements |
359 | - `off` = Never emulate prepared statements |
360 | 360 | ||
361 | ### MINIFY_CSS |
361 | ### MINIFY_CSS |
362 | 362 | ||
363 | OIDplus::baseConfig()->setValue('MINIFY_CSS', true); |
363 | OIDplus::baseConfig()->setValue('MINIFY_CSS', true); |
364 | 364 | ||
365 | This enables the compression of CSS definitions. |
365 | This enables the compression of CSS definitions. |
366 | - Compressed approx: 220 KB |
366 | - Compressed approx: 220 KB |
367 | - Uncompressed approx: 224 KB |
367 | - Uncompressed approx: 224 KB |
368 | 368 | ||
369 | ### MINIFY_JS |
369 | ### MINIFY_JS |
370 | 370 | ||
371 | OIDplus::baseConfig()->setValue('MINIFY_JS', true); |
371 | OIDplus::baseConfig()->setValue('MINIFY_JS', true); |
372 | 372 | ||
373 | This enables the compression of JavaScript code. |
373 | This enables the compression of JavaScript code. |
374 | Please only disable this, if you want to debug |
374 | Please only disable this, if you want to debug |
375 | the code! You should not disable it on a productive |
375 | the code! You should not disable it on a productive |
376 | system, because otherwise the JavaScript code |
376 | system, because otherwise the JavaScript code |
377 | would be several Megabytes large. |
377 | would be several Megabytes large. |
378 | - Compressed approx: 1133 KB |
378 | - Compressed approx: 1133 KB |
379 | - Unompressed approx: 2761 KB |
379 | - Unompressed approx: 2761 KB |
380 | 380 | ||
381 | ### DISABLE_PLUGIN_* |
381 | ### DISABLE_PLUGIN_* |
382 | 382 | ||
383 | OIDplus::baseConfig()->setValue('DISABLE_PLUGIN_...', true); |
383 | OIDplus::baseConfig()->setValue('DISABLE_PLUGIN_...', true); |
384 | 384 | ||
385 | This gives you the possibility to disable a plugin without |
385 | This gives you the possibility to disable a plugin without |
386 | requiring it to be removed from the file system. |
386 | requiring it to be removed from the file system. |
387 | (Removing a plugin from the file system can result in various |
387 | (Removing a plugin from the file system can result in various |
388 | problems, e.g. they can be re-added during a SVN/software update.) |
388 | problems, e.g. they can be re-added during a SVN/software update.) |
389 | Replace "..." with the main PHP class of the plugin you want to disable. |
389 | Replace "..." with the main PHP class of the plugin you want to disable. |
390 | The namespace must be included. |
390 | The namespace must be included. |
391 | Example: |
391 | Example: |
392 | `"DISABLE_PLUGIN_ViaThinkSoft\OIDplus\OIDplusLoggerPluginUserdataLogfile"` |
392 | `"DISABLE_PLUGIN_ViaThinkSoft\OIDplus\OIDplusLoggerPluginUserdataLogfile"` |
393 | disables the plugin "logger/300_userdata_logfile". |
393 | disables the plugin "logger/300_userdata_logfile". |
394 | 394 | ||
395 | ### DISABLE_AJAX_TRANSACTIONS |
395 | ### DISABLE_AJAX_TRANSACTIONS |
396 | 396 | ||
397 | OIDplus::baseConfig()->setValue('DISABLE_AJAX_TRANSACTIONS', false); |
397 | OIDplus::baseConfig()->setValue('DISABLE_AJAX_TRANSACTIONS', false); |
398 | 398 | ||
399 | This will disable the usage of database transactions in ajax.php |
399 | This will disable the usage of database transactions in ajax.php |
400 | Do only use this if you have severe problems with the system running. |
400 | Do only use this if you have severe problems with the system running. |
401 | It might result in inconsistent data e.g. if you update an OID |
401 | It might result in inconsistent data e.g. if you update an OID |
402 | and an error occurs in the middle of that process. |
402 | and an error occurs in the middle of that process. |
403 | 403 | ||
404 | ### DISABLE_REST_TRANSACTIONS |
404 | ### DISABLE_REST_TRANSACTIONS |
405 | 405 | ||
406 | OIDplus::baseConfig()->setValue('DISABLE_REST_TRANSACTIONS', false); |
406 | OIDplus::baseConfig()->setValue('DISABLE_REST_TRANSACTIONS', false); |
407 | 407 | ||
408 | This will disable the usage of database transactions in rest/* calls. |
408 | This will disable the usage of database transactions in rest/* calls. |
409 | Do only use this if you have severe problems with the system running. |
409 | Do only use this if you have severe problems with the system running. |
410 | It might result in inconsistent data e.g. if you update an OID |
410 | It might result in inconsistent data e.g. if you update an OID |
411 | and an error occurs in the middle of that process. |
411 | and an error occurs in the middle of that process. |
412 | 412 | ||
413 | ### CANONICAL_SYSTEM_URL |
413 | ### CANONICAL_SYSTEM_URL |
414 | 414 | ||
415 | OIDplus::baseConfig()->setValue('CANONICAL_SYSTEM_URL', ''); |
415 | OIDplus::baseConfig()->setValue('CANONICAL_SYSTEM_URL', ''); |
416 | 416 | ||
417 | Setting this value to a system URL will override the absolute system URL detection. |
417 | Setting this value to a system URL will override the absolute system URL detection. |
418 | It has the following effects: |
418 | It has the following effects: |
419 | 1. The "canonical" metatag will use this explicit system URL |
419 | 1. The "canonical" metatag will use this explicit system URL |
420 | instead of the one the PHP script is detecting. |
420 | instead of the one the PHP script is detecting. |
421 | (This is important to avoid duplicate content at search indexes) |
421 | (This is important to avoid duplicate content at search indexes) |
422 | 2. CLI WHOIS and other CLI (Command-line-interface) tools |
422 | 2. CLI WHOIS and other CLI (Command-line-interface) tools |
423 | will use this address when they need to output an URL. |
423 | will use this address when they need to output an URL. |
424 | Otherwise, the CLI tools would need to use the last known |
424 | Otherwise, the CLI tools would need to use the last known |
425 | URL that was detected when a webpage visitor has last visited the |
425 | URL that was detected when a webpage visitor has last visited the |
426 | page. |
426 | page. |
427 | 3. While most resources (images, CSS files, scripts, etc.) are loaded |
427 | 3. While most resources (images, CSS files, scripts, etc.) are loaded |
428 | via relative URLs, sometimes an absolute URL is required |
428 | via relative URLs, sometimes an absolute URL is required |
429 | (e.g., if an email is sent with an activation link). |
429 | (e.g., if an email is sent with an activation link). |
430 | The explicit absolute system URL will then be used rather |
430 | The explicit absolute system URL will then be used rather |
431 | than the automatically detected one. |
431 | than the automatically detected one. |
432 | Note that setting an absolute system URL can be very useful if |
432 | Note that setting an absolute system URL can be very useful if |
433 | OIDplus runs on a system (which detects itself as "X"), |
433 | OIDplus runs on a system (which detects itself as "X"), |
434 | while the canonical URL "Y" is a reverse-proxy. |
434 | while the canonical URL "Y" is a reverse-proxy. |
435 | 435 | ||
436 | ### DEBUG |
436 | ### DEBUG |
437 | 437 | ||
438 | OIDplus::baseConfig()->setValue('DEBUG', false); |
438 | OIDplus::baseConfig()->setValue('DEBUG', false); |
439 | 439 | ||
440 | Enables some special checks for plugins (e.g. a self-test for auth plugins). |
440 | Enables some special checks for plugins (e.g. a self-test for auth plugins). |
441 | It is highly recommended that you enable DEBUG if you are developing |
441 | It is highly recommended that you enable DEBUG if you are developing |
442 | plugins! |
442 | plugins! |
443 | It is recommended to disable this switch in productive systems, |
443 | It is recommended to disable this switch in productive systems, |
444 | because the self-tests decrease the performance. |
444 | because the self-tests decrease the performance. |
445 | However, after installing a new plugin, you might want to enable |
445 | However, after installing a new plugin, you might want to enable |
446 | it for a few minutes, to make sure the plugin is working correctly. |
446 | it for a few minutes, to make sure the plugin is working correctly. |
447 | 447 | ||
448 | ### COOKIE_SAMESITE_POLICY |
448 | ### COOKIE_SAMESITE_POLICY |
449 | 449 | ||
450 | OIDplus::baseConfig()->setValue('COOKIE_SAMESITE_POLICY', 'Strict'); |
450 | OIDplus::baseConfig()->setValue('COOKIE_SAMESITE_POLICY', 'Strict'); |
451 | 451 | ||
452 | Defined which "SameSite" policy should be used for the cookies OIDplus uses. |
452 | Defined which "SameSite" policy should be used for the cookies OIDplus uses. |
453 | Can be "None", "Lax" or "Strict". |
453 | Can be "None", "Lax" or "Strict". |
454 | "Strict" is the most secure setting. |
454 | "Strict" is the most secure setting. |
455 | "Lax" allows that people stay logged in if they follow a link pointing |
455 | "Lax" allows that people stay logged in if they follow a link pointing |
456 | to your OIDplus installation. |
456 | to your OIDplus installation. |
457 | "None" is not recommended and is deprecated by modern web browsers. |
457 | "None" is not recommended and is deprecated by modern web browsers. |
458 | However, OIDplus itself provides an Anti-CSRF mechanism, so you should be |
458 | However, OIDplus itself provides an Anti-CSRF mechanism, so you should be |
459 | still safe. |
459 | still safe. |
460 | 460 | ||
461 | ### COOKIE_DOMAIN |
461 | ### COOKIE_DOMAIN |
462 | 462 | ||
463 | OIDplus::baseConfig()->setValue('COOKIE_DOMAIN', ''); |
463 | OIDplus::baseConfig()->setValue('COOKIE_DOMAIN', ''); |
464 | 464 | ||
465 | Can be used to increase security by setting an explicit domain-name in the cookies. |
465 | Can be used to increase security by setting an explicit domain-name in the cookies. |
466 | Set to '' (empty string) to allow all (sub)domains. |
466 | Set to '' (empty string) to allow all (sub)domains. |
467 | Set to '(auto)' to automatically detect the domain based on the absolute canonical path. |
467 | Set to '(auto)' to automatically detect the domain based on the absolute canonical path. |
468 | 468 | ||
469 | ### COOKIE_PATH |
469 | ### COOKIE_PATH |
470 | 470 | ||
471 | OIDplus::baseConfig()->setValue('COOKIE_PATH', '/'); |
471 | OIDplus::baseConfig()->setValue('COOKIE_PATH', '/'); |
472 | 472 | ||
473 | Can be used to increase security by setting an explicit pathname in the cookies. |
473 | Can be used to increase security by setting an explicit pathname in the cookies. |
474 | Set to '/' to allow all paths. |
474 | Set to '/' to allow all paths. |
475 | Set to '(auto)' to automatically detect the path based on the absolute canonical path. |
475 | Set to '(auto)' to automatically detect the path based on the absolute canonical path. |
476 | Note: If supported, you can use Apache's "ProxyPassReverseCookiePath" to translate |
476 | Note: If supported, you can use Apache's "ProxyPassReverseCookiePath" to translate |
477 | the cookie path in a reverse-proxy setting. |
477 | the cookie path in a reverse-proxy setting. |
478 | 478 | ||
479 | ### RA_PASSWORD_PEPPER |
479 | ### RA_PASSWORD_PEPPER |
480 | 480 | ||
481 | OIDplus::baseConfig()->setValue('RA_PASSWORD_PEPPER', ''); |
481 | OIDplus::baseConfig()->setValue('RA_PASSWORD_PEPPER', ''); |
482 | 482 | ||
483 | The pepper is stored inside the base configuration file |
483 | The pepper is stored inside the base configuration file |
484 | It prevents that an attacker with SQL write rights can |
484 | It prevents that an attacker with SQL write rights can |
485 | create accounts. |
485 | create accounts. |
486 | 486 | ||
487 | ATTENTION!!! If a pepper is used, then the |
487 | ATTENTION!!! If a pepper is used, then the |
488 | hashes are bound to that pepper. If you change the pepper, |
488 | hashes are bound to that pepper. If you change the pepper, |
489 | then ALL passwords of RAs become INVALID! |
489 | then ALL passwords of RAs become INVALID! |
490 | 490 | ||
491 | ### RA_PASSWORD_PEPPER_ALGO |
491 | ### RA_PASSWORD_PEPPER_ALGO |
492 | 492 | ||
493 | OIDplus::baseConfig()->setValue('RA_PASSWORD_PEPPER_ALGO', 'sha512'); |
493 | OIDplus::baseConfig()->setValue('RA_PASSWORD_PEPPER_ALGO', 'sha512'); |
494 | 494 | ||
495 | The pepper is stored inside the base configuration file |
495 | The pepper is stored inside the base configuration file |
496 | It prevents that an attacker with SQL write rights can |
496 | It prevents that an attacker with SQL write rights can |
497 | create accounts. |
497 | create accounts. |
498 | ATTENTION!!! If a pepper is used, then the |
498 | ATTENTION!!! If a pepper is used, then the |
499 | hashes are bound to that pepper. If you change the pepper, |
499 | hashes are bound to that pepper. If you change the pepper, |
500 | then ALL passwords of RAs become INVALID! |
500 | then ALL passwords of RAs become INVALID! |
501 | 501 | ||
502 | ### DEFAULT_LANGUAGE |
502 | ### DEFAULT_LANGUAGE |
503 | 503 | ||
504 | OIDplus::baseConfig()->setValue('DEFAULT_LANGUAGE', 'enus'); |
504 | OIDplus::baseConfig()->setValue('DEFAULT_LANGUAGE', 'enus'); |
505 | 505 | ||
506 | Default language of the system. This is the language |
506 | Default language of the system. This is the language |
507 | a new visitor will see if no "lang=" parameter is used |
507 | a new visitor will see if no "lang=" parameter is used |
508 | and no cookie is set. |
508 | and no cookie is set. |
509 | Must be a valid language in the plugins directory. |
509 | Must be a valid language in the plugins directory. |
510 | Currently available: |
510 | Currently available: |
511 | - `enus` = English USA (default) |
511 | - `enus` = English USA (default) |
512 | - `dede` = German Germany |
512 | - `dede` = German Germany |
513 | 513 | ||
514 | (4) LDAP settings |
514 | (4) LDAP settings |
515 | ----------------- |
515 | ----------------- |
516 | 516 | ||
517 | (see also document ldap_installation.md) |
517 | (see also document ldap_installation.md) |
518 | 518 | ||
519 | ### LDAP_ENABLED |
519 | ### LDAP_ENABLED |
520 | 520 | ||
521 | OIDplus::baseConfig()->setValue('LDAP_ENABLED', true); |
521 | OIDplus::baseConfig()->setValue('LDAP_ENABLED', true); |
522 | 522 | ||
523 | Set to true if you want to enable that users can log-in using LDAP / ActiveDirectory. |
523 | Set to true if you want to enable that users can log-in using LDAP / ActiveDirectory. |
524 | 524 | ||
525 | ### LDAP_NUM_DOMAINS |
525 | ### LDAP_NUM_DOMAINS |
526 | 526 | ||
527 | OIDplus::baseConfig()->setValue('LDAP_NUM_DOMAINS', 1); |
527 | OIDplus::baseConfig()->setValue('LDAP_NUM_DOMAINS', 1); |
528 | 528 | ||
529 | Contains the number of domains/servers which are used. |
529 | Contains the number of domains/servers which are used. |
530 | For 2nd, 3rd, 4th, ... domain use the fields LDAP_xxx__2, LDAP_xxx__3, ... |
530 | For 2nd, 3rd, 4th, ... domain use the fields LDAP_xxx__2, LDAP_xxx__3, ... |
531 | e.g. LDAP_SERVER__2 |
531 | e.g. LDAP_SERVER__2 |
532 | LDAP_PORT__2 |
532 | LDAP_PORT__2 |
533 | LDAP_BASE_DN__2 |
533 | LDAP_BASE_DN__2 |
534 | ... |
534 | ... |
535 | 535 | ||
536 | ### LDAP_SERVER |
536 | ### LDAP_SERVER |
537 | 537 | ||
538 | OIDplus::baseConfig()->setValue('LDAP_SERVER', 'ldap://server1.contoso.local'); |
538 | OIDplus::baseConfig()->setValue('LDAP_SERVER', 'ldap://server1.contoso.local'); |
539 | 539 | ||
540 | The LDAP server of your company. |
540 | The LDAP server of your company. |
541 | 541 | ||
542 | ### LDAP_PORT |
542 | ### LDAP_PORT |
543 | 543 | ||
544 | OIDplus::baseConfig()->setValue('LDAP_PORT', 389); |
544 | OIDplus::baseConfig()->setValue('LDAP_PORT', 389); |
545 | 545 | ||
546 | The port of the LDAP server. |
546 | The port of the LDAP server. |
547 | 547 | ||
548 | ### LDAP_BASE_DN |
548 | ### LDAP_BASE_DN |
549 | 549 | ||
550 | OIDplus::baseConfig()->setValue('LDAP_BASE_DN', 'DC=CONTOSO,DC=local'); |
550 | OIDplus::baseConfig()->setValue('LDAP_BASE_DN', 'DC=CONTOSO,DC=local'); |
551 | 551 | ||
552 | The base Distinguished Name (DN) of your directory. |
552 | The base Distinguished Name (DN) of your directory. |
553 | 553 | ||
554 | ### LDAP_UPN_SUFFIX |
554 | ### LDAP_UPN_SUFFIX |
555 | 555 | ||
556 | OIDplus::baseConfig()->setValue('LDAP_UPN_SUFFIX', '@contoso.local'); |
556 | OIDplus::baseConfig()->setValue('LDAP_UPN_SUFFIX', '@contoso.local'); |
557 | 557 | ||
558 | The UPN suffix of this domain. |
558 | The UPN suffix of this domain. |
559 | 559 | ||
560 | ### LDAP_AUTHENTICATE_UPN |
560 | ### LDAP_AUTHENTICATE_UPN |
561 | 561 | ||
562 | OIDplus::baseConfig()->setValue('LDAP_AUTHENTICATE_UPN', true); |
562 | OIDplus::baseConfig()->setValue('LDAP_AUTHENTICATE_UPN', true); |
563 | 563 | ||
564 | In the login mask, the users will log in using the UPN ("principal name") e.g. username@contoso.local, |
564 | In the login mask, the users will log in using the UPN ("principal name") e.g. username@contoso.local, |
565 | and in OIDplus, a RA account with an email equal to the UPN will be created. |
565 | and in OIDplus, a RA account with an email equal to the UPN will be created. |
566 | 566 | ||
567 | ### LDAP_AUTHENTICATE_EMAIL |
567 | ### LDAP_AUTHENTICATE_EMAIL |
568 | 568 | ||
569 | OIDplus::baseConfig()->setValue('LDAP_AUTHENTICATE_EMAIL', false); |
569 | OIDplus::baseConfig()->setValue('LDAP_AUTHENTICATE_EMAIL', false); |
570 | 570 | ||
571 | In the login mask, the users will log in using the UPN ("principal name") e.g. username@contoso.local, |
571 | In the login mask, the users will log in using the UPN ("principal name") e.g. username@contoso.local, |
572 | and in OIDplus, a RA account with an email equal to the "E-Mail-Address" field of the user in the directory will be created. |
572 | and in OIDplus, a RA account with an email equal to the "E-Mail-Address" field of the user in the directory will be created. |
573 | Note: If you did not set an email address to the user in the LDAP/ActiveDirectory, then the login will not be possible, |
573 | Note: If you did not set an email address to the user in the LDAP/ActiveDirectory, then the login will not be possible, |
574 | except if LDAP_AUTHENTICATE_UPN is additionally enabled. |
574 | except if LDAP_AUTHENTICATE_UPN is additionally enabled. |
575 | Attention: Depending on your domain configuration, users might be able to change their own data, |
575 | Attention: Depending on your domain configuration, users might be able to change their own data, |
576 | e.g. email address. If this is the case, you must not enable this setting, otherwise, |
576 | e.g. email address. If this is the case, you must not enable this setting, otherwise, |
577 | users could authenticate with any address! |
577 | users could authenticate with any address! |
578 | 578 | ||
579 | ### LDAP_ADMIN_GROUP |
579 | ### LDAP_ADMIN_GROUP |
580 | 580 | ||
581 | OIDplus::baseConfig()->setValue('LDAP_ADMIN_GROUP', ''); |
581 | OIDplus::baseConfig()->setValue('LDAP_ADMIN_GROUP', ''); |
582 | 582 | ||
583 | If set to an empty string, the OIDplus administrator account cannot be accessed using LDAP authentication. |
583 | If set to an empty string, the OIDplus administrator account cannot be accessed using LDAP authentication. |
584 | Otherwise, the user will be authenticated as administrator, if the LDAP user is a |
584 | Otherwise, the user will be authenticated as administrator, if the LDAP user is a |
585 | member of the group specified in this setting. |
585 | member of the group specified in this setting. |
586 | Example values: |
586 | Example values: |
587 | - `CN=Administrators,CN=Builtin,DC=CONTOSO,DC=local` |
587 | - `CN=Administrators,CN=Builtin,DC=CONTOSO,DC=local` |
588 | makes every domain administrator also an OIDplus administrator |
588 | makes every domain administrator also an OIDplus administrator |
589 | - `CN=OIDplus Administrators,CN=Users,DC=CONTOSO,DC=local` |
589 | - `CN=OIDplus Administrators,CN=Users,DC=CONTOSO,DC=local` |
590 | makes every user of the group (OIDplus Administrators) to OIDplus administrators |
590 | makes every user of the group (OIDplus Administrators) to OIDplus administrators |
591 | 591 | ||
592 | ### LDAP_RA_GROUP |
592 | ### LDAP_RA_GROUP |
593 | 593 | ||
594 | OIDplus::baseConfig()->setValue('LDAP_RA_GROUP', ''); |
594 | OIDplus::baseConfig()->setValue('LDAP_RA_GROUP', ''); |
595 | 595 | ||
596 | If set to an empty string, every LDAP user can authenticate as RA, depending |
596 | If set to an empty string, every LDAP user can authenticate as RA, depending |
597 | on whether `LDAP_AUTHENTICATE_UPN` and/or `LDAP_AUTHENTICATE_EMAIL` is set. |
597 | on whether `LDAP_AUTHENTICATE_UPN` and/or `LDAP_AUTHENTICATE_EMAIL` is set. |
598 | Otherwise, the LDAP users must be a member of the group specified in this setting. |
598 | Otherwise, the LDAP users must be a member of the group specified in this setting. |
599 | 599 | ||
600 | 600 | ||
601 | (5) Google OAuth2 settings |
601 | (5) Google OAuth2 settings |
602 | -------------------------- |
602 | -------------------------- |
603 | 603 | ||
604 | (see also document google_oauth2_installation.md) |
604 | (see also document google_oauth2_installation.md) |
605 | 605 | ||
606 | ### GOOGLE_OAUTH2_* |
606 | ### GOOGLE_OAUTH2_* |
607 | 607 | ||
608 | OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_ENABLED', true); |
608 | OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_ENABLED', true); |
609 | OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_CLIENT_ID', '..............apps.googleusercontent.com'); |
609 | OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_CLIENT_ID', '..............apps.googleusercontent.com'); |
610 | OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_CLIENT_SECRET', '.............'); |
610 | OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_CLIENT_SECRET', '.............'); |
611 | 611 | ||
612 | 612 | ||
613 | (6) Facebook OAuth2 settings |
613 | (6) Facebook OAuth2 settings |
614 | ---------------------------- |
614 | ---------------------------- |
615 | 615 | ||
616 | (see also document facebook_oauth2_installation.md) |
616 | (see also document facebook_oauth2_installation.md) |
617 | 617 | ||
618 | ### FACEBOOK_OAUTH2_* |
618 | ### FACEBOOK_OAUTH2_* |
619 | 619 | ||
620 | OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_ENABLED', true); |
620 | OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_ENABLED', true); |
621 | OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_CLIENT_ID', '.............'); // Your App ID |
621 | OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_CLIENT_ID', '.............'); // Your App ID |
622 | OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_CLIENT_SECRET', '.............'); // Your App Secret |
622 | OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_CLIENT_SECRET', '.............'); // Your App Secret |
623 | 623 | ||
624 | 624 | ||
625 | (7) JWT authentication settings |
625 | (7) JWT authentication settings |
626 | ------------------------------- |
626 | ------------------------------- |
627 | 627 | ||
628 | If a web request contains the field "OIDPLUS_AUTH_JWT" containing a signed JWT token, |
628 | If a web request contains the field "OIDPLUS_AUTH_JWT" containing a signed JWT token, |
629 | an automatic one-time login is performed in order to execute commands. |
629 | an automatic one-time login is performed in order to execute commands. |
630 | This feature is used in the plugins "Automated AJAX calls" for admins and RAs. |
630 | This feature is used in the plugins "Automated AJAX calls" for admins and RAs. |
631 | With these switches you can disable this feature. |
631 | With these switches you can disable this feature. |
632 | 632 | ||
633 | ### JWT_ALLOW_AJAX_ADMIN |
633 | ### JWT_ALLOW_AJAX_ADMIN |
634 | 634 | ||
635 | OIDplus::baseConfig()->setValue('JWT_ALLOW_AJAX_ADMIN', true); |
635 | OIDplus::baseConfig()->setValue('JWT_ALLOW_AJAX_ADMIN', true); |
636 | 636 | ||
637 | Allow JWT tokens that were created using the admin-plugin |
637 | Allow JWT tokens that were created using the admin-plugin |
638 | "Automated AJAX calls". |
638 | "Automated AJAX calls". |
639 | 639 | ||
640 | ### JWT_ALLOW_AJAX_USER |
640 | ### JWT_ALLOW_AJAX_USER |
641 | 641 | ||
642 | OIDplus::baseConfig()->setValue('JWT_ALLOW_AJAX_USER', true); |
642 | OIDplus::baseConfig()->setValue('JWT_ALLOW_AJAX_USER', true); |
643 | 643 | ||
644 | Allow JWT tokens that were created using the RA-plugin |
644 | Allow JWT tokens that were created using the RA-plugin |
645 | "Automated AJAX calls". |
645 | "Automated AJAX calls". |
646 | 646 | ||
647 | ### JWT_ALLOW_REST_ADMIN |
647 | ### JWT_ALLOW_REST_ADMIN |
648 | 648 | ||
649 | OIDplus::baseConfig()->setValue('JWT_ALLOW_REST_ADMIN', true); |
649 | OIDplus::baseConfig()->setValue('JWT_ALLOW_REST_ADMIN', true); |
650 | 650 | ||
651 | Allow JWT tokens that were created using the admin-plugin |
651 | Allow JWT tokens that were created using the admin-plugin |
652 | "REST API". |
652 | "REST API". |
653 | 653 | ||
654 | ### JWT_ALLOW_REST_USER |
654 | ### JWT_ALLOW_REST_USER |
655 | 655 | ||
656 | OIDplus::baseConfig()->setValue('JWT_ALLOW_REST_USER', true); |
656 | OIDplus::baseConfig()->setValue('JWT_ALLOW_REST_USER', true); |
657 | 657 | ||
658 | Allow JWT tokens that were created using the RA-plugin |
658 | Allow JWT tokens that were created using the RA-plugin |
659 | "REST API". |
659 | "REST API". |
660 | 660 | ||
661 | ### JWT_ALLOW_LOGIN_ADMIN |
661 | ### JWT_ALLOW_LOGIN_ADMIN |
662 | 662 | ||
663 | OIDplus::baseConfig()->setValue('JWT_ALLOW_LOGIN_ADMIN', true); |
663 | OIDplus::baseConfig()->setValue('JWT_ALLOW_LOGIN_ADMIN', true); |
664 | 664 | ||
665 | Allow "Remember me" logins for the administrator account. |
665 | Allow "Remember me" logins for the administrator account. |
666 | 666 | ||
667 | ### JWT_ALLOW_LOGIN_USER |
667 | ### JWT_ALLOW_LOGIN_USER |
668 | 668 | ||
669 | OIDplus::baseConfig()->setValue('JWT_ALLOW_LOGIN_USER', true); |
669 | OIDplus::baseConfig()->setValue('JWT_ALLOW_LOGIN_USER', true); |
670 | 670 | ||
671 | Allow "Remember me" logins for a RA. |
671 | Allow "Remember me" logins for a RA. |
672 | 672 | ||
673 | ### JWT_ALLOW_MANUAL |
673 | ### JWT_ALLOW_MANUAL_ADMIN and JWT_ALLOW_MANUAL_ADMIN_USER |
674 | 674 | ||
- | 675 | OIDplus::baseConfig()->setValue('JWT_ALLOW_MANUAL_ADMIN', false); |
|
675 | OIDplus::baseConfig()->setValue('JWT_ALLOW_MANUAL', false); |
676 | OIDplus::baseConfig()->setValue('JWT_ALLOW_MANUAL_USER', false); |
676 | 677 | ||
677 | Allow JWT tokens which were manually created "by hand". |
678 | Allow JWT tokens which were manually created "by hand". |
678 | These can have any content you like, but they must |
679 | These can have any content you like, but they must |
679 | contain the claim "oidplus_generator" with value "2". |
680 | contain the claim `oidplus_generator` with value `OIDplusAuthContentStoreJWT::JWT_GENERATOR_MANUAL`. |
680 | 681 | ||
681 | ### JWT_TTL_LOGIN_USER |
682 | ### JWT_TTL_LOGIN_USER |
682 | 683 | ||
683 | OIDplus::baseConfig()->setValue('JWT_TTL_LOGIN_USER', 10*365*24*60*60); |
684 | OIDplus::baseConfig()->setValue('JWT_TTL_LOGIN_USER', 10*365*24*60*60); |
684 | 685 | ||
685 | How many seconds will a "remember me" login JWT token be valid? |
686 | How many seconds will a "remember me" login JWT token be valid? |
686 | (RA login) |
687 | (RA login) |
687 | 688 | ||
688 | ### JWT_TTL_LOGIN_ADMIN |
689 | ### JWT_TTL_LOGIN_ADMIN |
689 | 690 | ||
690 | OIDplus::baseConfig()->setValue('JWT_TTL_LOGIN_ADMIN', 10*365*24*60*60); |
691 | OIDplus::baseConfig()->setValue('JWT_TTL_LOGIN_ADMIN', 10*365*24*60*60); |
691 | 692 | ||
692 | How many seconds will a "remember me" login JWT token be valid? |
693 | How many seconds will a "remember me" login JWT token be valid? |
693 | (Administrator login) |
694 | (Administrator login) |
694 | 695 | ||
695 | 696 | ||
696 | (8) Third-party plugins |
697 | (8) Third-party plugins |
697 | ----------------------- |
698 | ----------------------- |
698 | 699 | ||
699 | ### FrdlWeb RDAP plugin |
700 | ### FrdlWeb RDAP plugin |
700 | 701 | ||
701 | OIDplus::baseConfig()->setValue('RDAP_CACHE_ENABLED', false ); |
702 | OIDplus::baseConfig()->setValue('RDAP_CACHE_ENABLED', false ); |
702 | OIDplus::baseConfig()->setValue('RDAP_CACHE_DIRECTORY', OIDplus::localpath().'userdata/cache/' ); |
703 | OIDplus::baseConfig()->setValue('RDAP_CACHE_DIRECTORY', OIDplus::localpath().'userdata/cache/' ); |
703 | OIDplus::baseConfig()->setValue('RDAP_BASE_URI', OIDplus::webpath() ); |
704 | OIDplus::baseConfig()->setValue('RDAP_BASE_URI', OIDplus::webpath() ); |
704 | OIDplus::baseConfig()->setValue('RDAP_CACHE_EXPIRES', 60 * 3 ); |
705 | OIDplus::baseConfig()->setValue('RDAP_CACHE_EXPIRES', 60 * 3 ); |