forked from GNUsocial/gnu-social
46f98b3142
The core plugins whose version was attached to GS's were reseted to 2.0.0. 2.0.0 was chosen as reset version for plugins because it is higher than the one that was set by inheriting GS version. Furthermore, it's a major change from prior plugin versioning system thus it also makes semantic sense. Justification for version bump: == GS == 9a4ab31f26 1.19.0 |
||
---|---|---|
.. | ||
locale | ||
LdapAuthorizationPlugin.php | ||
README |
The LDAP Authorization plugin allows for StatusNet to handle authorization through LDAP. Installation ============ add "addPlugin('ldapAuthorization', array('setting'=>'value', 'setting2'=>'value2', ...);" to the bottom of your config.php You *cannot* use this plugin without the LDAP Authentication plugin Settings ======== provider_name*: This is a identifier designated to the connection. It's how StatusNet will refer to the authentication source. For the most part, any name can be used, so long as each authentication source has a different identifier. In most cases there will be only one authentication source used. authoritative (false): should this plugin be authoritative for authorization? uniqueMember_attribute ('uniqueMember')*: the attribute of a group that lists the DNs of its members roles_to_groups: array that maps StatusNet roles to LDAP groups some StatusNet roles are: moderator, administrator, sandboxed, silenced login_group: if this is set to a group DN, only members of that group will be allowed to login The below settings must be exact copies of the settings used for the corresponding LDAP Authentication plugin. host*: LDAP server name to connect to. You can provide several hosts in an array in which case the hosts are tried from left to right. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php port: Port on the server. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php version: LDAP version. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php starttls: TLS is started after connecting. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php binddn: The distinguished name to bind as (username). See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php bindpw: Password for the binddn. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php basedn*: LDAP base name (root directory). See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php options: See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php filter: Default search filter. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php scope: Default search scope. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php attributes: an array that relates StatusNet user attributes to LDAP ones username*: LDAP attribute value entered when authenticating to StatusNet * required default values are in (parenthesis) Example ======= Here's an example of an LDAP plugin configuration that connects to Microsoft Active Directory. addPlugin('ldapAuthentication', array( 'provider_name'=>'Example', 'authoritative'=>true, 'autoregistration'=>true, 'binddn'=>'username', 'bindpw'=>'password', 'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc', 'host'=>array('server1', 'server2'), 'password_encoding'=>'ad', 'attributes'=>array( 'username'=>'sAMAccountName', 'nickname'=>'sAMAccountName', 'email'=>'mail', 'fullname'=>'displayName', 'password'=>'unicodePwd') )); addPlugin('ldapAuthorization', array( 'provider_name'=>'Example', 'authoritative'=>false, 'uniqueMember_attribute'=>'member', 'roles_to_groups'=> array( 'moderator'=>'CN=SN-Moderators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc', 'administrator'=> array('CN=System-Adminstrators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc', 'CN=SN-Administrators,OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc') ), 'binddn'=>'username', 'bindpw'=>'password', 'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc', 'host'=>array('server1', 'server2'), 'attributes'=>array( 'username'=>'sAMAccountName') ));