| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 |
- The LDAP Authentication plugin allows for StatusNet to handle authentication
- through LDAP.
- Installation
- ============
- add "addPlugin('ldapAuthentication',
- array('setting'=>'value', 'setting2'=>'value2', ...);"
- to the bottom of your config.php
- Settings
- ========
- provider_name*: This is a identifier designated to the connection.
- It's how StatusNet will refer to the authentication source.
- For the most part, any name can be used, so long as each authentication
- source has a different identifier. In most cases there will be only one
- authentication source used.
- authoritative (false): Set to true if LDAP's responses are authoritative
- (if authorative and LDAP fails, no other password checking will be done).
- autoregistration (false): Set to true if users should be automatically created
- when they attempt to login.
- email_changeable (true): Are users allowed to change their email address?
- (true or false)
- password_changeable (true): Are users allowed to change their passwords?
- (true or false)
- password_encoding: required if users are to be able to change their passwords
- Possible values are: crypt, ext_des, md5crypt, blowfish, md5, sha, ssha,
- smd5, ad, clear
- host*: LDAP server name to connect to. You can provide several hosts in an
- array in which case the hosts are tried from left to right.
- See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
- port: Port on the server.
- See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
- version: LDAP version.
- See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
- starttls: TLS is started after connecting.
- See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
- binddn: The distinguished name to bind as (username).
- See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
- bindpw: Password for the binddn.
- See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
- basedn*: LDAP base name (root directory).
- See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
- options: See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
- filter: Default search filter.
- See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
- scope: Default search scope.
- See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
- schema_cachefile: File location to store ldap schema.
- schema_maxage: TTL for cache file.
- attributes: an array that relates StatusNet user attributes to LDAP ones
- username*: LDAP attribute value entered when authenticating to StatusNet
- nickname*: LDAP attribute value shown as the user's nickname
- email
- fullname
- homepage
- location
- password: required if users are to be able to change their passwords
- * required
- default values are in (parenthesis)
- For most LDAP installations, the "nickname" and "username" attributes should
- be the same.
- Example
- =======
- Here's an example of an LDAP plugin configuration that connects to
- Microsoft Active Directory.
- addPlugin('ldapAuthentication', array(
- 'provider_name'=>'Example',
- 'authoritative'=>true,
- 'autoregistration'=>true,
- 'binddn'=>'username',
- 'bindpw'=>'password',
- 'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
- 'host'=>array('server1', 'server2'),
- 'password_encoding'=>'ad',
- 'attributes'=>array(
- 'username'=>'sAMAccountName',
- 'nickname'=>'sAMAccountName',
- 'email'=>'mail',
- 'fullname'=>'displayName',
- 'password'=>'unicodePwd')
- ));
|
