ez.no / exponential / documentation / configuration / configuration / login handler / using ldap server
In Exponential configuration file settings/site.ini, find line
LoginHandler[]=standard
under [UserSettings] block.
To make your Exponential support LDAP, add a new line under this line like following:
LoginHandler[]=standard LoginHandler[]=LDAP
This means that Exponential will try to use 'standard' login handler as usual. If it does not succeed, it would connect to LDAP server to fetch user account information. You can also uncomment the first line like following since when you use LDAP server to login, Exponential will try to find local user at first:
#LoginHandler[]=standard LoginHandler[]=LDAP
The next step is to configure LDAP settings in settings/ldap.ini. Here is an example:
[LDAPSettings] # Set to true if use LDAP server LDAPEnabled=true # LDAP host LDAPServer= # Port nr for LDAP, default is 389 LDAPPort=389 # Specifies the base DN for the directory. # Example: LDAPBaseDn=ou--sales,o--my company LDAPBaseDn= # Could be sub, one, base. LDAPSearchScope=sub # Use the equla sign to replace "=" when specify LDAPBaseDn or LDAPSearchFilters LDAPEqualSign=-- # Add extra search requirment. Uncomment it if you don't need it. # Example: LDAPSearchFilters[]=objectClass--inetOrgPerson LDAPSearchFilters[] # LDAP attribute for login. Normally, uid LDAPLoginAttribute=uid # Could be id or name LDAPUserGroupType=id # Default place to store LDAP users. Could be content object id or group name for # LDAP user group, depends on LDAPUserGroupType. LDAPUserGroup=12 # LDAP attribute type for user group. Could be name or id LDAPUserGroupAttributeType=name # LDAP attribute for user group. For example, employeetype. If specified, # LDAP users will be saved under the same group as in LDAP server. LDAPUserGroupAttribute=employeetype # LDAP attribute for First name. Normally, givenname LDAPFirstNameAttribute=givenname # LDAP attribute for Last name. Normally, sn LDAPLastNameAttribute=sn # LDAP attribute for email. Normally, mail LDAPEmailAttribute=mail
Specify LDAP server, port number if not using 389, base dn, attribute matches between LDAP server and Exponential user account, then LDAP login will be supported by Exponential.
To manage users from LDAP server, a cron job will be executed periodically. You can configure settings/cronjobs.ini to disable running the script.
Note: LDAP support in PHP is not enabled by default. You will need to use the --with-ldap[=DIR] configuration option when compiling PHP to enable LDAP support. DIR is the LDAP base install directory.
Log in or create a user account to comment.
Comments
be carefull for anonymous bind
philippe G
Wednesday 02 August 2006 10:09:46 am
First, i have authentification failure .. i have serach many time, read all the doc but no answer ... all seems ok, my DN was good, i have make some little script to test all the differents parameters .. and the error was in the bind because eZ make an anymous bind and anymous can't bin in my server !
So, if you don't understand why you can log with AD ldap authentification, check this before !
The solution to resolve my problem, not really clean but the result work :
change in kernel/classes/datatypes/ezuser/ezldapuser.php :
by
with before :
I have always some error with the filter .. but it's an other problem ..
Ldap Config
Enk bila
Thursday 28 April 2005 2:02:08 pm
Sobody knows the relation beetwen "LDAPUserGroupType" and "LDAPUserGroup" and witch value for each parameter must I put on.
Tks
Norman Leutner
Monday 28 February 2005 4:01:00 pm
Authenticating against AD
Nathan Reeves
Friday 17 December 2004 3:44:11 am
Hope this helps
Can't connect to AD server
Ricardo Frydman
Monday 08 November 2004 4:11:12 pm
Couldn't connect
username and password required
Any clue?
Thanks in advance!!