LDAP User backend

Presentation

LDAP is the default (and historical) user backend. It will search the user in the directory (if not already done by LDAP authentication backend) and get all configured exported attributes. It will also search groups if this option is selected (not active by default).

Configuration

Set the user backend:
userDB => LDAP,


If no user backend is configured, LDAP is choosen by default.

Parameters are the same as LDAP authentication backend.

Password policy has no effect here.

Groups



LemonLDAP::NG can browse the directory and find the groups containing the authenticated user as a member.

Parameters are: You can edit portal/index.pl to modify the values, for example:
ldapGroupBase => 'ou=groups,dc=example,dc=com',
ldapGroupObjectClass => 'groupOfUniqueNames',
ldapGroupAttributeName => 'uniqueMember',
ldapGroupAttributeNameUser => 'dn',
ldapGroupAttributeNameGroup => 'dn',
ldapGroupAttributeNameSearch => ['cn'],
ldapGroupRecursive => 1,

Active Directory

As for LDAP authentication, just modify LDAPfitler:
LDAPFilter => '(&(sAMAccountName=$user)(objectClass=user))',


And for groups:
ldapGroupBase => 'ou=groups,dc=example,dc=com',
ldapGroupObjectClass => 'group',
ldapGroupAttributeName => 'member',
ldapGroupAttributeNameUser => 'dn',
ldapGroupAttributeNameGroup => 'dn',
ldapGroupAttributeNameSearch => ['cn'],
ldapGroupRecursive => 1,

See also