gnu-social/plugins/LdapAuthorization/README

The LDAP Authorization plugin allows for StatusNet to handle authorization
through LDAP.

Installation
============
add "addPlugin('ldapAuthorization',
    array('setting'=>'value', 'setting2'=>'value2', ...);"
to the bottom of your config.php

You *cannot* use this plugin without the LDAP Authentication plugin

Settings
========
provider_name*: This is a identifier designated to the connection.
    It's how StatusNet will refer to the authentication source.
    For the most part, any name can be used, so long as each authentication
    source has a different identifier. In most cases there will be only one
    authentication source used.
authoritative (false): should this plugin be authoritative for
    authorization?
uniqueMember_attribute ('uniqueMember')*: the attribute of a group
    that lists the DNs of its members
roles_to_groups: array that maps StatusNet roles to LDAP groups
    some StatusNet roles are: moderator, administrator, sandboxed, silenced
login_group: if this is set to a group DN, only members of that group will be
    allowed to login

The below settings must be exact copies of the settings used for the
    corresponding LDAP Authentication plugin.

host*: LDAP server name to connect to. You can provide several hosts in an
    array in which case the hosts are tried from left to right.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
port: Port on the server.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
version: LDAP version.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
starttls: TLS is started after connecting.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
binddn: The distinguished name to bind as (username).
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
bindpw: Password for the binddn.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
basedn*: LDAP base name (root directory).
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
options: See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
filter: Default search filter.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
scope: Default search scope.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php

attributes: an array that relates StatusNet user attributes to LDAP ones
    username*: LDAP attribute value entered when authenticating to StatusNet

* required
default values are in (parenthesis)

Example
=======
Here's an example of an LDAP plugin configuration that connects to
    Microsoft Active Directory.

addPlugin('ldapAuthentication', array(
    'provider_name'=>'Example',
    'authoritative'=>true,
    'autoregistration'=>true,
    'binddn'=>'username',
    'bindpw'=>'password',
    'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
    'host'=>array('server1', 'server2'),
    'password_encoding'=>'ad',
    'attributes'=>array(
        'username'=>'sAMAccountName',
        'nickname'=>'sAMAccountName',
        'email'=>'mail',
        'fullname'=>'displayName',
        'password'=>'unicodePwd')
));
addPlugin('ldapAuthorization', array(
    'provider_name'=>'Example',
    'authoritative'=>false,
    'uniqueMember_attribute'=>'member',
    'roles_to_groups'=> array(
        'moderator'=>'CN=SN-Moderators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
        'administrator'=> array('CN=System-Adminstrators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
                                'CN=SN-Administrators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc')
        ),
    'binddn'=>'username',
    'bindpw'=>'password',
    'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
    'host'=>array('server1', 'server2'),
    'attributes'=>array(
        'username'=>'sAMAccountName')
));