openrat-cms

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs
commit 4a790cce34c2a009534df4608a368c06b19abd1b
parent 694b70dc5bc0019e863844b63caab049d971fd04
Author: dankert <devnull@localhost>
Date:   Tue, 24 Apr 2007 23:11:02 +0200

Autorisierung ?ber LDAP.

Diffstat:

config/ldap.ini.php | 33++++++++++++++++++++++++++++++---


config/security.ini.php | 11+++++++++++


2 files changed, 41 insertions(+), 3 deletions(-)

diff --git a/config/ldap.ini.php b/config/ldap.ini.php
@@ -1,11 +1,23 @@
 ; <?php exit('direct access denied') ?>
 
 ; Openrat is able to check passwords against a LDAP-based directory.
+; see file "security.ini.php" for relating infos.
 
-host="localhost"      ; host of ldap server  
-port="389"            ; port of ldap server
-protocol="2"          ; protocol version ('2' or '3')
+; Hostname of your LDAP server.
+host="localhost"
 
+; TCP-Port of your LDAP server.  
+port="389"
+
+; Protocol-Version
+; Set this to '2' or '3'.
+protocol="2"
+
+; The format of the DN
+; If blank, the DN is automatically searched in the LDAP tree (see section "search").
+; for using LDAP authentication, /security/auth/type has to be set to "ldap"!
+;dn = "uid={user},ou=users,dc=example,dc=com" 
+dn = ""; 
 
 ; Settings for authentication against a LDAP directory
 ; This is only activated, if the setting '/security/auth/type' is 'ldap'.
@@ -39,3 +51,18 @@ timeout   = 30
 ; 'false' login will be rejected, all users must exist in the internal database.
 add       = true
 
+
+
+; The user-group-relation can be read out of the LDAP tree.
+; For using this, /security/authorize/type must be "ldap".
+[authorize]
+
+; Search filter for reading the groups a user belongs to.
+group_filter="(memberUid={dn})"
+
+; LDAP attribute name of the name of the group
+group_name="cn"
+
+; Add groups found in LDAP (but not known in the internal database) automatically into database?
+; If 'false', the LDAP groups cannot be used!
+auto_add = true
diff --git a/config/security.ini.php b/config/security.ini.php
@@ -41,6 +41,17 @@ userdn=false
 
 
 
+[authorize]
+; A user belongs to certain groups. This information can be stored in 2 ways.
+; 'database' uses the internal database for the user-group-relation. (default)
+; 'ldap' reads the user-group-relations in a LDAP-Directory
+;        (in this case, /security/auth/type has to be set to "ldap", too!)
+;        (see /ldap/authorize!)
+type=database
+;type=ldap
+
+
+
 ; password settings
 [password]