Re: [openupload-devel] Active Directory
Status: Beta
Brought to you by:
tsdogs
Menu
▾
▴
Re: [openupload-devel] Active Directory
|
From: Alessandro B. <ts...@br...> - 2009-04-23 07:42:06
|
Sure, I had this working with AD. (haven't tested it for some time now, but it should just work) (LDAP works as I have it working at my office). The best way to set it up is: 1. Run the setup script and put the same groups in the configuration that you will be using in the AD configuration. You'll probably want to create a user which can access the AD in readonly so it can query users info (groups, name, email) i.e. registered -> Domain Users admins -> Domain Admins unregistered -> this does not matter (leave it unregistered) Or change actual configuration adding thoose groups. 2. Populate the database with your preferred settings. 3. Then edit the config.inc.php and add the following, replacing the values with your setup: /* Active Directory */ # $CONFIG['ldap']['host'] = '127.0.0.1'; /* specify that it is an Active directory */ # $CONFIG['ldap']['type'] = 'AD'; # $CONFIG['ldap']['user'] = 'rea...@ro...'; # $CONFIG['ldap']['password'] = 'readonlypassword'; /* DOMAIN for user login */ # $CONFIG['ldap']['domain'] = 'yourdomain.local'; # $CONFIG['ldap']['basedn'] = 'dc=yourdomain,dc=local'; # $CONFIG['ldap']['userdn'] = 'dc=yourdomain,dc=local'; # $CONFIG['ldap']['userclass']='user'; # $CONFIG['ldap']['uid']='cn'; # $CONFIG['ldap']['userfields'] = array ( 'cn' => 'login', 'name' => 'name', 'memberof' => 'group_id', 'mail' => 'email'); # $CONFIG['ldap']['groupdn'] = 'dc=roverdom,dc=local'; # $CONFIG['ldap']['groupclass']='group'; # $CONFIG['ldap']['gid']='distinguishedname'; # $CONFIG['ldap']['groupfields'] = array ( 'cn' => 'name', 'name' => 'description' ); 4. Change the authentication from "default" to "ldap" This will ignore all group and users that the db has, but at least if anything goes wrong you'll be able to switch back to default auth. Also note that I found a bug with current version. If you use the Admin page to change the settings the ldap/AD configuration will be broken as it does not currently handle the ARRAY values for "userfields" and "groupfields" so if you have to change the config, edit the config file for now. Somebody also suggested to associate the login field insthead of 'cn' to 'sAMAccountName' like: $CONFIG['ldap']['uid']='sAMAccountName'; $CONFIG['ldap']['userfields'] = array ( 'sAMAccountName' => 'login', 'cn' => 'name', 'memberof' => 'group_id', 'mail' => 'email'); Hope this helps. Alessandro Andy Hester ha scritto: > Has anyone gotten AD authentication working? I have tried it here, but > I can't seem to get it to work. I have several other websites that > query AD here so it should work with the right configuration. > > Any help would be appreciated. > > Thanks, > -Andy > > > ------------------------------------------------------------------------------ > Stay on top of everything new and different, both inside and > around Java (TM) technology - register by April 22, and save > $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. > 300 plus technical and hands-on sessions. Register today. > Use priority code J9JMT32. http://p.sf.net/sfu/p > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel |
