X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=plugins%2FLdapAuthentication%2FREADME;h=a21ba4d483d2f1104207e13f364b74947a6749f0;hb=87d46e1ae5e5effcc985021ff5af3f10815f3d3c;hp=b10a1eb9303d17933fc4d803460e6f2e67b63eff;hpb=bac2d80c919a78d5cafd57f712872a90cda04847;p=quix0rs-gnu-social.git diff --git a/plugins/LdapAuthentication/README b/plugins/LdapAuthentication/README index b10a1eb930..a21ba4d483 100644 --- a/plugins/LdapAuthentication/README +++ b/plugins/LdapAuthentication/README @@ -1,42 +1,73 @@ -The LDAP Authentication plugin allows for StatusNet to handle authentication through LDAP. +The LDAP Authentication plugin allows for StatusNet to handle authentication +through LDAP. Installation ============ -add "addPlugin('ldapAuthentication', array('setting'=>'value', 'setting2'=>'value2', ...);" to the bottom of your config.php +add "addPlugin('ldapAuthentication', + array('setting'=>'value', 'setting2'=>'value2', ...);" +to the bottom of your config.php Settings ======== -provider_name*: a unique name for this authentication provider. -authoritative (false): Set to true if LDAP's responses are authoritative (meaning if LDAP fails, do check any other plugins or the internal password database). -autoregistration (false): Set to true if users should be automatically created when they attempt to login. -email_changeable (true): Are users allowed to change their email address? (true or false) -password_changeable (true): Are users allowed to change their passwords? (true or false) - -host*: LDAP server name to connect to. You can provide several hosts in an array in which case the hosts are tried from left to right.. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php -port: Port on the server. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php -version: LDAP version. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php -starttls: TLS is started after connecting. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php -binddn: The distinguished name to bind as (username). See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php -bindpw: Password for the binddn. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php -basedn*: LDAP base name (root directory). See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +provider_name*: This is a identifier designated to the connection. + It's how StatusNet will refer to the authentication source. + For the most part, any name can be used, so long as each authentication + source has a different identifier. In most cases there will be only one + authentication source used. +authoritative (false): Set to true if LDAP's responses are authoritative + (if authorative and LDAP fails, no other password checking will be done). +autoregistration (false): Set to true if users should be automatically created + when they attempt to login. +email_changeable (true): Are users allowed to change their email address? + (true or false) +password_changeable (true): Are users allowed to change their passwords? + (true or false) +password_encoding: required if users are to be able to change their passwords + Possible values are: crypt, ext_des, md5crypt, blowfish, md5, sha, ssha, + smd5, ad, clear + +host*: LDAP server name to connect to. You can provide several hosts in an + array in which case the hosts are tried from left to right. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +port: Port on the server. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +version: LDAP version. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +starttls: TLS is started after connecting. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +binddn: The distinguished name to bind as (username). + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +bindpw: Password for the binddn. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +basedn*: LDAP base name (root directory). + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php options: See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php -filter: Default search filter. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php -scope: Default search scope. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +filter: Default search filter. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +scope: Default search scope. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +schema_cachefile: File location to store ldap schema. +schema_maxage: TTL for cache file. -attributes: an array with the key being the StatusNet user attribute name, and the value the LDAP attribute name - username* - nickname* +attributes: an array that relates StatusNet user attributes to LDAP ones + username*: LDAP attribute value entered when authenticating to StatusNet + nickname*: LDAP attribute value shown as the user's nickname email fullname homepage location - + password: required if users are to be able to change their passwords + * required default values are in (parenthesis) +For most LDAP installations, the "nickname" and "username" attributes should + be the same. + Example ======= -Here's an example of an LDAP plugin configuration that connects to Microsoft Active Directory. +Here's an example of an LDAP plugin configuration that connects to + Microsoft Active Directory. addPlugin('ldapAuthentication', array( 'provider_name'=>'Example', @@ -46,8 +77,11 @@ addPlugin('ldapAuthentication', array( 'bindpw'=>'password', 'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc', 'host'=>array('server1', 'server2'), + 'password_encoding'=>'ad', 'attributes'=>array( + 'username'=>'sAMAccountName', 'nickname'=>'sAMAccountName', 'email'=>'mail', - 'fullname'=>'displayName') + 'fullname'=>'displayName', + 'password'=>'unicodePwd') ));