181 lines
5.0 KiB
HTML
181 lines
5.0 KiB
HTML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
|
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
|
<head>
|
|
<meta name="generator" content=
|
|
"HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" />
|
|
|
|
<title>Lemonldap::NG documentation: 4.6-LDAP-user-backend.html</title>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
|
<style type="text/css">
|
|
/*<![CDATA[*/
|
|
body{
|
|
background: #ddd;
|
|
font-family: sans-serif;
|
|
font-size: 11pt;
|
|
padding: 0 50px;
|
|
}
|
|
div.main-content{
|
|
padding: 10px;
|
|
background: #fff;
|
|
border: 2px #ccc solid;
|
|
}
|
|
a{
|
|
text-decoration: none;
|
|
}
|
|
p.footer{
|
|
text-align: center;
|
|
margin: 5px 0 0 0;
|
|
}
|
|
.heading-1{
|
|
text-align: center;
|
|
color: orange;
|
|
font-variant: small-caps;
|
|
font-size: 20pt;
|
|
}
|
|
.heading-1-1{
|
|
color: orange;
|
|
font-size: 14pt;
|
|
border-bottom: 2px #ccc solid;
|
|
}
|
|
pre{
|
|
background: #eee;
|
|
border: 2px #ccc solid;
|
|
padding: 5px;
|
|
border-left: 10px #ccc solid;
|
|
}
|
|
ul.star li{
|
|
list-style-type: square;
|
|
}
|
|
/*]]>*/
|
|
</style>
|
|
</head>
|
|
|
|
<body>
|
|
<div class="main-content">
|
|
<h2 class="heading-1"><span id="HLDAPUserbackend">LDAP User
|
|
backend</span></h2>
|
|
|
|
<p class="paragraph"></p>
|
|
|
|
<ul>
|
|
<li><a href="#HPresentation">Presentation</a></li>
|
|
|
|
<li><a href="#HConfiguration">Configuration</a></li>
|
|
|
|
<li><a href="#HGroups">Groups</a></li>
|
|
|
|
<li><a href="#HActiveDirectory">Active Directory</a></li>
|
|
|
|
<li><a href="#HSeealso">See also</a></li>
|
|
</ul>
|
|
|
|
<h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>
|
|
|
|
<p class="paragraph"></p>LDAP is the default (and historical) user
|
|
backend. It will search the user in the directory (if not already done by
|
|
LDAP authentication backend) and get all configured exported attributes.
|
|
It will also search groups if this option is selected (not active by
|
|
default).
|
|
|
|
<h3 class="heading-1-1"><span id=
|
|
"HConfiguration">Configuration</span></h3>
|
|
|
|
<p class="paragraph"></p>Set the user backend:
|
|
|
|
<div class="code">
|
|
<pre>
|
|
userDB => LDAP,
|
|
</pre>
|
|
</div><br />
|
|
<br />
|
|
If no user backend is configured, LDAP is choosen by default.<br />
|
|
<br />
|
|
Parameters are the same as <span class="wikilink"><a href=
|
|
"4.5-LDAP-authentication-backend.html">LDAP authentication
|
|
backend</a></span>.<br />
|
|
<br />
|
|
Password policy has no effect here.
|
|
|
|
<h3 class="heading-1-1"><span id="HGroups">Groups</span></h3><br />
|
|
<br />
|
|
LemonLDAP::NG can browse the directory and find the groups containing the
|
|
authenticated user as a member.<br />
|
|
<br />
|
|
Parameters are:
|
|
|
|
<ul class="star">
|
|
<li>ldapGroupBase: DN of groups branch (can be the suffix)</li>
|
|
|
|
<li>ldapGroupObjectClass: objectClass of the groups</li>
|
|
|
|
<li>ldapGroupAttributeName: name of the attribute in the groups storing
|
|
the link to the user</li>
|
|
|
|
<li>ldapGroupAttributeNameUser: name of the attribute in users entries
|
|
used in the link</li>
|
|
|
|
<li>ldapGroupAttributeNameSearch: name(s) of the attribute storing the
|
|
name of the group (this should be a list reference)</li>
|
|
|
|
<li>ldapGroupRecursive: activate recursive group functionality</li>
|
|
|
|
<li>ldapGroupAttributeNameGroup: name of the attribute in groups entries
|
|
used in the link</li>
|
|
</ul>You can edit portal/index.pl to modify the values, for example:
|
|
|
|
<div class="code">
|
|
<pre>
|
|
ldapGroupBase => 'ou=groups,dc=example,dc=com',
|
|
ldapGroupObjectClass => 'groupOfUniqueNames',
|
|
ldapGroupAttributeName => 'uniqueMember',
|
|
ldapGroupAttributeNameUser => 'dn',
|
|
ldapGroupAttributeNameGroup => 'dn',
|
|
ldapGroupAttributeNameSearch => ['cn'],
|
|
ldapGroupRecursive => 1,
|
|
</pre>
|
|
</div>
|
|
|
|
<h3 class="heading-1-1"><span id="HActiveDirectory">Active
|
|
Directory</span></h3>
|
|
|
|
<p class="paragraph"></p>As for LDAP authentication, just modify
|
|
LDAPfitler:
|
|
|
|
<div class="code">
|
|
<pre>
|
|
LDAPFilter => '(&(sAMAccountName=$user)(objectClass=user))',
|
|
</pre>
|
|
</div><br />
|
|
<br />
|
|
And for groups:
|
|
|
|
<div class="code">
|
|
<pre>
|
|
ldapGroupBase => 'ou=groups,dc=example,dc=com',
|
|
ldapGroupObjectClass => 'group',
|
|
ldapGroupAttributeName => 'member',
|
|
ldapGroupAttributeNameUser => 'dn',
|
|
ldapGroupAttributeNameGroup => 'dn',
|
|
ldapGroupAttributeNameSearch => ['cn'],
|
|
ldapGroupRecursive => 1,
|
|
</pre>
|
|
</div>
|
|
|
|
<h3 class="heading-1-1"><span id="HSeealso">See also</span></h3>
|
|
|
|
<ul class="star">
|
|
<li><span class="wikilink"><a href=
|
|
"4.5-LDAP-authentication-backend.html">Auth LDAP</a></span></li>
|
|
|
|
<li><span class="wikilink"><a href=
|
|
"4.7-LDAP-password-backend.html">Password DBLDAP</a></span></li>
|
|
</ul>
|
|
</div>
|
|
|
|
<p class="footer"><a href="index.html">Index</a></p>
|
|
</body>
|
|
</html>
|