LdapAuthenticationPlugin

From StatusNet
Jump to: navigation, search
Plugin > LdapAuthenticationPlugin

[edit] Source

[edit] Installation

Detailed README: http://gitorious.org/statusnet/mainline/blobs/master/plugins/LdapAuthentication/README

[edit] On A Windows Domain / Active Directory

Copy this code to the bottom of your config.php: 

   
addPlugin('ldapAuthentication', array(
    'provider_name'=>'example',
    'authoritative'=>true,
    'autoregistration'=>true,
    'password_changeable'=>false,
    'email_changeable'=>false,
    'binddn'=>'example\USERNAME',
    'bindpw'=>'PASSWORD',
    'basedn'=>'OU=User Accounts,DC=example,DC=local',
    'host'=>array('dc1.example.local', 'dc2.example.local', 'dc3.example.local'),
    'password_encoding'=>'ad',
    'scope'=>'sub',
    'attributes'=>array(
        'username'=>'sAMAccountName',
        'nickname'=>'sAMAccountName',
        'email'=>'mail',
	// 'password'=>'unicodePwd'
        'fullname'=>'displayName')
));

Implementation Notes

  • Replace all instances of "example" with your domain's name.
  • This setup above assumes that your domain is local only, and thus named "example.local". If instead, your domain is example.com, example.net, example.org or some other public domain then you should replace all instances of "local" with "net","com","org" etc.
  • Replace "USERNAME" and "PASSWORD" with credentials for a valid LDAP user.
  • Edit basedn only if you need to limit which OU holds users that should be able to log in. If you want to allow all AD users to log in then leave as is.
  • Replace "dc1.example.local", "dc1.example.local", etc with your domain controllers. If you just have one then delete the 2nd and 3rd entries and edit the first only.
  • The code above works only for users that have email addresses in active directory. Unfortunately Status.Net throws a cryptic error of "Database Error - An important error occured, probably related to email setup. Check logfiles for more info.." and fails to work for any users that do not have an email address in the mail field.
  • NOTICE: Some other examples of LDAP Authentication (such as this one) include the third to last line of the above script but do not comment it out. I've commented it out above because otherwise Status.Net throws an error. If it doesn't work commented out, try the other way.
  • The settings above worked on Xampp Lite running on Windows 2008 SP1 (Apache 2.2.12, PHP 5.3.0)
Retrieved from "http://status.net/wiki/index.php?title=LdapAuthenticationPlugin&oldid=14862"
Personal tools
Namespaces
Variants
Actions
Navigation
Status.net
Toolbox