forked from GNUsocial/gnu-social
0210b765ad
Looks like some documentation patches from 0.9.x didn't make it into 1.0.x (see statusnet.pot diff). Have to check with Brion what went wrong there.
The LDAP Authorization plugin allows for StatusNet to handle authorization
through LDAP.
Installation
============
add "addPlugin('ldapAuthorization',
array('setting'=>'value', 'setting2'=>'value2', ...);"
to the bottom of your config.php
You *cannot* use this plugin without the LDAP Authentication plugin
Settings
========
provider_name*: This is a identifier designated to the connection.
It's how StatusNet will refer to the authentication source.
For the most part, any name can be used, so long as each authentication source has a different identifier.
In most cases there will be only one authentication source used.
authoritative (false): should this plugin be authoritative for
authorization?
uniqueMember_attribute ('uniqueMember')*: the attribute of a group
that lists the DNs of its members
roles_to_groups: array that maps StatusNet roles to LDAP groups
some StatusNet roles are: moderator, administrator, sandboxed, silenced
login_group: if this is set to a group DN, only members of that group will be
allowed to login
The below settings must be exact copies of the settings used for the
corresponding LDAP Authentication plugin.
host*: LDAP server name to connect to. You can provide several hosts in an
array in which case the hosts are tried from left to right.
See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
port: Port on the server.
See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
version: LDAP version.
See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
starttls: TLS is started after connecting.
See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
binddn: The distinguished name to bind as (username).
See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
bindpw: Password for the binddn.
See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
basedn*: LDAP base name (root directory).
See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
options: See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
filter: Default search filter.
See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
scope: Default search scope.
See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
attributes: an array that relates StatusNet user attributes to LDAP ones
username*: LDAP attribute value entered when authenticating to StatusNet
* required
default values are in (parenthesis)
Example
=======
Here's an example of an LDAP plugin configuration that connects to
Microsoft Active Directory.
addPlugin('ldapAuthentication', array(
'provider_name'=>'Example',
'authoritative'=>true,
'autoregistration'=>true,
'binddn'=>'username',
'bindpw'=>'password',
'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
'host'=>array('server1', 'server2'),
'password_encoding'=>'ad',
'attributes'=>array(
'username'=>'sAMAccountName',
'nickname'=>'sAMAccountName',
'email'=>'mail',
'fullname'=>'displayName',
'password'=>'unicodePwd')
));
addPlugin('ldapAuthorization', array(
'provider_name'=>'Example',
'authoritative'=>false,
'uniqueMember_attribute'=>'member',
'roles_to_groups'=> array(
'moderator'=>'CN=SN-Moderators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
'administrator'=> array('CN=System-Adminstrators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
'CN=SN-Administrators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc')
),
'binddn'=>'username',
'bindpw'=>'password',
'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
'host'=>array('server1', 'server2'),
'attributes'=>array(
'username'=>'sAMAccountName')
));