auth:ldap
Differences
This shows you the differences between two versions of the page.
auth:ldap [2015-10-26 11:37] – old revision restored (2015-07-26 16:52) ach | auth:ldap [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== LDAP Authentication Backend ====== | ||
- | | Since the release 2013-05-10 “Weatherwax”\\ see [[plugin: | ||
- | This module allows [[: | ||
- | |||
- | Users can log into the wiki using their username and password defined in a LDAP server, adding new users is not supported through the LDAP backend. | ||
- | |||
- | :!: Do not report bugs or problems in the wiki! Use the [[: | ||
- | |||
- | ===== Configuration ===== | ||
- | |||
- | This is an example configuration to set in your '' | ||
- | |||
- | <code php> | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | |||
- | # | ||
- | # | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | |||
- | # This is optional but may be required for your server: | ||
- | # | ||
- | |||
- | # This enables the use of the STARTTLS command | ||
- | # | ||
- | |||
- | # This is optional and is required to be off when using Active Directory: | ||
- | # | ||
- | |||
- | # Optional bind user and password if anonymous bind is not allowed | ||
- | # | ||
- | # | ||
- | |||
- | # Mapping can be used to specify where the internal data is coming from. | ||
- | # | ||
- | # | ||
- | |||
- | # Limit search scope for user and group searches (sub|one|base) | ||
- | # | ||
- | # | ||
- | |||
- | # Optional debugging | ||
- | # | ||
- | </ | ||
- | |||
- | You can use the //version// parameter to tell PHP to use Version 3 of the LDAP protocol to connect to your server - default is version 2. | ||
- | |||
- | The // | ||
- | |||
- | The following variables are available for the userfilter and the groupfilter: | ||
- | |||
- | ^ variable | ||
- | | %{user} | ||
- | | %{server} | ||
- | |||
- | The groupfilter can also access all the attributes provided in the user object: | ||
- | |||
- | ^ variable | ||
- | | %{dn} | The users dn eg. uid=user, | ||
- | | %{uid} | ||
- | | %{...} | ||
- | |||
- | The //mapping// is used for directories that uses non " | ||
- | |||
- | ^ variable | ||
- | | grps | %%array(' | ||
- | | name | ' | ||
- | |||
- | The search scope (depth) can be limited to '' | ||
- | |||
- | Authentication is done in these steps: | ||
- | - First see if we need to do an anonymous bind by looking in the usertree for a %{user}: | ||
- | * If found: Set usertree as DN. | ||
- | * If not: Try to find a DN for the given login doing a search in the // | ||
- | - Try to bind with the found DN and the given password - if this succeeds access is granted | ||
- | - For getting the groups a user is in, the // | ||
- | |||
- | ==== Notes ==== | ||
- | |||
- | * While configuring the LDAP access you may want to enable the //debug// option which will print the error messages your LDAP server is delivering. You should disable it again after setup. | ||
- | * The freeware [[http:// | ||
- | * Mappings and field names are always lowercase regardless of the case used in the LDAP server! | ||
- | * Make sure you have the PHP LDAP extension installed. | ||
- | * If you get the " | ||
- | |||
- | ===== Real World Examples ===== | ||
- | |||
- | Below is a list of example configurations used by various users for various LDAP servers. These are examples! Be sure to adjust them to your specific server settings. | ||
- | |||
- | * [[auth: | ||
- | * [[auth: | ||
- | * [[auth: | ||
- | * [[auth: | ||
- | * [[auth: | ||
- | * [[auth: | ||
- | * [[auth: | ||
- | * [[auth: | ||
- | * [[auth: | ||
- | * [[auth: |
auth/ldap.1445855869.txt.gz · Last modified: 2015-10-26 11:37 by ach