]> git.mxchange.org Git - quix0rs-gnu-social.git/blob - plugins/LdapAuthorization/README
fcf1efa47eb6671ed8c695006d7b17ed83dfe912
[quix0rs-gnu-social.git] / plugins / LdapAuthorization / README
1 The LDAP Authorization plugin allows for StatusNet to handle authorization
2 through LDAP.
3
4 Installation
5 ============
6 add "addPlugin('ldapAuthorization',
7     array('setting'=>'value', 'setting2'=>'value2', ...);"
8 to the bottom of your config.php
9
10 You *cannot* use this plugin without the LDAP Authentication plugin
11
12 Settings
13 ========
14 provider_name*: name of the LDAP authentication provider that this plugin works with.
15 authoritative (false): should this plugin be authoritative for
16     authorization?
17 uniqueMember_attribute ('uniqueMember')*: the attribute of a group
18     that lists the DNs of its members
19 roles_to_groups*: array that maps StatusNet roles to LDAP groups
20     some StatusNet roles are: moderator, administrator, sandboxed, silenced
21 login_group: if this is set to a group DN, only members of that group will be
22     allowed to login
23     
24 The below settings must be exact copies of the settings used for the
25     corresponding LDAP Authentication plugin.
26     
27 host*: LDAP server name to connect to. You can provide several hosts in an
28     array in which case the hosts are tried from left to right.
29     See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
30 port: Port on the server.
31     See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
32 version: LDAP version.
33     See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
34 starttls: TLS is started after connecting.
35     See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
36 binddn: The distinguished name to bind as (username).
37     See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
38 bindpw: Password for the binddn.
39     See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
40 basedn*: LDAP base name (root directory).
41     See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
42 options: See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
43 filter: Default search filter.
44     See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
45 scope: Default search scope.
46     See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
47
48 attributes: an array that relates StatusNet user attributes to LDAP ones
49     username*: LDAP attribute value entered when authenticating to StatusNet
50
51 * required
52 default values are in (parenthesis)
53
54 Example
55 =======
56 Here's an example of an LDAP plugin configuration that connects to
57     Microsoft Active Directory.
58
59 addPlugin('ldapAuthentication', array(
60     'provider_name'=>'Example',
61     'authoritative'=>true,
62     'autoregistration'=>true,
63     'binddn'=>'username',
64     'bindpw'=>'password',
65     'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
66     'host'=>array('server1', 'server2'),
67     'password_encoding'=>'ad',
68     'attributes'=>array(
69         'username'=>'sAMAccountName',
70         'nickname'=>'sAMAccountName',
71         'email'=>'mail',
72         'fullname'=>'displayName',
73         'password'=>'unicodePwd')
74 ));
75 addPlugin('ldapAuthorization', array(
76     'provider_name'=>'Example',
77     'authoritative'=>false,
78     'uniqueMember_attribute'=>'member',
79     'roles_to_groups'=> array(
80         'moderator'=>'CN=SN-Moderators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
81         'administrator'=> array('CN=System-Adminstrators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
82                                 'CN=SN-Administrators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc')
83         ),
84     'binddn'=>'username',
85     'bindpw'=>'password',
86     'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
87     'host'=>array('server1', 'server2'),
88     'attributes'=>array(
89         'username'=>'sAMAccountName')
90 ));
91