http://gwiki3.thatlinuxbox.com/index.php?action=history&feed=atom&title=LDAP_Remote_AuthenticationLDAP Remote Authentication - Revision history2026-04-04T18:56:33ZRevision history for this page on the wikiMediaWiki 1.27.5http://gwiki3.thatlinuxbox.com/index.php?title=LDAP_Remote_Authentication&diff=4568&oldid=prevDirk: An attempt to describe the LDAP module2008-05-10T09:02:25Z<p>An attempt to describe the LDAP module</p>
<p><b>New page</b></p><div>== Background ==<br />
[[Remote Authentication]] was introduced in Geeklog 1.4.0. It allows for authenticating a user against a remote user database.<br />
<br />
The LDAP module for Geeklog was kindly provided by Jessica Blank / MTV Networks. It is shipped with Geeklog 1.5.0 and later but will also work with Geeklog 1.4.x.<br />
<br />
<br />
== Configuration ==<br />
<br />
The LDAP module comes with its own <tt>config.php</tt> file located in<br />
<pre>/path/to/geeklog/system/classes/authentication/ldap</pre><br />
<br />
'''Note:''' You will need some knowledge about LDAP in order to be able to configure this module correctly. If in doubt, try asking your system administrator for help.<br />
<br />
In most cases, you will only need to edit the following portion of the configuration:<br />
<pre>// Basic LDAP variables<br />
$_LDAP_CONF['user_ou'] = "People";<br />
$_LDAP_CONF['group_ou'] = "Group";<br />
$_LDAP_CONF['branch'] = "dc=mydc,dc=com";<br />
$_LDAP_CONF['user_branch'] = "ou={$_LDAP_CONF['user_ou']}," . $_LDAP_CONF['branch'];<br />
$_LDAP_CONF['user_attributes'] = array("uid","cn","ou","objectClass","shadowLastChange",<br />
"loginShell","uidnumber","gidNumber","homeDirectory","gecos","userPassword","givenName",<br />
"sn","mail");<br />
<br />
// LDAP server configuration<br />
$_LDAP_CONF['servers'][0]['bind_dn'] = "cn=mycn,ou=LDAPusers,dc=mydc,dc=com";<br />
$_LDAP_CONF['servers'][0]['password'] = "mypassword";<br />
$_LDAP_CONF['servers'][0]['host'] = "localhost";</pre><br />
<br />
Details will depend heavily on your organisation's structure and how your LDAP server is configured, so it's hard to provide an example configuration.<br />
<br />
=== Example ===<br />
<br />
Here's one (anonymized) setup:<br />
<pre>// Basic LDAP variables<br />
$_LDAP_CONF['user_ou'] = "People";<br />
$_LDAP_CONF['group_ou'] = "users";<br />
$_LDAP_CONF['branch'] = "o=companyname,c=de";<br />
$_LDAP_CONF['user_branch'] = "ou={$_LDAP_CONF['user_ou']}," . $_LDAP_CONF['branch'];<br />
$_LDAP_CONF['user_attributes'] = array("uid","cn","ou","objectClass","shadowLastChange",<br />
"loginShell","uidnumber","gidNumber","homeDirectory","gecos","userPassword","givenName",<br />
"sn","mail");<br />
<br />
// LDAP server configuration<br />
$_LDAP_CONF['servers'][0]['bind_dn'] = "uid=username,ou=People,ou=users,o=companyname,c=de";<br />
$_LDAP_CONF['servers'][0]['password'] = "password";<br />
$_LDAP_CONF['servers'][0]['host'] = "ldapserver";</pre><br />
... where 'companyname', 'ldapserver', 'username', and 'password' are, of course, not the real values. Also note the "c=de" (for Germany) that you probably want to change.<br />
<br />
In this example, the LDAP server required a valid user account ("uid=username") and password to even be able to talk to it. This is not a typical setup, but shows how flexible (and, therefore, complex) the setup is.<br />
<br />
<br />
== Active Directory ==<br />
<br />
To quote [http://en.wikipedia.org/wiki/Active_Directory Wikipedia]:<br />
:Active Directory (AD) is an implementation of LDAP directory services by Microsoft for use primarily in Windows environments.<br />
It should therefore be possible to use the LDAP module in a Windows / AD environment. If you have such a setup working, please let us know.</div>Dirk