Merge remote-tracking branch 'upstream/master' into social-master

[quix0rs-gnu-social.git] / plugins / LdapAuthentication / README

The LDAP Authentication plugin allows for StatusNet to handle authentication
through LDAP.

Installation
============
add "addPlugin('ldapAuthentication',
    array('setting'=>'value', 'setting2'=>'value2', ...);"
to the bottom of your config.php

Settings
========
provider_name*: This is a identifier designated to the connection.
    It's how StatusNet will refer to the authentication source.
    For the most part, any name can be used, so long as each authentication
    source has a different identifier. In most cases there will be only one
    authentication source used.
authoritative (false): Set to true if LDAP's responses are authoritative
    (if authorative and LDAP fails, no other password checking will be done).
autoregistration (false): Set to true if users should be automatically created
    when they attempt to login.
email_changeable (true): Are users allowed to change their email address?
    (true or false)
password_changeable (true): Are users allowed to change their passwords?
    (true or false)
password_encoding: required if users are to be able to change their passwords
    Possible values are: crypt, ext_des, md5crypt, blowfish, md5, sha, ssha,
        smd5, ad, clear

host*: LDAP server name to connect to. You can provide several hosts in an
    array in which case the hosts are tried from left to right.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
port: Port on the server.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
version: LDAP version.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
starttls: TLS is started after connecting.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
binddn: The distinguished name to bind as (username).
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
bindpw: Password for the binddn.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
basedn*: LDAP base name (root directory).
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
options: See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
filter: Default search filter.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
scope: Default search scope.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
schema_cachefile: File location to store ldap schema.
schema_maxage: TTL for cache file.

attributes: an array that relates StatusNet user attributes to LDAP ones
    username*: LDAP attribute value entered when authenticating to StatusNet
    nickname*: LDAP attribute value shown as the user's nickname
    email
    fullname
    homepage
    location
    password: required if users are to be able to change their passwords

* required
default values are in (parenthesis)

For most LDAP installations, the "nickname" and "username" attributes should
    be the same.

Example
=======
Here's an example of an LDAP plugin configuration that connects to
    Microsoft Active Directory.

addPlugin('ldapAuthentication', array(
    'provider_name'=>'Example',
    'authoritative'=>true,
    'autoregistration'=>true,
    'binddn'=>'username',
    'bindpw'=>'password',
    'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
    'host'=>array('server1', 'server2'),
    'password_encoding'=>'ad',
    'attributes'=>array(
        'username'=>'sAMAccountName',
        'nickname'=>'sAMAccountName',
        'email'=>'mail',
        'fullname'=>'displayName',
        'password'=>'unicodePwd')
));