diff --git a/ldapauth.tgz b/ldapauth.tgz old mode 100755 new mode 100644 index 62ff161a..aa3da0a9 Binary files a/ldapauth.tgz and b/ldapauth.tgz differ diff --git a/ldapauth/README b/ldapauth/README index 90ee2595..ee09e94d 100755 --- a/ldapauth/README +++ b/ldapauth/README @@ -1,17 +1,37 @@ Authenticate a user against an LDAP directory Useful for Windows Active Directory and other LDAP-based organisations to maintain a single password across the organisation. - Optionally authenticates only if a member of a given group in the directory. -The person must have registered with Friendica using the normal registration +By default, the person must have registered with Friendica using the normal registration procedures in order to have a Friendica user record, contact, and profile. +However, it's possible with an option to automate the creation of a Friendica basic account. Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site ldap.conf file to the signing cert for your LDAP server. -The required configuration options for this module may be set in the .htconfig.php file +The configuration options for this module may be set in the .htconfig.php file e.g.: +// ldap hostname server - required $a->config['ldapauth']['ldap_server'] = 'host.example.com'; +// dn to search users - required +$a->config['ldapauth']['ldap_searchdn'] = 'ou=users,dc=example,dc=com'; +// attribute to find username - required +$a->config['ldapauth']['ldap_userattr'] = 'uid'; + +// admin dn - optional - only if ldap server dont have anonymous access +$a->config['ldapauth']['ldap_binddn'] = 'cn=admin,dc=example,dc=com'; +// admin password - optional - only if ldap server dont have anonymous access +$a->config['ldapauth']['ldap_bindpw'] = 'password'; + +// for create Friendica account if user exist in ldap +// required an email and a simple (beautiful) nickname on user ldap object +// active account creation - optional - default none +$a->config['ldapauth']['ldap_autocreateaccount'] = 'true'; +// attribute to get email - optional - default : 'mail' +$a->config['ldapauth']['ldap_autocreateaccount_emailattribute'] = 'mail'; +// attribute to get nickname - optional - default : 'givenName' +$a->config['ldapauth']['ldap_autocreateaccount_nameattribute'] = 'givenName'; + ...etc. diff --git a/ldapauth/ldapauth.php b/ldapauth/ldapauth.php index 2c8f3eff..62f4b003 100755 --- a/ldapauth/ldapauth.php +++ b/ldapauth/ldapauth.php @@ -25,12 +25,31 @@ * Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site * ldap.conf file to the signing cert for your LDAP server. * - * The required configuration options for this module may be set in the .htconfig.php file + * The configuration options for this module may be set in the .htconfig.php file * e.g.: * + * // ldap hostname server - required * $a->config['ldapauth']['ldap_server'] = 'host.example.com'; - * ...etc. + * // dn to search users - required + * $a->config['ldapauth']['ldap_searchdn'] = 'ou=users,dc=example,dc=com'; + * // attribute to find username - required + * $a->config['ldapauth']['ldap_userattr'] = 'uid'; * + * // admin dn - optional - only if ldap server dont have anonymous access + * $a->config['ldapauth']['ldap_binddn'] = 'cn=admin,dc=example,dc=com'; + * // admin password - optional - only if ldap server dont have anonymous access + * $a->config['ldapauth']['ldap_bindpw'] = 'password'; + * + * // for create Friendica account if user exist in ldap + * // required an email and a simple (beautiful) nickname on user ldap object + * // active account creation - optional - default none + * $a->config['ldapauth']['ldap_autocreateaccount'] = 'true'; + * // attribute to get email - optional - default : 'mail' + * $a->config['ldapauth']['ldap_autocreateaccount_emailattribute'] = 'mail'; + * // attribute to get nickname - optional - default : 'givenName' + * $a->config['ldapauth']['ldap_autocreateaccount_nameattribute'] = 'givenName'; + * + * ...etc. */ require_once('include/user.php');