forked from GNUsocial/gnu-social
8c0601816f
For reference (raised by rozzin in IRC): * http://foldoc.org/module * http://foldoc.org/library * http://foldoc.org/plugin As noted by XRevan86, modules are not necessarily non-essential. As we will keep the modules directory in GS root [therefore, near to plugins/], it is evidenced the difference between both. This is a simple yet fundamental structural change. It doesn't change functionality but makes clearer the way we understand GNU social's internals.
The LDAP Authentication plugin allows for StatusNet to handle authentication
through LDAP.
Installation
============
add "addPlugin('ldapAuthentication',
array('setting'=>'value', 'setting2'=>'value2', ...);"
to the bottom of your config.php
Settings
========
provider_name*: This is a identifier designated to the connection.
It's how StatusNet will refer to the authentication source.
For the most part, any name can be used, so long as each authentication
source has a different identifier. In most cases there will be only one
authentication source used.
authoritative (false): Set to true if LDAP's responses are authoritative
(if authorative and LDAP fails, no other password checking will be done).
autoregistration (false): Set to true if users should be automatically created
when they attempt to login.
email_changeable (true): Are users allowed to change their email address?
(true or false)
password_changeable (true): Are users allowed to change their passwords?
(true or false)
password_encoding: required if users are to be able to change their passwords
Possible values are: crypt, ext_des, md5crypt, blowfish, md5, sha, ssha,
smd5, ad, clear
host*: LDAP server name to connect to. You can provide several hosts in an
array in which case the hosts are tried from left to right.
See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
port: Port on the server.
See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
version: LDAP version.
See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
starttls: TLS is started after connecting.
See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
binddn: The distinguished name to bind as (username).
See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
bindpw: Password for the binddn.
See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
basedn*: LDAP base name (root directory).
See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
options: See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
filter: Default search filter.
See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
scope: Default search scope.
See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
schema_cachefile: File location to store ldap schema.
schema_maxage: TTL for cache file.
attributes: an array that relates StatusNet user attributes to LDAP ones
username*: LDAP attribute value entered when authenticating to StatusNet
nickname*: LDAP attribute value shown as the user's nickname
email
fullname
homepage
location
password: required if users are to be able to change their passwords
* required
default values are in (parenthesis)
For most LDAP installations, the "nickname" and "username" attributes should
be the same.
Example
=======
Here's an example of an LDAP plugin configuration that connects to
Microsoft Active Directory.
addPlugin('ldapAuthentication', array(
'provider_name'=>'Example',
'authoritative'=>true,
'autoregistration'=>true,
'binddn'=>'username',
'bindpw'=>'password',
'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
'host'=>array('server1', 'server2'),
'password_encoding'=>'ad',
'attributes'=>array(
'username'=>'sAMAccountName',
'nickname'=>'sAMAccountName',
'email'=>'mail',
'fullname'=>'displayName',
'password'=>'unicodePwd')
));