0ct0pu5/dnsphpadmin
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dnsphpadmin/config.default.php
Petr Bena 96af94f6fe + CNAME, DNAME
2019-08-07 15:12:17 +02:00

163 lines
8 KiB
PHP
Raw Permalink Blame History

<?php
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// Security check
if (!defined('G_DNSTOOL_ENTRY_POINT'))
die("Not a valid entry point");
// Timezone (used when writing to audit logs)
$g_timezone = 'UTC';
// List of domains, each domain has separate value for "transfer server" which server that
// dig will do zone transfer on when reading zone data, and update_server which is where
// nsupdate will send its requests
$g_domains = [ 'example.domain' => [ 'transfer_server' => 'localhost', 'update_server' => 'localhost' ] ];
// You can specify multiple custom options per domain, this example here contains all available options with documentation:
// You can also specify custom TSIG override
// $g_domains = [ 'example.domain' => [ 'transfer_server' => 'localhost',
// 'update_server' => 'localhost',
// 'read_only' => false, // by default false, if true domain will be read only
// 'in_transfer' => false, // if true domain will be marked as "in transfer" which means it's being transfered from one DNS master to another, so the records may not reflect truth
// 'maintenance_note' => 'This domain is being configured now', // maintenance note to display for this domain
// 'tsig' => true,
// 'tsig_key' => 'some_key' ] ];
// List of records that can be edited
$g_editable = [ "A", "AAAA", "CNAME", "DNAME", "NS", "PTR", "SRV", "TXT", "SPF", "MX" ];
// Path to executable of dig
$g_dig = '/usr/bin/dig';
// Path to executable of nsupdate
$g_nsupdate = '/usr/bin/nsupdate';
// If true all changes will go to this file
$g_audit = false;
// Define which events are logged into audit log
$g_audit_events = [
'login_success' => true,
'login_fail' => true,
'batch' => true,
'create' => true,
'replace_delete' => true,
'replace_create' => true,
'delete' => true,
'display' => false
];
$g_audit_log = '/var/log/dns_audit.log';
// Folder where the batch operations should be logged, each batch operation will be stored in separate file
// Keep this null to log batch operations into single line to $g_audit_log
$g_audit_batch_location = null;
// TSIG authentication for nsupdate - global config
// you can specify individual TSIG settings per each domain, if you don't this is default value
$g_tsig = false;
$g_tsig_key = '';
// Will print debug statements into html output
$g_debug = false;
// How long do sessions last in seconds
$g_session_timeout = 3600;
// Authentication setup - by default, don't provide any authentication mechanism, leave it up to sysadmin
// Only supported authentication backend right now is LDAP ($g_auth = "ldap";)
$g_auth = NULL;
// Application ID for sessions, if you have multiple separate installations of dns php admin, you should create unique strings for each of them
// to prevent sharing session information between them
$g_auth_session_name = "dnsphpadmin";
// Few words about LDAP integration within dns php admin:
// This tool was written in a very large corporation world with extreme edge use-cases in mind. Therefore it's very flexible and it has
// large amount of options that may look quite hard to understand on first sight. While it supports generic LDAP protocol it was written
// with Active Directory in mind. This tool supports multiple authentication schemes such as:
// * anyone who has access to LDAP / AD can use it without limits (keep g_auth_roles and g_auth_allowed_users NULL)
// * selected users can login only (g_auth_allowed_users)
// * RBAC access - there are roles defined with fine-grained permissions where each user is bound to one or more of these roles (groups)
// Many of the options present in this config may be left as default value unless you are aiming for one of these edge cases that I unfortunatelly
// had to prepare this tool for.
// Example auth
// $g_auth = "ldap";
// URL of LDAP server, prefix with ldaps:// to get SSL, if you need to ignore invalid certificate, follow this:
// https://stackoverflow.com/questions/3866406/need-help-ignoring-server-certificate-while-binding-to-ldap-server-using-php
// $g_auth_ldap_url = "ldap.example.com";
$g_auth_ldap_url = NULL;
// Custom login information
// Example:
// $g_auth_login_banner = "You can login with your domain name";
$g_auth_login_banner = NULL;
// Set up optional filter for usernames that are allowed to login
// Example:
// $g_auth_allowed_users = array( "domain\\bob", "joe" );
$g_auth_allowed_users = NULL;
// Optional prefix for users - this prefix is automatically appended in front of every username unless it's already present
// this is useful for AD domain logins where domain has to be specified in front of username
// Example:
// $g_auth_domain_prefix = "CORP\\";
// will result in joe being changed to CORP\joe while authenticating to LDAP, but when retrieving a list of groups, only joe will be used
$g_auth_domain_prefix = NULL;
// If true, following string will be used to fetch group membership for each user. These groups will be added to list of roles that user is member of.
// If you want to grant some privileges to an LDAP group, you should create a special role with exactly same name as LDAP group, that way each member
// of this group will have these privileges
$g_auth_fetch_domain_groups = false;
// This is only used if g_auth_fetch_domain_groups option is set to true to fetch list of groups user is in
$g_auth_ldap_dn = "CN=Users,DC=ad,DC=domain";
// You can also setup authentication roles and their privileges here, there is special built-in role "root" which has unlimited privileges
// Privileges are one of 'rw', 'r' or '' for nothing
// Examples:
// $g_auth_roles = [ 'users' => [ 'example.domain' => 'rw' ] ];
// $g_auth_roles = [ 'DOMAIN.GROUP.WITH.FANCY.NAME' => [ 'example.domain' => 'rw' ] ]; // in combination with g_auth_fetch_domain_groups
// $g_auth_roles = [ 'admins' => [ 'example.domain' => 'rw' ], 'users' => [ 'example.domain' => 'r' ] ];
// IMPORTANT: if you are using LDAP groups, you will still need to define some authentication roles here and later you can bind these roles to
// individual groups
$g_auth_roles = NULL;
// Each user can be member of multiple roles, in case no role is specified for user, this is default role
$g_auth_default_role = NULL;
// Don't allow users who don't belong to any role to login to this tool - this is only enforced in case that g_auth_roles is not nullptr
$g_auth_disallow_users_with_no_roles = true;
// You can assign roles to users or LDAP groups here
// Example:
// $g_auth_roles_map = [ 'joe' => [ 'admins', 'users' ] ];
$g_auth_roles_map = [];
// Use local bootstrap instead of CDN (useful for clients behind firewall)
// In order for this to work, you need to download bootstrap 3.3.7 so that it's in root folder of htdocs (same level as index.php) example:
// /bootstrap-3.3.7
// /index.php
$g_use_local_bootstrap = false;
// Use local jquery instead of CDN (useful for clients behind firewall)
// For this to work download compressed jquery 3.3.1 to root folder for example:
// /jquery-3.3.1.min.js
$g_use_local_jquery = false;
// Whether API interface is available or not
$g_api_enabled = false;
// List of access tokens that can be used with API calls (together with classic login)
// This is a simple list of secrets. Each secret is a string that is used to authenticate for API subsystem.
$g_api_tokens = [ ];
Reference in a new issue View git blame Copy permalink