[ldapauth] Update config file style/name

This commit is contained in:
Hypolite Petovan 2018-11-25 02:13:45 -05:00
parent dbd93f8351
commit f0fc02e544
5 changed files with 101 additions and 90 deletions

View file

@ -1,38 +0,0 @@
Authenticate a user against an LDAP directory
Useful for Windows Active Directory and other LDAP-based organisations
to maintain a single password across the organisation.
Optionally authenticates only if a member of a given group in the directory.
By default, the person must have registered with Friendica using the normal registration
procedures in order to have a Friendica user record, contact, and profile.
However, it's possible with an option to automate the creation of a Friendica basic account.
Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site
ldap.conf file to the signing cert for your LDAP server.
The configuration options for this module may be set in the config/addon.ini.php file
e.g.:
[ldapauth]
// ldap hostname server - required
ldap_server = host.example.com
// dn to search users - required
ldap_searchdn = ou=users,dc=example,dc=com
// attribute to find username - required
ldap_userattr = uid
// admin dn - optional - only if ldap server dont have anonymous access
ldap_binddn = cn=admin,dc=example,dc=com
// admin password - optional - only if ldap server dont have anonymous access
ldap_bindpw = password
// for create Friendica account if user exist in ldap
// required an email and a simple (beautiful) nickname on user ldap object
// active account creation - optional - default none
ldap_autocreateaccount = true
// attribute to get email - optional - default : 'mail'
ldap_autocreateaccount_emailattribute = mail
// attribute to get nickname - optional - default : 'givenName'
ldap_autocreateaccount_nameattribute = givenName
...etc.

49
ldapauth/README.md Normal file
View file

@ -0,0 +1,49 @@
Authenticate a user against an LDAP directory
===
Useful for Windows Active Directory and other LDAP-based organisations
to maintain a single password across the organisation.
Optionally authenticates only if a member of a given group in the directory.
By default, the person must have registered with Friendica using the normal registration
procedures in order to have a Friendica user record, contact, and profile.
However, it's possible with an option to automate the creation of a Friendica basic account.
Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site
ldap.conf file to the signing cert for your LDAP server.
The configuration options for this module may be set in the `config/addon.config.php` file
e.g.:
'ldapauth' => [
// ldap hostname server - required
'ldap_server' => '',
// admin dn - optional - only if ldap server dont have anonymous access
'ldap_binddn' => '',
// admin password - optional - only if ldap server dont have anonymous access
'ldap_bindpw' => '',
// dn to search users - required
'ldap_searchdn' => '',
// attribute to find username - required
'ldap_userattr' => '',
// DN of the group whose member can auth on Friendica - optional
'ldap_group' => '',
// To create Friendica account if user exists in ldap
// Requires an email and a simple (beautiful) nickname on user ldap object
// active account creation - optional - default true
'ldap_autocreateaccount' => true,
// attribute to get email - optional - default : 'mail'
'ldap_autocreateaccount_emailattribute' => 'mail',
// attribute to get nickname - optional - default : 'givenName'
'ldap_autocreateaccount_nameattribute' => 'givenName',
],
...etc.

View file

@ -0,0 +1,50 @@
<?php
// Warning: Don't change this file! It only holds the default config values for this addon.
// Instead overwrite these config values in config/addon.config.php in your Friendica directory
return [
'ldapauth' => [
// ldap_server (String)
// ldap hostname server - required
// Example: ldap_server = host.example.com
'ldap_server' => '',
// ldap_binddn (String)
// admin dn - optional - only if ldap server dont have anonymous access
// Example: ldap_binddn = cn=admin,dc=example,dc=com
'ldap_binddn' => '',
// ldap_bindpw (String)
// admin password - optional - only if ldap server dont have anonymous access
'ldap_bindpw' => '',
// ldap_searchdn (String)
// dn to search users - required
// Example: ldap_searchdn = ou=users,dc=example,dc=com
'ldap_searchdn' => '',
// ldap_userattr (String)
// attribute to find username - required
// Example: ldap_userattr = uid
'ldap_userattr' => '',
// ldap_group (String)
// DN of the group whose member can auth on Friendica - optional
'ldap_group' => '',
// ldap_autocreateaccount (Boolean)
// To create Friendica account if user exists in ldap
// Requires an email and a simple (beautiful) nickname on user ldap object
// active account creation - optional - default true
'ldap_autocreateaccount' => true,
// ldap_autocreateaccount_emailattribute (String)
// attribute to get email - optional - default : 'mail'
'ldap_autocreateaccount_emailattribute' => 'mail',
// ldap_autocreateaccount_nameattribute (String)
// attribute to get nickname - optional - default : 'givenName'
'ldap_autocreateaccount_nameattribute' => 'givenName',
],
];

View file

@ -1,50 +0,0 @@
<?php return <<<INI
; Warning: Don't change this file! It only holds the default config values for this addon.
; Instead overwrite these config values in config/addon.ini.php in your Friendica directory
[ldapauth]
; ldap_server (String)
; ldap hostname server - required
; Example: ldap_server = host.example.com
ldap_server =
; ldap_binddn (String)
; admin dn - optional - only if ldap server dont have anonymous access
; Example: ldap_binddn = cn=admin,dc=example,dc=com
ldap_binddn =
; ldap_bindpw (String)
; admin password - optional - only if ldap server dont have anonymous access
ldap_bindpw =
; ldap_searchdn (String)
; dn to search users - required
; Example: ldap_searchdn = ou=users,dc=example,dc=com
ldap_searchdn =
; ldap_userattr (String)
; attribute to find username - required
; Example: ldap_userattr = uid
ldap_userattr =
; ldap_group (String)
; DN of the group whose member can auth on Friendica - optional
ldap_group =
; ldap_autocreateaccount (Boolean)
; for create Friendica account if user exist in ldap
; required an email and a simple (beautiful) nickname on user ldap object
; active account creation - optional - default none
ldap_autocreateaccount = true
; ldap_autocreateaccount_emailattribute (String)
; attribute to get email - optional - default : 'mail'
ldap_autocreateaccount_emailattribute = mail
; ldap_autocreateaccount_nameattribute (String)
; attribute to get nickname - optional - default : 'givenName'
ldap_autocreateaccount_nameattribute = givenName
INI;
//Keep this line

View file

@ -26,7 +26,7 @@
* Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site * Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site
* ldap.conf file to the signing cert for your LDAP server. * ldap.conf file to the signing cert for your LDAP server.
* *
* The configuration options for this module may be set in the config/addon.ini.php file * The configuration options for this module may be set in the config/addon.config.php file
* e.g.: * e.g.:
* *
* [ldapauth] * [ldapauth]
@ -72,7 +72,7 @@ function ldapauth_uninstall()
function ldapauth_load_config(\Friendica\App $a) function ldapauth_load_config(\Friendica\App $a)
{ {
$a->loadConfigFile(__DIR__. '/config/ldapauth.ini.php'); $a->loadConfigFile(__DIR__ . '/config/ldapauth.config.php');
} }
function ldapauth_hook_authenticate($a, &$b) function ldapauth_hook_authenticate($a, &$b)