lemonldap-ng/build/lemonldap-ng/doc/4.6-LDAP-user-backend.html

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
  <meta name="generator" content=
  "HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" />

  <title>Lemonldap::NG documentation: 4.6-LDAP-user-backend.html</title>
  <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
  <style type="text/css">
/*<![CDATA[*/
    body{
      background: #ddd;
      font-family: sans-serif;
      font-size: 11pt;
      padding: 0 50px;
    }
    div.main-content{
      padding: 10px;
      background: #fff;
      border: 2px #ccc solid;
    }
    a{
      text-decoration: none;
    }
    p.footer{
      text-align: center;
      margin: 5px 0 0 0;
    }
    .heading-1{
      text-align: center;
      color: orange;
      font-variant: small-caps;
      font-size: 20pt;
    }
    .heading-1-1{
      color: orange;
      font-size: 14pt;
      border-bottom: 2px #ccc solid;
    }
    pre{
      background: #eee;
      border: 2px #ccc solid;
      padding: 5px;
      border-left: 10px #ccc solid;
    }
    ul.star li{
      list-style-type: square;
    }
  /*]]>*/
  </style>
</head>

<body>
  <div class="main-content">
    <h2 class="heading-1"><span id="HLDAPUserbackend">LDAP User
    backend</span></h2>

    <p class="paragraph"></p>

    <ul>
      <li><a href="#HPresentation">Presentation</a></li>

      <li><a href="#HConfiguration">Configuration</a></li>

      <li><a href="#HGroups">Groups</a></li>

      <li><a href="#HActiveDirectory">Active Directory</a></li>

      <li><a href="#HSeealso">See also</a></li>
    </ul>

    <h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>

    <p class="paragraph"></p>LDAP is the default (and historical) user
    backend. It will search the user in the directory (if not already done by
    LDAP authentication backend) and get all configured exported attributes.
    It will also search groups if this option is selected (not active by
    default).

    <h3 class="heading-1-1"><span id=
    "HConfiguration">Configuration</span></h3>

    <p class="paragraph"></p>Set the user backend:

    <div class="code">
      <pre>
userDB =&gt; LDAP,
</pre>
    </div><br />
    <br />
    If no user backend is configured, LDAP is choosen by default.<br />
    <br />
    Parameters are the same as <span class="wikilink"><a href=
    "4.5-LDAP-authentication-backend.html">LDAP authentication
    backend</a></span>.<br />
    <br />
    Password policy has no effect here.

    <h3 class="heading-1-1"><span id="HGroups">Groups</span></h3><br />
    <br />
    LemonLDAP::NG can browse the directory and find the groups containing the
    authenticated user as a member.<br />
    <br />
    Parameters are:

    <ul class="star">
      <li>ldapGroupBase: DN of groups branch (can be the suffix)</li>

      <li>ldapGroupObjectClass: objectClass of the groups</li>

      <li>ldapGroupAttributeName: name of the attribute in the groups storing
      the link to the user</li>

      <li>ldapGroupAttributeNameUser: name of the attribute in users entries
      used in the link</li>

      <li>ldapGroupAttributeNameSearch: name(s) of the attribute storing the
      name of the group (this should be a list reference)</li>

      <li>ldapGroupRecursive: activate recursive group functionality</li>

      <li>ldapGroupAttributeNameGroup: name of the attribute in groups entries
      used in the link</li>
    </ul>You can edit portal/index.pl to modify the values, for example:

    <div class="code">
      <pre>
ldapGroupBase =&gt; 'ou=groups,dc=example,dc=com',
ldapGroupObjectClass =&gt; 'groupOfUniqueNames',
ldapGroupAttributeName =&gt; 'uniqueMember',
ldapGroupAttributeNameUser =&gt; 'dn',
ldapGroupAttributeNameGroup =&gt; 'dn',
ldapGroupAttributeNameSearch =&gt; ['cn'],
ldapGroupRecursive =&gt; 1,
</pre>
    </div>

    <h3 class="heading-1-1"><span id="HActiveDirectory">Active
    Directory</span></h3>

    <p class="paragraph"></p>As for LDAP authentication, just modify
    LDAPfitler:

    <div class="code">
      <pre>
LDAPFilter =&gt; '(&amp;(sAMAccountName=$user)(objectClass=user))',
</pre>
    </div><br />
    <br />
    And for groups:

    <div class="code">
      <pre>
ldapGroupBase =&gt; 'ou=groups,dc=example,dc=com',
ldapGroupObjectClass =&gt; 'group',
ldapGroupAttributeName =&gt; 'member',
ldapGroupAttributeNameUser =&gt; 'dn',
ldapGroupAttributeNameGroup =&gt; 'dn',
ldapGroupAttributeNameSearch =&gt; ['cn'],
ldapGroupRecursive =&gt; 1,
</pre>
    </div>

    <h3 class="heading-1-1"><span id="HSeealso">See also</span></h3>

    <ul class="star">
      <li><span class="wikilink"><a href=
      "4.5-LDAP-authentication-backend.html">Auth LDAP</a></span></li>

      <li><span class="wikilink"><a href=
      "4.7-LDAP-password-backend.html">Password DBLDAP</a></span></li>
    </ul>
  </div>

  <p class="footer"><a href="index.html">Index</a></p>
</body>
</html>