forked from friendica/friendica-addons
[ldapauth] Add addon config
- Update mentions of .htconfig.php
This commit is contained in:
parent
723625f95f
commit
858d09e865
|
@ -3,35 +3,36 @@ Useful for Windows Active Directory and other LDAP-based organisations
|
||||||
to maintain a single password across the organisation.
|
to maintain a single password across the organisation.
|
||||||
Optionally authenticates only if a member of a given group in the directory.
|
Optionally authenticates only if a member of a given group in the directory.
|
||||||
|
|
||||||
By default, the person must have registered with Friendica using the normal registration
|
By default, the person must have registered with Friendica using the normal registration
|
||||||
procedures in order to have a Friendica user record, contact, and profile.
|
procedures in order to have a Friendica user record, contact, and profile.
|
||||||
However, it's possible with an option to automate the creation of a Friendica basic account.
|
However, it's possible with an option to automate the creation of a Friendica basic account.
|
||||||
|
|
||||||
Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site
|
Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site
|
||||||
ldap.conf file to the signing cert for your LDAP server.
|
ldap.conf file to the signing cert for your LDAP server.
|
||||||
|
|
||||||
The configuration options for this module may be set in the .htconfig.php file
|
The configuration options for this module may be set in the config/local.ini.php file
|
||||||
e.g.:
|
e.g.:
|
||||||
|
|
||||||
// ldap hostname server - required
|
[ldapauth]
|
||||||
$a->config['ldapauth']['ldap_server'] = 'host.example.com';
|
// ldap hostname server - required
|
||||||
// dn to search users - required
|
ldap_server = host.example.com
|
||||||
$a->config['ldapauth']['ldap_searchdn'] = 'ou=users,dc=example,dc=com';
|
// dn to search users - required
|
||||||
// attribute to find username - required
|
ldap_searchdn = ou=users,dc=example,dc=com
|
||||||
$a->config['ldapauth']['ldap_userattr'] = 'uid';
|
// attribute to find username - required
|
||||||
|
ldap_userattr = uid
|
||||||
|
|
||||||
// admin dn - optional - only if ldap server dont have anonymous access
|
// admin dn - optional - only if ldap server dont have anonymous access
|
||||||
$a->config['ldapauth']['ldap_binddn'] = 'cn=admin,dc=example,dc=com';
|
ldap_binddn = cn=admin,dc=example,dc=com
|
||||||
// admin password - optional - only if ldap server dont have anonymous access
|
// admin password - optional - only if ldap server dont have anonymous access
|
||||||
$a->config['ldapauth']['ldap_bindpw'] = 'password';
|
ldap_bindpw = password
|
||||||
|
|
||||||
// for create Friendica account if user exist in ldap
|
// for create Friendica account if user exist in ldap
|
||||||
// required an email and a simple (beautiful) nickname on user ldap object
|
// required an email and a simple (beautiful) nickname on user ldap object
|
||||||
// active account creation - optional - default none
|
// active account creation - optional - default none
|
||||||
$a->config['ldapauth']['ldap_autocreateaccount'] = 'true';
|
ldap_autocreateaccount = true
|
||||||
// attribute to get email - optional - default : 'mail'
|
// attribute to get email - optional - default : 'mail'
|
||||||
$a->config['ldapauth']['ldap_autocreateaccount_emailattribute'] = 'mail';
|
ldap_autocreateaccount_emailattribute = mail
|
||||||
// attribute to get nickname - optional - default : 'givenName'
|
// attribute to get nickname - optional - default : 'givenName'
|
||||||
$a->config['ldapauth']['ldap_autocreateaccount_nameattribute'] = 'givenName';
|
ldap_autocreateaccount_nameattribute = givenName
|
||||||
|
|
||||||
...etc.
|
...etc.
|
||||||
|
|
50
ldapauth/config/ldapauth.ini.php
Normal file
50
ldapauth/config/ldapauth.ini.php
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
<?php return <<<INI
|
||||||
|
|
||||||
|
; Warning: Don't change this file! It only holds the default config values for this addon.
|
||||||
|
; Instead overwrite these config values in config/local.ini.php in your Friendica directory
|
||||||
|
|
||||||
|
[ldapauth]
|
||||||
|
; ldap_server (String)
|
||||||
|
; ldap hostname server - required
|
||||||
|
; Example: ldap_server = host.example.com
|
||||||
|
ldap_server =
|
||||||
|
|
||||||
|
; ldap_binddn (String)
|
||||||
|
; admin dn - optional - only if ldap server dont have anonymous access
|
||||||
|
; Example: ldap_binddn = cn=admin,dc=example,dc=com
|
||||||
|
ldap_binddn =
|
||||||
|
|
||||||
|
; ldap_bindpw (String)
|
||||||
|
; admin password - optional - only if ldap server dont have anonymous access
|
||||||
|
ldap_bindpw =
|
||||||
|
|
||||||
|
; ldap_searchdn (String)
|
||||||
|
; dn to search users - required
|
||||||
|
; Example: ldap_searchdn = ou=users,dc=example,dc=com
|
||||||
|
ldap_searchdn =
|
||||||
|
|
||||||
|
; ldap_userattr (String)
|
||||||
|
; attribute to find username - required
|
||||||
|
; Example: ldap_userattr = uid
|
||||||
|
ldap_userattr =
|
||||||
|
|
||||||
|
; ldap_group (String)
|
||||||
|
; DN of the group whose member can auth on Friendica - optional
|
||||||
|
ldap_group =
|
||||||
|
|
||||||
|
; ldap_autocreateaccount (Boolean)
|
||||||
|
; for create Friendica account if user exist in ldap
|
||||||
|
; required an email and a simple (beautiful) nickname on user ldap object
|
||||||
|
; active account creation - optional - default none
|
||||||
|
ldap_autocreateaccount = true
|
||||||
|
|
||||||
|
; ldap_autocreateaccount_emailattribute (String)
|
||||||
|
; attribute to get email - optional - default : 'mail'
|
||||||
|
ldap_autocreateaccount_emailattribute = mail
|
||||||
|
|
||||||
|
; ldap_autocreateaccount_nameattribute (String)
|
||||||
|
; attribute to get nickname - optional - default : 'givenName'
|
||||||
|
ldap_autocreateaccount_nameattribute = givenName
|
||||||
|
|
||||||
|
INI;
|
||||||
|
//Keep this line
|
|
@ -26,29 +26,30 @@
|
||||||
* Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site
|
* Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site
|
||||||
* ldap.conf file to the signing cert for your LDAP server.
|
* ldap.conf file to the signing cert for your LDAP server.
|
||||||
*
|
*
|
||||||
* The configuration options for this module may be set in the .htconfig.php file
|
* The configuration options for this module may be set in the config/local.ini.php file
|
||||||
* e.g.:
|
* e.g.:
|
||||||
*
|
*
|
||||||
* // ldap hostname server - required
|
* [ldapauth]
|
||||||
* $a->config['ldapauth']['ldap_server'] = 'host.example.com';
|
* ; ldap hostname server - required
|
||||||
* // dn to search users - required
|
* ldap_server = host.example.com
|
||||||
* $a->config['ldapauth']['ldap_searchdn'] = 'ou=users,dc=example,dc=com';
|
* ; dn to search users - required
|
||||||
* // attribute to find username - required
|
* ldap_searchdn = ou=users,dc=example,dc=com
|
||||||
* $a->config['ldapauth']['ldap_userattr'] = 'uid';
|
* ; attribute to find username - required
|
||||||
|
* ldap_userattr = uid
|
||||||
*
|
*
|
||||||
* // admin dn - optional - only if ldap server dont have anonymous access
|
* ; admin dn - optional - only if ldap server dont have anonymous access
|
||||||
* $a->config['ldapauth']['ldap_binddn'] = 'cn=admin,dc=example,dc=com';
|
* ldap_binddn = cn=admin,dc=example,dc=com
|
||||||
* // admin password - optional - only if ldap server dont have anonymous access
|
* ; admin password - optional - only if ldap server dont have anonymous access
|
||||||
* $a->config['ldapauth']['ldap_bindpw'] = 'password';
|
* ldap_bindpw = password
|
||||||
*
|
*
|
||||||
* // for create Friendica account if user exist in ldap
|
* ; for create Friendica account if user exist in ldap
|
||||||
* // required an email and a simple (beautiful) nickname on user ldap object
|
* ; required an email and a simple (beautiful) nickname on user ldap object
|
||||||
* // active account creation - optional - default none
|
* ; active account creation - optional - default none
|
||||||
* $a->config['ldapauth']['ldap_autocreateaccount'] = 'true';
|
* ldap_autocreateaccount = true
|
||||||
* // attribute to get email - optional - default : 'mail'
|
* ; attribute to get email - optional - default : 'mail'
|
||||||
* $a->config['ldapauth']['ldap_autocreateaccount_emailattribute'] = 'mail';
|
* ldap_autocreateaccount_emailattribute = mail
|
||||||
* // attribute to get nickname - optional - default : 'givenName'
|
* ; attribute to get nickname - optional - default : 'givenName'
|
||||||
* $a->config['ldapauth']['ldap_autocreateaccount_nameattribute'] = 'cn';
|
* ldap_autocreateaccount_nameattribute = cn
|
||||||
*
|
*
|
||||||
* ...etc.
|
* ...etc.
|
||||||
*/
|
*/
|
||||||
|
@ -58,14 +59,21 @@ use Friendica\Model\User;
|
||||||
|
|
||||||
function ldapauth_install()
|
function ldapauth_install()
|
||||||
{
|
{
|
||||||
|
Addon::registerHook('load_config', 'addon/ldapauth/ldapauth.php', 'ldapauth_load_config');
|
||||||
Addon::registerHook('authenticate', 'addon/ldapauth/ldapauth.php', 'ldapauth_hook_authenticate');
|
Addon::registerHook('authenticate', 'addon/ldapauth/ldapauth.php', 'ldapauth_hook_authenticate');
|
||||||
}
|
}
|
||||||
|
|
||||||
function ldapauth_uninstall()
|
function ldapauth_uninstall()
|
||||||
{
|
{
|
||||||
|
Addon::unregisterHook('load_config', 'addon/ldapauth/ldapauth.php', 'ldapauth_load_config');
|
||||||
Addon::unregisterHook('authenticate', 'addon/ldapauth/ldapauth.php', 'ldapauth_hook_authenticate');
|
Addon::unregisterHook('authenticate', 'addon/ldapauth/ldapauth.php', 'ldapauth_hook_authenticate');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function ldapauth_load_config(\Friendica\App $a)
|
||||||
|
{
|
||||||
|
$a->loadConfigFile(__DIR__. '/config/ldapauth.ini.php');
|
||||||
|
}
|
||||||
|
|
||||||
function ldapauth_hook_authenticate($a, &$b)
|
function ldapauth_hook_authenticate($a, &$b)
|
||||||
{
|
{
|
||||||
if (ldapauth_authenticate($b['username'], $b['password'])) {
|
if (ldapauth_authenticate($b['username'], $b['password'])) {
|
||||||
|
|
Loading…
Reference in a new issue