<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"> <head> <meta name="generator" content= "HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" /> <title>Lemonldap::NG documentation: 4.6-LDAP-user-backend.html</title> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" /> <style type="text/css"> /*<![CDATA[*/ body{ background: #ddd; font-family: sans-serif; font-size: 11pt; padding: 0 50px; } div.main-content{ padding: 10px; background: #fff; border: 2px #ccc solid; } a{ text-decoration: none; } p.footer{ text-align: center; margin: 5px 0 0 0; } .heading-1{ text-align: center; color: orange; font-variant: small-caps; font-size: 20pt; } .heading-1-1{ color: orange; font-size: 14pt; border-bottom: 2px #ccc solid; } pre{ background: #eee; border: 2px #ccc solid; padding: 5px; border-left: 10px #ccc solid; } ul.star li{ list-style-type: square; } /*]]>*/ </style> </head> <body> <div class="main-content"> <h2 class="heading-1"><span id="HLDAPUserbackend">LDAP User backend</span></h2> <p class="paragraph"></p> <ul> <li><a href="#HPresentation">Presentation</a></li> <li><a href="#HConfiguration">Configuration</a></li> <li><a href="#HGroups">Groups</a></li> <li><a href="#HActiveDirectory">Active Directory</a></li> <li><a href="#HSeealso">See also</a></li> </ul> <h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3> <p class="paragraph"></p>LDAP is the default (and historical) user backend. It will search the user in the directory (if not already done by LDAP authentication backend) and get all configured exported attributes. It will also search groups if this option is selected (not active by default). <h3 class="heading-1-1"><span id= "HConfiguration">Configuration</span></h3> <p class="paragraph"></p>Set the user backend: <div class="code"> <pre> userDB => LDAP, </pre> </div><br /> <br /> If no user backend is configured, LDAP is choosen by default.<br /> <br /> Parameters are the same as <span class="wikilink"><a href= "4.5-LDAP-authentication-backend.html">LDAP authentication backend</a></span>.<br /> <br /> Password policy has no effect here. <h3 class="heading-1-1"><span id="HGroups">Groups</span></h3><br /> <br /> LemonLDAP::NG can browse the directory and find the groups containing the authenticated user as a member.<br /> <br /> Parameters are: <ul class="star"> <li>ldapGroupBase: DN of groups branch (can be the suffix)</li> <li>ldapGroupObjectClass: objectClass of the groups</li> <li>ldapGroupAttributeName: name of the attribute in the groups storing the link to the user</li> <li>ldapGroupAttributeNameUser: name of the attribute in users entries used in the link</li> <li>ldapGroupAttributeNameSearch: name(s) of the attribute storing the name of the group (this should be a list reference)</li> <li>ldapGroupRecursive: activate recursive group functionality</li> <li>ldapGroupAttributeNameGroup: name of the attribute in groups entries used in the link</li> </ul>You can edit portal/index.pl to modify the values, for example: <div class="code"> <pre> ldapGroupBase => 'ou=groups,dc=example,dc=com', ldapGroupObjectClass => 'groupOfUniqueNames', ldapGroupAttributeName => 'uniqueMember', ldapGroupAttributeNameUser => 'dn', ldapGroupAttributeNameGroup => 'dn', ldapGroupAttributeNameSearch => ['cn'], ldapGroupRecursive => 1, </pre> </div> <h3 class="heading-1-1"><span id="HActiveDirectory">Active Directory</span></h3> <p class="paragraph"></p>As for LDAP authentication, just modify LDAPfitler: <div class="code"> <pre> LDAPFilter => '(&(sAMAccountName=$user)(objectClass=user))', </pre> </div><br /> <br /> And for groups: <div class="code"> <pre> ldapGroupBase => 'ou=groups,dc=example,dc=com', ldapGroupObjectClass => 'group', ldapGroupAttributeName => 'member', ldapGroupAttributeNameUser => 'dn', ldapGroupAttributeNameGroup => 'dn', ldapGroupAttributeNameSearch => ['cn'], ldapGroupRecursive => 1, </pre> </div> <h3 class="heading-1-1"><span id="HSeealso">See also</span></h3> <ul class="star"> <li><span class="wikilink"><a href= "4.5-LDAP-authentication-backend.html">Auth LDAP</a></span></li> <li><span class="wikilink"><a href= "4.7-LDAP-password-backend.html">Password DBLDAP</a></span></li> </ul> </div> <p class="footer"><a href="index.html">Index</a></p> </body> </html>