gnu-social/plugins/LdapAuthorization
Siebrand Mazeland 0210b765ad Localisation updates from http://translatewiki.net.
Looks like some documentation patches from 0.9.x didn't make it into 1.0.x (see statusnet.pot diff). Have to check with Brion what went wrong there.
2011-03-03 18:21:17 +01:00
..
locale Localisation updates from http://translatewiki.net. 2011-03-03 18:21:17 +01:00
LdapAuthorizationPlugin.php Assigning my copyrights to the Free Software Foundation 2010-05-27 18:27:33 -04:00
README Improve description of what the provide_name parameter means 2010-02-24 22:29:46 -05:00

The LDAP Authorization plugin allows for StatusNet to handle authorization
through LDAP.

Installation
============
add "addPlugin('ldapAuthorization',
    array('setting'=>'value', 'setting2'=>'value2', ...);"
to the bottom of your config.php

You *cannot* use this plugin without the LDAP Authentication plugin

Settings
========
provider_name*: This is a identifier designated to the connection.
    It's how StatusNet will refer to the authentication source.
    For the most part, any name can be used, so long as each authentication source has a different identifier.
    In most cases there will be only one authentication source used.
authoritative (false): should this plugin be authoritative for
    authorization?
uniqueMember_attribute ('uniqueMember')*: the attribute of a group
    that lists the DNs of its members
roles_to_groups: array that maps StatusNet roles to LDAP groups
    some StatusNet roles are: moderator, administrator, sandboxed, silenced
login_group: if this is set to a group DN, only members of that group will be
    allowed to login
    
The below settings must be exact copies of the settings used for the
    corresponding LDAP Authentication plugin.
    
host*: LDAP server name to connect to. You can provide several hosts in an
    array in which case the hosts are tried from left to right.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
port: Port on the server.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
version: LDAP version.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
starttls: TLS is started after connecting.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
binddn: The distinguished name to bind as (username).
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
bindpw: Password for the binddn.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
basedn*: LDAP base name (root directory).
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
options: See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
filter: Default search filter.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
scope: Default search scope.
    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php

attributes: an array that relates StatusNet user attributes to LDAP ones
    username*: LDAP attribute value entered when authenticating to StatusNet

* required
default values are in (parenthesis)

Example
=======
Here's an example of an LDAP plugin configuration that connects to
    Microsoft Active Directory.

addPlugin('ldapAuthentication', array(
    'provider_name'=>'Example',
    'authoritative'=>true,
    'autoregistration'=>true,
    'binddn'=>'username',
    'bindpw'=>'password',
    'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
    'host'=>array('server1', 'server2'),
    'password_encoding'=>'ad',
    'attributes'=>array(
        'username'=>'sAMAccountName',
        'nickname'=>'sAMAccountName',
        'email'=>'mail',
        'fullname'=>'displayName',
        'password'=>'unicodePwd')
));
addPlugin('ldapAuthorization', array(
    'provider_name'=>'Example',
    'authoritative'=>false,
    'uniqueMember_attribute'=>'member',
    'roles_to_groups'=> array(
        'moderator'=>'CN=SN-Moderators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
        'administrator'=> array('CN=System-Adminstrators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
                                'CN=SN-Administrators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc')
        ),
    'binddn'=>'username',
    'bindpw'=>'password',
    'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
    'host'=>array('server1', 'server2'),
    'attributes'=>array(
        'username'=>'sAMAccountName')
));