friendica-addons/ldapauth
..
config
lang/C
ldapauth.php
README

Authenticate a user against an LDAP directory
Useful for Windows Active Directory and other LDAP-based organisations
to maintain a single password across the organisation.
Optionally authenticates only if a member of a given group in the directory.

By default, the person must have registered with Friendica using the normal registration
procedures in order to have a Friendica user record, contact, and profile.
However, it's possible with an option to automate the creation of a Friendica basic account.

Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site
ldap.conf file to the signing cert for your LDAP server.

The configuration options for this module may be set in the config/addon.ini.php file
e.g.:

	[ldapauth]
	// ldap hostname server - required
	ldap_server = host.example.com
	// dn to search users - required
	ldap_searchdn = ou=users,dc=example,dc=com
	// attribute to find username - required
	ldap_userattr = uid

	// admin dn - optional - only if ldap server dont have anonymous access
	ldap_binddn = cn=admin,dc=example,dc=com
	// admin password - optional - only if ldap server dont have anonymous access
	ldap_bindpw = password

	// for create Friendica account if user exist in ldap
	//     required an email and a simple (beautiful) nickname on user ldap object
	//   active account creation - optional - default none
	ldap_autocreateaccount = true
	//   attribute to get email - optional - default : 'mail'
	ldap_autocreateaccount_emailattribute = mail
	//   attribute to get nickname - optional - default : 'givenName'
	ldap_autocreateaccount_nameattribute = givenName

...etc.