diff --git a/ldapauth/README b/ldapauth/README index ee09e94d..9aac8258 100644 --- a/ldapauth/README +++ b/ldapauth/README @@ -3,35 +3,36 @@ Useful for Windows Active Directory and other LDAP-based organisations to maintain a single password across the organisation. Optionally authenticates only if a member of a given group in the directory. -By default, the person must have registered with Friendica using the normal registration +By default, the person must have registered with Friendica using the normal registration procedures in order to have a Friendica user record, contact, and profile. However, it's possible with an option to automate the creation of a Friendica basic account. Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site -ldap.conf file to the signing cert for your LDAP server. +ldap.conf file to the signing cert for your LDAP server. -The configuration options for this module may be set in the .htconfig.php file +The configuration options for this module may be set in the config/local.ini.php file e.g.: -// ldap hostname server - required -$a->config['ldapauth']['ldap_server'] = 'host.example.com'; -// dn to search users - required -$a->config['ldapauth']['ldap_searchdn'] = 'ou=users,dc=example,dc=com'; -// attribute to find username - required -$a->config['ldapauth']['ldap_userattr'] = 'uid'; + [ldapauth] + // ldap hostname server - required + ldap_server = host.example.com + // dn to search users - required + ldap_searchdn = ou=users,dc=example,dc=com + // attribute to find username - required + ldap_userattr = uid -// admin dn - optional - only if ldap server dont have anonymous access -$a->config['ldapauth']['ldap_binddn'] = 'cn=admin,dc=example,dc=com'; -// admin password - optional - only if ldap server dont have anonymous access -$a->config['ldapauth']['ldap_bindpw'] = 'password'; + // admin dn - optional - only if ldap server dont have anonymous access + ldap_binddn = cn=admin,dc=example,dc=com + // admin password - optional - only if ldap server dont have anonymous access + ldap_bindpw = password -// for create Friendica account if user exist in ldap -// required an email and a simple (beautiful) nickname on user ldap object -// active account creation - optional - default none -$a->config['ldapauth']['ldap_autocreateaccount'] = 'true'; -// attribute to get email - optional - default : 'mail' -$a->config['ldapauth']['ldap_autocreateaccount_emailattribute'] = 'mail'; -// attribute to get nickname - optional - default : 'givenName' -$a->config['ldapauth']['ldap_autocreateaccount_nameattribute'] = 'givenName'; + // for create Friendica account if user exist in ldap + // required an email and a simple (beautiful) nickname on user ldap object + // active account creation - optional - default none + ldap_autocreateaccount = true + // attribute to get email - optional - default : 'mail' + ldap_autocreateaccount_emailattribute = mail + // attribute to get nickname - optional - default : 'givenName' + ldap_autocreateaccount_nameattribute = givenName ...etc. diff --git a/ldapauth/config/ldapauth.ini.php b/ldapauth/config/ldapauth.ini.php new file mode 100644 index 00000000..19d5549f --- /dev/null +++ b/ldapauth/config/ldapauth.ini.php @@ -0,0 +1,50 @@ +config['ldapauth']['ldap_server'] = 'host.example.com'; - * // dn to search users - required - * $a->config['ldapauth']['ldap_searchdn'] = 'ou=users,dc=example,dc=com'; - * // attribute to find username - required - * $a->config['ldapauth']['ldap_userattr'] = 'uid'; + * [ldapauth] + * ; ldap hostname server - required + * ldap_server = host.example.com + * ; dn to search users - required + * ldap_searchdn = ou=users,dc=example,dc=com + * ; attribute to find username - required + * ldap_userattr = uid * - * // admin dn - optional - only if ldap server dont have anonymous access - * $a->config['ldapauth']['ldap_binddn'] = 'cn=admin,dc=example,dc=com'; - * // admin password - optional - only if ldap server dont have anonymous access - * $a->config['ldapauth']['ldap_bindpw'] = 'password'; + * ; admin dn - optional - only if ldap server dont have anonymous access + * ldap_binddn = cn=admin,dc=example,dc=com + * ; admin password - optional - only if ldap server dont have anonymous access + * ldap_bindpw = password * - * // for create Friendica account if user exist in ldap - * // required an email and a simple (beautiful) nickname on user ldap object - * // active account creation - optional - default none - * $a->config['ldapauth']['ldap_autocreateaccount'] = 'true'; - * // attribute to get email - optional - default : 'mail' - * $a->config['ldapauth']['ldap_autocreateaccount_emailattribute'] = 'mail'; - * // attribute to get nickname - optional - default : 'givenName' - * $a->config['ldapauth']['ldap_autocreateaccount_nameattribute'] = 'cn'; + * ; for create Friendica account if user exist in ldap + * ; required an email and a simple (beautiful) nickname on user ldap object + * ; active account creation - optional - default none + * ldap_autocreateaccount = true + * ; attribute to get email - optional - default : 'mail' + * ldap_autocreateaccount_emailattribute = mail + * ; attribute to get nickname - optional - default : 'givenName' + * ldap_autocreateaccount_nameattribute = cn * * ...etc. */ @@ -58,14 +59,21 @@ use Friendica\Model\User; function ldapauth_install() { + Addon::registerHook('load_config', 'addon/ldapauth/ldapauth.php', 'ldapauth_load_config'); Addon::registerHook('authenticate', 'addon/ldapauth/ldapauth.php', 'ldapauth_hook_authenticate'); } function ldapauth_uninstall() { + Addon::unregisterHook('load_config', 'addon/ldapauth/ldapauth.php', 'ldapauth_load_config'); Addon::unregisterHook('authenticate', 'addon/ldapauth/ldapauth.php', 'ldapauth_hook_authenticate'); } +function ldapauth_load_config(\Friendica\App $a) +{ + $a->loadConfigFile(__DIR__. '/config/ldapauth.ini.php'); +} + function ldapauth_hook_authenticate($a, &$b) { if (ldapauth_authenticate($b['username'], $b['password'])) {