import v2.0.0.0_RC3 | 2012-07-01

https://github.com/lucanos/CommunityID -> http://www.itadmins.net/archives/357

Acl.php

@@ -1,7 +1,7 @@
 <?php
 
 /*
-* @copyright Copyright (C) 2005-2009 Keyboard Monkeys Ltd. http://www.kb-m.com
+* @copyright Copyright (C) 2005-2010 Keyboard Monkeys Ltd. http://www.kb-m.com
 * @license http://creativecommons.org/licenses/BSD/ BSD License
 * @author Keyboard Monkey Ltd
 * @since  CommunityID 0.9
@@ -31,6 +31,8 @@ $privileges['default']['openid']['authenticate']           = Users_Model_User::R
 $privileges['default']['openid']['trust']                  = Users_Model_User::ROLE_REGISTERED;
 $privileges['default']['openid']['proceed']                = Users_Model_User::ROLE_REGISTERED;
 
+$privileges['default']['profile']['index']                = Users_Model_User::ROLE_REGISTERED;
+
 $privileges['default']['sites']['index']                  = Users_Model_User::ROLE_REGISTERED;
 $privileges['default']['sites']['list']                  = Users_Model_User::ROLE_REGISTERED;
 $privileges['default']['sites']['deny']                  = Users_Model_User::ROLE_REGISTERED;
@@ -83,9 +85,9 @@ $privileges['users']['profile']['edit']           = Users_Model_User::ROLE_REGIS
 $privileges['users']['profile']['save']           = Users_Model_User::ROLE_REGISTERED;
 
 $privileges['users']['personalinfo']['index']           = Users_Model_User::ROLE_REGISTERED;
-$privileges['users']['personalinfo']['show']           = Users_Model_User::ROLE_REGISTERED;
 $privileges['users']['personalinfo']['edit']           = Users_Model_User::ROLE_REGISTERED;
 $privileges['users']['personalinfo']['save']           = Users_Model_User::ROLE_REGISTERED;
+$privileges['users']['personalinfo']['delete']         = Users_Model_User::ROLE_REGISTERED;
 
 $privileges['users']['profilegeneral']['accountinfo']     = Users_Model_User::ROLE_REGISTERED;
 $privileges['users']['profilegeneral']['editaccountinfo']     = Users_Model_User::ROLE_REGISTERED;
@@ -106,15 +108,15 @@ $privileges['users']['manageusers']['sendreminder']  = Users_Model_User::ROLE_AD
 
 $privileges['users']['userslist']['index']  = Users_Model_User::ROLE_ADMIN;
 
+$privileges['users']['signinimage']['index']  = Users_Model_User::ROLE_REGISTERED;
+$privileges['users']['signinimage']['saveimage']  = Users_Model_User::ROLE_REGISTERED;
+$privileges['users']['signinimage']['setcookie']  = Users_Model_User::ROLE_REGISTERED;
+$privileges['users']['signinimage']['image']  = Users_Model_User::ROLE_GUEST;
+
+
 $privileges['stats']['index']['index']          = Users_Model_User::ROLE_ADMIN;
-$privileges['stats']['registrations']['index']  = Users_Model_User::ROLE_ADMIN;
-$privileges['stats']['registrations']['graph']  = Users_Model_User::ROLE_ADMIN;
-$privileges['stats']['authorizations']['index'] = Users_Model_User::ROLE_ADMIN;
-$privileges['stats']['authorizations']['graph'] = Users_Model_User::ROLE_ADMIN;
-$privileges['stats']['sites']['index']          = Users_Model_User::ROLE_ADMIN;
-$privileges['stats']['sites']['graph']          = Users_Model_User::ROLE_ADMIN;
-$privileges['stats']['top']['index']            = Users_Model_User::ROLE_ADMIN;
-$privileges['stats']['top']['graph']            = Users_Model_User::ROLE_ADMIN;
+$privileges['stats']['reports']['index']        = Users_Model_User::ROLE_ADMIN;
+$privileges['stats']['reports']['graph']        = Users_Model_User::ROLE_ADMIN;
 
 $privileges['news']['index']['index']           = Users_Model_User::ROLE_GUEST;
 $privileges['news']['view']['index']            = Users_Model_User::ROLE_GUEST;

Application.php

@@ -1,7 +1,7 @@
 <?php
 
 /*
-* @copyright Copyright (C) 2005-2009 Keyboard Monkeys Ltd. http://www.kb-m.com
+* @copyright Copyright (C) 2005-2010 Keyboard Monkeys Ltd. http://www.kb-m.com
 * @license http://creativecommons.org/licenses/BSD/ BSD License
 * @author Keyboard Monkey Ltd
 * @since  CommunityID 0.9
@@ -11,7 +11,7 @@
 
 class Application
 {
-    const VERSION = '1.1.0.RC2';
+    const VERSION = '2.0.0.RC3';
 
     public static $config;
     public static $logger;
@@ -58,6 +58,7 @@ class Application
         $loader->registerNamespace('Monkeys_');
         $loader->registerNamespace('CommunityID');
         $loader->registerNamespace('Auth');
+        $loader->registerNamespace('Yubico');
         new Monkeys_Application_Module_Autoloader(array(
             'namespace' => '',
             'basePath'  => APP_DIR . '/modules/default',
@@ -82,31 +83,15 @@ class Application
 
     public static function setConfig()
     {
-        if (file_exists(APP_DIR . DIRECTORY_SEPARATOR . 'config.php')) {
-            $configFile = APP_DIR . DIRECTORY_SEPARATOR . 'config.php';
-        } else {
-            $configFile = APP_DIR . DIRECTORY_SEPARATOR . 'config.default.php';
-        }
-
         $config = array();
-        require $configFile;
-
-        // in case config.php is empty (during install)
-        if (!$config) {
-            $configFile = APP_DIR . DIRECTORY_SEPARATOR . 'config.default.php';
-            require $configFile;
 
+        // first defaults are loaded, then the custom configs
+        require APP_DIR . DIRECTORY_SEPARATOR . 'config.default.php';
+        if (file_exists(APP_DIR . DIRECTORY_SEPARATOR . 'config.php')) {
+            require APP_DIR . DIRECTORY_SEPARATOR . 'config.php';
         }
 
         self::$config = new Zend_Config($config, array('allowModifications' => true));
-        if(self::$config->environment->installed === null) {
-            $configFile = APP_DIR . DIRECTORY_SEPARATOR . 'config.default.php';
-            require $configFile;
-            self::$config = new Zend_Config($config, array('allowModifications' => true));
-        }
-
-        // @todo: remove this when all interconnected apps use the same LDAP source
-        self::$config->environment->app = 'communityid';
 
         Zend_Registry::set('config', self::$config);
     }
@@ -162,10 +147,11 @@ class Application
 
     public static function setDatabase()
     {
-        // constant not set if pdo_mysql extension is not loaded
-        if (defined('PDO::MYSQL_ATTR_USE_BUFFERED_QUERY')) {
+        // I was using this for when using PDO, but lately it's generating a segfault, and we're not using PDO anymore anyway
+        /*if (defined('PDO::MYSQL_ATTR_USE_BUFFERED_QUERY')) {
+            // constant not set if pdo_mysql extension is not loaded
             self::$config->database->params->driver_options = array(PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true);
-        }
+        }*/
 
         $db = Zend_Db::factory(self::$config->database);
         if (self::$config->logging->level == Zend_Log::DEBUG) {

CHANGELOG

@@ -1,10 +1,124 @@
+2010-05-26 / 2.0.0-RC3 / Reiner Jung <reiner@kb-m.com>
+
+*NEW FEATURES:*
+
+- Added check to see if cURL is enabled (needed for Yubikey)
+- Added label to list password requirements
+- Detect missing new config settings after upgrade, and show warning notice.
+
+*FIXED BUGS:*
+
+- Updated language reference files
+
+2010-05-3 / 2.0.0-RC2 / Reiner Jung <reiner@kb-m.com>
+
+*NEW FEATURES:*
+
+NONE
+
+*FIXED BUGS:*
+
+- javascript error when authenticating
+- upgrade from version prior to 1.2.1 was broken
+
+2010-04-20 / 2.0.0-RC1 / Reiner Jung <reiner@kb-m.com>
+
+*NEW FEATURES:*
+
+- Yubikey support: users can log into the community-ID  and authenticate themselves during an OpenID transaction using a Yubikey. The administrator must configure this as explained in the config.php file.  If allowed by the administrator, users can choose the authentication mode (password or Yubikey) in their account section.
+- Added PAPE extension support: implemented a phishing-resistant authentication policy, through a sign-in image a user can manage.
+- Added ability to blacklist usernames throug regular expression in the config file.
+- Check passwords against dictionary, username, minimum length, include numbers, include symbols and include upper and lower case chars. Applied to Registration form, change password form and new user form. All this configurable in config.php
+- Implemented multiple profiles for users.
+- Added cronjob script to automatically delete unconfirmed accounts.  Note that all these maintenance scripts have been removed from the release, and must be retrieved manually from svn://source.keyboard-monkeys.org/communityid/branches/scripts
+- utilities and tests directories have also been moved to a separate svn branch.
+
+*FIXED BUGS:*
+
+- Fixed javascript error under IE and Chrome.
+- The reminder counter was not being reset when a user confirmed his account.
+
+2010-03-08 / 1.2.1 / Reiner Jung <reiner@kb-m.com>
+
+*NEW FEATURES:*
+
+- NONE
+
+*FIXED BUGS:*
+
+- With the 1.2 release we introduced a bug where the login to Facebook was not working anymore
+- The reminder counter is not reset after the user confirms
+- Italian translation from Paolo Campegiani
+- Update Catalan translation 
+
+2010-02-05 / 1.2.0 / Reiner Jung <reiner@kb-m.com>
+
+*NEW FEATURES:*
+
+- NONE
+
+*FIXED BUGS:*
+
+- In the authentication page for an openid transaction, the openid shouldn't be changeable 
+- Password recovery URL was forced to be http even when the site was using https 
+- Couldn't edit user profile or change pwd
+
+2010-01-28 / 1.2.0-RC2 / Reiner Jung <reiner@kb-m.com>
+
+*NEW FEATURES:*
+
+- New plugin framework for stats
+- Catalan translation added
+
+*FIXED BUGS*
+
+- Login not working if subdomain & mixed mode enabled
+
+2009-12-04 / 1.2.0-RC1 / Reiner Jung <reiner@kb-m.com>
+
+*NEW FEATURES:*
+
+- Ability to set page metadata in the config
+- Ability to set set different resource files (email templates, eula) on a per-theme basis
+- For user data and authentication, admin can choose the default DB storage, or to connect to an LDAP server
+- Autofocus in the password field when authenticating
+
+*FIXED BUGS:*
+
+- NONE
+
+2009-11-20 / 1.1.1 / Reiner Jung <reiner@kb-m.com>
+
+NEW FEATURES:
+
+- Added more requirements checks during the installation ( PHP version, and existence of some extensions and options)
+- Language updates.
+
+FIXED BUGS:
+
+- The 'register now' section was still visible in the home page when registrations were disabled in the config file.
+
+2009-10-05 / 1.1.0 / Reiner Jung <reiner@kb-m.com>
+
+NEW FEATURES:
+
+- Japanese translation added from Kevin Fujii
+
+FIXED BUGS:
+
+- Languages updates
+- Moved language files under LC_MESSAGES directories
+- Normalization of URL stored in the sites table
+- Increase graph bottom margin to make room for x-axis labels
+- Show error messages for bad login or bad captcha when trying to log in
+- A couple of spelling/grammar issues fixed
+- upgraded jpgraph to version 3.0.4. Solves compatibility with php 5.3
+
 2009-09-18 / 1.1.0-RC2 / Reiner Jung <reiner@kb-m.com>
 
 NEW FEATURES:
 
-- During installation, ask for desired admin user username and 
-password, instead of using the default admin/admin. The admin's E-mail 
-is set to the support E-mail provided in that same form.
+- During installation, ask for desired admin user username and password, instead of using the default admin/admin. The admin's E-mail is set to the support E-mail provided in that same form.
 - Language updates.
 
 FIXED BUGS:
@@ -16,74 +130,53 @@ FIXED BUGS:
 
 NEW FEATURES:
 
-- Clear button in Manage Users section will clear search input box, and 
-restore the current filtered list.
+- Clear button in Manage Users section will clear search input box, and restore the current filtered list.
 - Updated translation strings
 - Added i18n to the account reminder E-mail template
-- When browsing users, show the number of reminders sent to unconfirmed 
-users, in the status column.
+- When browsing users, show the number of reminders sent to unconfirmed users, in the status column.
 - Upgraded Zend Framework to latest stable version, 1.9.2
-- Completely removed the requirement of having to enable short tags in 
-php.ini
+- Completely removed the requirement of having to enable short tags in php.ini
 
 FIXED BUGS:
 
 - Fixed return on denied immediate request
-- Wasn't forgetting user after closing browser, when not using the 
-Remember Me feature
+- Wasn't forgetting user after closing browser, when not using the Remember Me feature
 - Fixed issues with the unconfirmed user message reminders
 - Clean error message when attempting to install with empty config.php file
-- Fixed warning message when pdo_mysql extension is not loaded. Note 
-that that extension still isn't a requirement, since we're still using 
-mysqli
-- Fixed small installation issue when installing directly on the web 
-root dir
-- After the upgrade process finishes, log out the user to avoid problems 
-when the users table structure changes.
+- Fixed warning message when pdo_mysql extension is not loaded. Note that that extension still isn't a requirement, since we're still using mysqli
+- Fixed small installation issue when installing directly on the web root dir
+- After the upgrade process finishes, log out the user to avoid problems when the users table structure changes.
 
 
 2009-08-21 / 1.1.0BETA / Reiner Jung <reiner@kb-m.com>
 
 NEW FEATURES:
 
-- Community-ID news feed has been moved to a new About section, visible 
-only by admins.
+- Community-ID news feed has been moved to a new About section, visible only by admins.
 - News in the home page are now manageable by the admin.
-- Brute-force login attempts are now mitigated through the appearance of 
-a captcha after the third failed attempt, in both the main page login 
-section, and when trying to log-in while during an OpenID authentication.
+- Brute-force login attempts are now mitigated through the appearance of a captcha after the third failed attempt, in both the main page login section, and when trying to log-in while during an OpenID authentication.
 - Removed requirement of having short_open_tag php.ini directive to be On.
 - The user's OpenID URL is now visible in all pages when he's logged in.
 - The Manage Users section now has a search field.
-- You're able to delete unconfirmed users that have not confirmed their 
-account for a given number of days.
-- You're able to send a reminder to unconfirmed users that have not 
-confirmed their account for a given number of days.
-- Added sorting ability for the History Log table. Have it sort from 
-latest to oldest by default.
-- Replaced rich-text editor in the Message Users section with the more 
-capable FCK Editor.
-- Rich-text editor messages are filtered through the HTMLPurifier lib, 
-that filters out XSS and other malignous content.
+- You're able to delete unconfirmed users that have not confirmed their account for a given number of days.
+- You're able to send a reminder to unconfirmed users that have not confirmed their account for a given number of days.
+- Added sorting ability for the History Log table. Have it sort from latest to oldest by default.
+- Replaced rich-text editor in the Message Users section with the more capable FCK Editor.
+- Rich-text editor messages are filtered through the HTMLPurifier lib, that filters out XSS and other malignous content.
 - Upgraded Zend Framework to version 1.8.4PL1
 
 
 FIXED BUGS:
 
-- Fixed compatibility with OpenID relays that send their info through 
-POST instead of GET.
-- Fixed support for relays not sending the OpenID identifier. This fixes 
-Facebook compatibility.
+- Fixed compatibility with OpenID relays that send their info through POST instead of GET.
+- Fixed support for relays not sending the OpenID identifier. This fixes Facebook compatibility.
 - Fixed clashes with other Zend Frameworks located in PHP's include path.
-- Now only ascii characters will be allowed in the usernames, to avoid 
-problems in the OpenID URL.
+- Now only ascii characters will be allowed in the usernames, to avoid problems in the OpenID URL.
 - Fixed pagination issues in the Manage Users section.
 - Fixed pagination issues in the History Log section.
 - Fixed problems in the Feedback and Message Users forms.
-- Mass-mailing to users will have the recipients in BCC instead of TO, 
-to avoid revealing E-mails to all recipients.
-- Fixed layout issue of the login checkbox "Remember me", under IE and 
-Opera.
+- Mass-mailing to users will have the recipients in BCC instead of TO, to avoid revealing E-mails to all recipients.
+- Fixed layout issue of the login checkbox "Remember me", under IE and Opera.
 - Fixed some javascript error messages under IE.
 
 

CONTRIBUTORS

@@ -10,9 +10,11 @@ Patch contribution
 
 Translations
 
-    * Swedish Translation from Peter Kindström
-    * Polish Translation from Piotr Baranowski 
-    * Dutch Translation from Stanley Westerveld
+    * Japanese translation from Kevin Fujii
+    * Swedish translation from Peter Kindström
+    * Polish translation from Piotr Baranowski 
+    * Dutch translation from Stanley Westerveld
+    * Catalan translation from Ferran Cabrer
 
 Testing
 

README

@@ -1,5 +1,16 @@
-009-08-21 Reiner Jung <reiner@kb-m.com>
+2010-04-20 Reiner Jung <reiner@kb-m.com>
+
+- To provide a simpler installation, all files will go under the web 
+dir, and there's no longer need to create a symlink. Have 
+this in mind when upgrading, replacing the symlink you currently have 
+with the files from this release.
+
+- Some of the new features need new configuration directives. To 
+upgrade, use the older config.php file, and only after a successful 
+upgrade you can take a look at config.default.php and fill out the new 
+directives into the config.php file
 
 NEW REQUIREMENTS:
 
 - Minimal supported PHP version is 5.2.4
+- For YubiKey support php-curl package is required

README.md

@@ -1 +1,4 @@
-import things form https://sourceforge.net/projects/communityid/files/
+CommunityID
+===========
+
+PHP OpenID Server

config.default.php

@@ -9,6 +9,7 @@ $config['environment']['production']        = true;
 $config['environment']['YDN']               = true;
 $config['environment']['ajax_slowdown']     = 0;
 $config['environment']['keep_history_days'] = 90;
+$config['environment']['unconfirmed_accounts_days_expire'] = 0;
 
 # Enable / Disable account self-registration.
 $config['environment']['registrations_enabled'] = true;
@@ -18,12 +19,20 @@ $config['environment']['locale']            = 'auto';
 
 $config['environment']['template']          = 'default';
 
+
+#
+#  -------  HTML metadata ------------
+#
+$config['metadata']['description']          = 'Community-ID, the open source OpenID provider';
+$config['metadata']['keywords']             = 'Community-ID, OpenID, Open source';
+
+
 #
 #  -------  LOGGING ------------
 #
 # Enter a path relative to the installation's root dir, or an absolute path.
 # The file must exist, and be writable by the web server user
-$config['logging']['location']              = 'log.txt';
+$config['logging']['location']              = '/var/log/communityid.log';
 
 # Log level. You can use any of these constants or numbers:
 # Zend_Log::EMERG   = 0;  // Emergency: system is unusable
@@ -71,6 +80,89 @@ $config['database']['params']['username']   = '';
 $config['database']['params']['password']   = '';
 
 
+#
+#  -------  PASSWORDS ------------
+#
+# Point to file with a blacklist of words
+# The path must relative to Community-ID's root directory.
+$config['security']['passwords']['dictionary'] = 'libs/Monkeys/Dictionaries/english.txt';
+
+# If set to true, the password should not contain the username
+$config['security']['passwords']['username_different'] = true;
+
+# Set the password's minimum length
+$config['security']['passwords']['minimum_length'] = 6;
+
+# Set to true if the password should contain number characters
+$config['security']['passwords']['include_numbers'] = true;
+
+# Set to true if the password should contain non alpha-numeric characters
+$config['security']['passwords']['include_symbols'] = true;
+
+# Set to true if the password should contain both lower case and uppercase characters
+$config['security']['passwords']['lowercase_and_uppercase'] = true;
+
+
+#
+#  -------  USERNAMES ------------
+#
+# Enter a regular expression (or litteral) for usernames you wish to exclude
+# You can add as many entries as you want
+$config['security']['usernames']['exclude'][0] = '';
+
+
+#
+#  -------  LDAP ------------
+#
+# Warning: Only turn on for new installations.
+# Ask for help if you want to migrate from a DB-based installation to an LDAP one.
+#
+$config['ldap']['enabled']                  = false;
+$config['ldap']['host']                     = 'localhost';
+$config['ldap']['baseDn']                   = 'ou=users,dc=community-id,dc=org';
+$config['ldap']['bindRequiresDn']           = true;
+
+# credentials for LDAP administator user. Username must be a DN. This is not the same
+# as the Community-ID administrator user.
+$config['ldap']['username']                 = 'cn=admin,dc=community-id,dc=org';
+$config['ldap']['password']                 = 'admin';
+
+# CN for the Community-ID admin
+$config['ldap']['admin']                    = 'admin';
+
+# If set to true, when the Account Info is updated or the account is deleted,
+# then the LDAP record is updated/deleted as well.
+# If set to false, the account info cannot be modified.
+# This doesn't apply to the Personal Info Section.
+$config['ldap']['keepRecordsSynced']       = true;
+
+# If set to true, the user can change his password, and the LDAP record is updated as well.
+$config['ldap']['canChangePassword']        = true;
+
+# Hashing algorithm used to store passwords in LDAP
+# If you prefer to leave the passwords unhashed, set to false.
+$config['ldap']['passwordHashing']          = 'SSHA';
+
+# These defaults are drawn from an inetOrgPerson LDAP Object class
+$config['ldap']['fields']['nickname']       = 'cn';
+$config['ldap']['fields']['email']          = 'mail';
+$config['ldap']['fields']['fullname']       = 'givenname+sn';
+$config['ldap']['fields']['postcode']       = 'postalCode';
+
+
+#
+#  -------  YUBIKEY ------------
+#
+$config['yubikey']['enabled']               = false;
+
+# Set to true to force utilization of the Yubikey, instead of passwords.
+# Only use it for newer installations, as current existent users won't be able to log-in.
+$config['yubikey']['force']                 = false;
+
+$config['yubikey']['api_id']                = '';
+$config['yubikey']['api_key']               = '';
+
+
 #
 #  -------  E-MAIL ------------
 #

config.template.php

@@ -9,6 +9,7 @@ $config['environment']['production']        = {environment.production};
 $config['environment']['YDN']               = {environment.YDN};
 $config['environment']['ajax_slowdown']     = {environment.ajax_slowdown};
 $config['environment']['keep_history_days'] = {environment.keep_history_days};
+$config['environment']['unconfirmed_accounts_days_expire'] = {environment.unconfirmed_accounts_days_expire};
 
 # Enable / Disable account self-registration.
 $config['environment']['registrations_enabled'] = {environment.registrations_enabled};
@@ -19,6 +20,14 @@ $config['environment']['locale']            = '{environment.locale}';
 $config['environment']['template']          = '{environment.template}';
 
 
+
+#
+#  -------  HTML metadata ------------
+#
+$config['metadata']['description']          = '{metadata.description}';
+$config['metadata']['keywords']             = '{metadata.keywords}';
+
+
 #
 #  -------  LOGGING ------------
 #
@@ -72,6 +81,87 @@ $config['database']['params']['username']   = '{database.params.username}';
 $config['database']['params']['password']   = '{database.params.password}';
 
 
+
+#
+#  -------  PASSWORDS ------------
+#
+# Point to file with a blacklist of words
+# The path must relative to Community-ID's root directory.
+$config['security']['passwords']['dictionary'] = '{security.passwords.dictionary}';
+
+# If set to true, the password should not contain the username
+$config['security']['passwords']['username_different'] = {security.passwords.username_different};
+
+# Set the password's minimum length
+$config['security']['passwords']['minimum_length'] = {security.passwords.minimum_length};
+
+# Set to true if the password should contain number characters
+$config['security']['passwords']['include_numbers'] = {security.passwords.include_numbers};
+
+# Set to true if the password should contain non alpha-numeric characters
+$config['security']['passwords']['include_symbols'] = {security.passwords.include_symbols};
+
+# Set to true if the password should contain both lower case and uppercase characters
+$config['security']['passwords']['lowercase_and_uppercase'] = {security.passwords.lowercase_and_uppercase};
+
+
+#
+#  -------  USERNAMES ------------
+#
+# Enter a regular expression (or litteral) for usernames you wish to exclude
+# You can add as many entries as you want
+$config['security']['usernames']['exclude'][0] = '{security.usernames.exclude}';
+
+
+#
+#  -------  LDAP ------------
+#
+$config['ldap']['enabled']                  = {ldap.enabled};
+$config['ldap']['host']                     = '{ldap.host}';
+$config['ldap']['baseDn']                   = '{ldap.baseDn}';
+$config['ldap']['bindRequiresDn']           = {ldap.bindRequiresDn};
+
+# credentials for LDAP administator user. Username must be a DN. This is not the same
+# as the Community-ID administrator user.
+$config['ldap']['username']                 = '{ldap.username}';
+$config['ldap']['password']                 = '{ldap.password}';
+
+# CN for the Community-ID admin
+$config['ldap']['admin']                    = '{ldap.admin}';
+
+# If set to true, when the Account Info is updated or the account is deleted,
+# then the LDAP record is updated/deleted as well.
+# If set to false, the account info cannot be modified.
+# This doesn't apply to the Personal Info Section.
+$config['ldap']['keepRecordsSynced']       = {ldap.keepRecordsSynced};
+
+# If set to true, the user can change his password, and the LDAP record is updated as well.
+$config['ldap']['canChangePassword']        = {ldap.canChangePassword};
+
+# Hashing algorithm used to store passwords in LDAP
+# If you prefer to leave the passwords unhashed, set to false.
+$config['ldap']['passwordHashing']          = '{ldap.passwordHashing}';
+
+# These defaults are drawn from an inetOrgPerson LDAP Object class
+$config['ldap']['fields']['nickname']       = '{ldap.fields.nickname}';
+$config['ldap']['fields']['email']          = '{ldap.fields.email}';
+$config['ldap']['fields']['fullname']       = '{ldap.fields.fullname}';
+$config['ldap']['fields']['postcode']       = '{ldap.fields.postcode}';
+
+
+#
+#  -------  YUBIKEY ------------
+#
+$config['yubikey']['enabled']               = {yubikey.enabled};
+
+# Set to true to force utilization of the Yubikey, instead of passwords.
+# Only use it for newer installations, as current existent users won't be able to log-in.
+$config['yubikey']['force']                 = {yubikey.force};
+
+$config['yubikey']['api_id']                = '{yubikey.api_id}';
+$config['yubikey']['api_key']               = '{yubikey.api_key}';
+
+
 #
 #  -------  E-MAIL ------------
 #