to maintain a single password across the organisation.
Optionally authenticates only if a member of a given group in the directory.
-By default, the person must have registered with Friendica using the normal registration
+By default, the person must have registered with Friendica using the normal registration
procedures in order to have a Friendica user record, contact, and profile.
However, it's possible with an option to automate the creation of a Friendica basic account.
Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site
-ldap.conf file to the signing cert for your LDAP server.
+ldap.conf file to the signing cert for your LDAP server.
-The configuration options for this module may be set in the .htconfig.php file
+The configuration options for this module may be set in the config/local.ini.php file
e.g.:
-// ldap hostname server - required
-$a->config['ldapauth']['ldap_server'] = 'host.example.com';
-// dn to search users - required
-$a->config['ldapauth']['ldap_searchdn'] = 'ou=users,dc=example,dc=com';
-// attribute to find username - required
-$a->config['ldapauth']['ldap_userattr'] = 'uid';
+ [ldapauth]
+ // ldap hostname server - required
+ ldap_server = host.example.com
+ // dn to search users - required
+ ldap_searchdn = ou=users,dc=example,dc=com
+ // attribute to find username - required
+ ldap_userattr = uid
-// admin dn - optional - only if ldap server dont have anonymous access
-$a->config['ldapauth']['ldap_binddn'] = 'cn=admin,dc=example,dc=com';
-// admin password - optional - only if ldap server dont have anonymous access
-$a->config['ldapauth']['ldap_bindpw'] = 'password';
+ // admin dn - optional - only if ldap server dont have anonymous access
+ ldap_binddn = cn=admin,dc=example,dc=com
+ // admin password - optional - only if ldap server dont have anonymous access
+ ldap_bindpw = password
-// for create Friendica account if user exist in ldap
-// required an email and a simple (beautiful) nickname on user ldap object
-// active account creation - optional - default none
-$a->config['ldapauth']['ldap_autocreateaccount'] = 'true';
-// attribute to get email - optional - default : 'mail'
-$a->config['ldapauth']['ldap_autocreateaccount_emailattribute'] = 'mail';
-// attribute to get nickname - optional - default : 'givenName'
-$a->config['ldapauth']['ldap_autocreateaccount_nameattribute'] = 'givenName';
+ // for create Friendica account if user exist in ldap
+ // required an email and a simple (beautiful) nickname on user ldap object
+ // active account creation - optional - default none
+ ldap_autocreateaccount = true
+ // attribute to get email - optional - default : 'mail'
+ ldap_autocreateaccount_emailattribute = mail
+ // attribute to get nickname - optional - default : 'givenName'
+ ldap_autocreateaccount_nameattribute = givenName
...etc.
--- /dev/null
+<?php return <<<INI
+
+; Warning: Don't change this file! It only holds the default config values for this addon.
+; Instead overwrite these config values in config/local.ini.php in your Friendica directory
+
+[ldapauth]
+; ldap_server (String)
+; ldap hostname server - required
+; Example: ldap_server = host.example.com
+ldap_server =
+
+; ldap_binddn (String)
+; admin dn - optional - only if ldap server dont have anonymous access
+; Example: ldap_binddn = cn=admin,dc=example,dc=com
+ldap_binddn =
+
+; ldap_bindpw (String)
+; admin password - optional - only if ldap server dont have anonymous access
+ldap_bindpw =
+
+; ldap_searchdn (String)
+; dn to search users - required
+; Example: ldap_searchdn = ou=users,dc=example,dc=com
+ldap_searchdn =
+
+; ldap_userattr (String)
+; attribute to find username - required
+; Example: ldap_userattr = uid
+ldap_userattr =
+
+; ldap_group (String)
+; DN of the group whose member can auth on Friendica - optional
+ldap_group =
+
+; ldap_autocreateaccount (Boolean)
+; for create Friendica account if user exist in ldap
+; required an email and a simple (beautiful) nickname on user ldap object
+; active account creation - optional - default none
+ldap_autocreateaccount = true
+
+; ldap_autocreateaccount_emailattribute (String)
+; attribute to get email - optional - default : 'mail'
+ldap_autocreateaccount_emailattribute = mail
+
+; ldap_autocreateaccount_nameattribute (String)
+; attribute to get nickname - optional - default : 'givenName'
+ldap_autocreateaccount_nameattribute = givenName
+
+INI;
+//Keep this line
\ No newline at end of file
* Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site
* ldap.conf file to the signing cert for your LDAP server.
*
- * The configuration options for this module may be set in the .htconfig.php file
+ * The configuration options for this module may be set in the config/local.ini.php file
* e.g.:
*
- * // ldap hostname server - required
- * $a->config['ldapauth']['ldap_server'] = 'host.example.com';
- * // dn to search users - required
- * $a->config['ldapauth']['ldap_searchdn'] = 'ou=users,dc=example,dc=com';
- * // attribute to find username - required
- * $a->config['ldapauth']['ldap_userattr'] = 'uid';
+ * [ldapauth]
+ * ; ldap hostname server - required
+ * ldap_server = host.example.com
+ * ; dn to search users - required
+ * ldap_searchdn = ou=users,dc=example,dc=com
+ * ; attribute to find username - required
+ * ldap_userattr = uid
*
- * // admin dn - optional - only if ldap server dont have anonymous access
- * $a->config['ldapauth']['ldap_binddn'] = 'cn=admin,dc=example,dc=com';
- * // admin password - optional - only if ldap server dont have anonymous access
- * $a->config['ldapauth']['ldap_bindpw'] = 'password';
+ * ; admin dn - optional - only if ldap server dont have anonymous access
+ * ldap_binddn = cn=admin,dc=example,dc=com
+ * ; admin password - optional - only if ldap server dont have anonymous access
+ * ldap_bindpw = password
*
- * // for create Friendica account if user exist in ldap
- * // required an email and a simple (beautiful) nickname on user ldap object
- * // active account creation - optional - default none
- * $a->config['ldapauth']['ldap_autocreateaccount'] = 'true';
- * // attribute to get email - optional - default : 'mail'
- * $a->config['ldapauth']['ldap_autocreateaccount_emailattribute'] = 'mail';
- * // attribute to get nickname - optional - default : 'givenName'
- * $a->config['ldapauth']['ldap_autocreateaccount_nameattribute'] = 'cn';
+ * ; for create Friendica account if user exist in ldap
+ * ; required an email and a simple (beautiful) nickname on user ldap object
+ * ; active account creation - optional - default none
+ * ldap_autocreateaccount = true
+ * ; attribute to get email - optional - default : 'mail'
+ * ldap_autocreateaccount_emailattribute = mail
+ * ; attribute to get nickname - optional - default : 'givenName'
+ * ldap_autocreateaccount_nameattribute = cn
*
* ...etc.
*/
function ldapauth_install()
{
+ Addon::registerHook('load_config', 'addon/ldapauth/ldapauth.php', 'ldapauth_load_config');
Addon::registerHook('authenticate', 'addon/ldapauth/ldapauth.php', 'ldapauth_hook_authenticate');
}
function ldapauth_uninstall()
{
+ Addon::unregisterHook('load_config', 'addon/ldapauth/ldapauth.php', 'ldapauth_load_config');
Addon::unregisterHook('authenticate', 'addon/ldapauth/ldapauth.php', 'ldapauth_hook_authenticate');
}
+function ldapauth_load_config(\Friendica\App $a)
+{
+ $a->loadConfigFile(__DIR__. '/config/ldapauth.ini.php');
+}
+
function ldapauth_hook_authenticate($a, &$b)
{
if (ldapauth_authenticate($b['username'], $b['password'])) {
projects / friendica-addons.git / commitdiff