<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"> <head> <meta name="generator" content= "HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" /> <title>Lemonldap::NG documentation: 4.5-LDAP-authentication-backend.html</title> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" /> <style type="text/css"> /*<![CDATA[*/ body{ background: #ddd; font-family: sans-serif; font-size: 11pt; padding: 0 50px; } div.main-content{ padding: 10px; background: #fff; border: 2px #ccc solid; } a{ text-decoration: none; } p.footer{ text-align: center; margin: 5px 0 0 0; } .heading-1{ text-align: center; color: orange; font-variant: small-caps; font-size: 20pt; } .heading-1-1{ color: orange; font-size: 14pt; border-bottom: 2px #ccc solid; } pre{ background: #eee; border: 2px #ccc solid; padding: 5px; border-left: 10px #ccc solid; } ul.star li{ list-style-type: square; } /*]]>*/ </style> </head> <body> <div class="main-content"> <h2 class="heading-1"><span id="HLDAPauthenticationbackend">LDAP authentication backend</span></h2> <p class="paragraph"></p> <ul> <li><a href="#HPresentation">Presentation</a></li> <li><a href="#HConfiguration">Configuration</a></li> <li><a href="#HSpecificconfigurationforActiveDirectory">Specific configuration for Active Directory</a></li> <li><a href="#HSeealso">See also</a></li> </ul> <h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3> <p class="paragraph"></p>LDAP is the default (and historical) authentication backend. It will do the following LDAP operations: <ol> <li>Bind with managerDN</li> <li>Search for user in directory with authFilter to get DN associated with the posted login</li> <li>Bind with found DN and posted password</li> </ol>LDAP authentication backend is compatible with <span class= "wikilink"><a href="4.8-Configure-password-policy.html">LDAP Password Policy</a></span>. <h3 class="heading-1-1"><span id= "HConfiguration">Configuration</span></h3> <p class="paragraph"></p>Set the authentication backend: <div class="code"> <pre> authentication => LDAP, </pre> </div><br /> <br /> If no authentication backend is configured, LDAP is choosen by default.<br /> <br /> You can use the following parameters, in Manager or in portal/index.pl: <ul class="star"> <li>ldapServer: server(s) used to retrive session informations and to valid credentials (localhost by default). More than one server can be set here separated by commas. The servers will be tested in the specifies order. To use TLS, set "ldap+tls://server" and to use LDAPS, set ldaps://server" instead of server name. If you use TLS, you can set any of the Net::LDAP->start_tls() sub like "ldap/tls://server/verify=none&capath=/etc/ssl". You can also use caFile and caPath parameters.</li> <li>ldapPort: TCP port used by LDAP server. Can be overriden by an LDAP URI in ldapServer.</li> <li>ldapBase: Base of search in the LDAP directory.</li> <li>LDAPFilter and AuthLDAPFilter: filter for the search in LDAP directory. Default is (&(uid=$user)(objectClass=inetOrgPerson)).</li> <li>managerDn: DN used to connect to LDAP server. By default, anonymous bind is used.</li> <li>managerPassword: password to used to connect to ldap server. By default, anonymous bind is used.</li> <li>ldapPpolicyControl: set to 1 to use LDAP Password Policy control (see <span class="wikilink"><a href= "4.8-Configure-password-policy.html">LDAP Password Policy</a></span>).</li> </ul> <h3 class="heading-1-1"><span id= "HSpecificconfigurationforActiveDirectory">Specific configuration for Active Directory</span></h3><br /> <br /> For Active Directory, you have to use a specific filter like: <div class="code"> <pre> AuthLDAPFilter => '(&(sAMAccountName=$user)(objectClass=person))', </pre> </div><br /> <br /> Active Directory does not support LDAP Password Policy. <h3 class="heading-1-1"><span id="HSeealso">See also</span></h3> <ul class="star"> <li><span class="wikilink"><a href= "4.8-Configure-password-policy.html">LDAP Password Policy</a></span></li> <li><span class="wikilink"><a href="4.6-LDAP-user-backend.html">User DBLDAP</a></span></li> <li><span class="wikilink"><a href= "4.7-LDAP-password-backend.html">Password DBLDAP</a></span></li> </ul> </div> <p class="footer"><a href="index.html">Index</a></p> </body> </html>