64 lines
2.5 KiB
Text
64 lines
2.5 KiB
Text
<?php
|
|
|
|
$g_domains = [
|
|
'example.domain' => [ 'transfer_server' => 'localhost', 'update_server' => 'localhost' ],
|
|
'subzone.example.domain' => [ 'transfer_server' => 'localhost', 'update_server' => 'localhost' ],
|
|
'example.org' => [ 'transfer_server' => 'ns-prod1.lan.example.org', 'update_server' => 'ns-prod1.lan.example.org' ],
|
|
'prod.example.org' => [ 'transfer_server' => 'ns-prod1.lan.example.org', 'update_server' => 'ns-prod1.lan.example.org' ],
|
|
'nonprod.example.org' => [ 'transfer_server' => 'ns-prod1.lan.example.org', 'update_server' => 'ns-prod1.lan.example.org' ],
|
|
'ad.example.org' => [ 'transfer_server' => 'windows.example.org', 'update_server' => '', read_only => true ]
|
|
];
|
|
|
|
// Audit
|
|
$g_audit = true;
|
|
$g_audit_log = '/var/log/dns/int_audit.log';
|
|
|
|
$g_audit_events['display'] = true;
|
|
$g_audit_events['get_record'] = true;
|
|
|
|
$g_auth = "ldap";
|
|
$g_auth_domain_prefix = "CORP\\";
|
|
$g_auth_fetch_domain_groups = true;
|
|
$g_auth_ldap_dn = "OU=CORP,DC=evilcorp,DC=net";
|
|
$g_auth_login_banner = "You can login using your CORP account, for example: michael.smith";
|
|
$g_auth_ldap_url = "ldaps://ldap.evilcorp.net";
|
|
$g_session_timeout = 3600;
|
|
|
|
// API enable
|
|
$g_api_enabled = true;
|
|
|
|
// Role based permissions matrix
|
|
|
|
$g_auth_roles = [ 'devops' => [
|
|
'nonprod.example.org' => 'rw',
|
|
'prod.example.org' => 'r',
|
|
'example.domain' => 'r'
|
|
],
|
|
// these are just a placeholder, this role is filled up using code later
|
|
'readonly' => [ ],
|
|
'reverse_rw_all' => [],
|
|
'reverse_ro_all' => []
|
|
];
|
|
|
|
|
|
///////////////////////////////////////////////
|
|
// hacks
|
|
///////////////////////////////////////////////
|
|
foreach ($g_domains as $key => $value)
|
|
{
|
|
// hack to load every single zone into 'readonly' and pseudo-root roles
|
|
$g_auth_roles['readonly'][$key] = 'r';
|
|
$g_auth_roles['admin'][$key] = 'rw';
|
|
|
|
// reverse
|
|
if (psf_string_endsWith($key, 'in-addr.arpa'))
|
|
{
|
|
$g_auth_roles['reverse_rw_all'][$key] = 'rw';
|
|
$g_auth_roles['reverse_ro_all'][$key] = 'r';
|
|
}
|
|
}
|
|
|
|
// Grant access to AD groups
|
|
$g_auth_roles['Security'] = array_merge($g_auth_roles['reverse_ro_in'], $g_auth_roles['readonly']);
|
|
$g_auth_roles['Developers'] = array_merge($g_auth_roles['reverse_rw_in'], $g_auth_roles['readonly'], $g_auth_roles['devops']);
|
|
$g_auth_roles['Operations'] = $g_auth_roles['admin'];
|