History

Configure Optional

Everything is pretty well documented in the /ldap/config.php file however here is a more inclusive documentation

For all the examples below we will be using mysite.com as the AD prefix and DC=mysite,DC=com as the base DN

$user_groups = array();

This is not required for a user to login

A valid AD user groups (see KAYAKO_LDAP_ERROR_USERGROUP as well) to user group
  • AD_Group => Kayako_User_Group
  • Can do more than one

Example:

Lets say you have a AD group called Customer Service and a Kayako user group called Service:

$user_group_bypass = array();

This is not required for a user to login

This allows the ability to bypass the default Kayako user groups, which is Registered.
  • AD_Username => User_Group
  • Can do more than one
  • AD Username must be lowercase (this ensures the validation)
  • This bypasses the user_group completely

Example:

$user_group_bypass = array('jdoe' => 'Service');
More than one:
$user_group_bypass = array('jdoe' => 'Service', 'janedoe' => 'Service', 'fdoe' => 'Technical');

$valid_user_groups = array();

This is not required for a user to login

A AD groups a user must be in to login
  • If they are not in one of these groups they will not be able to login
  • Can do more than one

Example:

$valid_user_groups = array('Customer Service', 'IS');

define('KAYAKO_LDAP_VERIFY_CONTROLLER', true);

This is only used if more than one domain controller is used for authentication.

  • true - adLDAP will attempt to verify it can connect to one of the controllers. If failed it will try another until one is found or all have been tried
  • false - The default behavior is used where adLDAP will to try to connect to one random controller in the list. If failed it will NOT try another server.

define('KAYAKO_LDAP_ERROR_USERGROUP', true);

  • true - User will receive an error if they are not in any of the user groups
  • false - Users not in the $user_group can still login they just will not be in a User Group

define('KAYAKO_LDAP_TEST', false);

  • true - Test mode enabled
  • false - Test mode disabled
    • username and password is ignored

define('KAYAKO_LDAP_SHOW_ERRORS', false);

  • true - Show errors and/or warnings on the screen. Please note that this will cause login to fail if there is even one displayed. Thus this should only be used for testing
  • false - Hides them

define('KAYAKO_LDAP_LOG', false);

  • true - Logging enabled
  • false - Logging disabled
  • The /ldap/log directory must be writable (755 or 777)
  • You should leave this disabled unless needed as it does extensive logging

define('KAYAKO_LDAP_LOG_XML', false);

  • true - Log the XML output
  • false - Disabled

define('KAYAKO_LDAP_LOG_OUTPUT', false);

  • true - Attempts to log everything displayed to the screen
  • false - Disabled
  • Note the KAYAKO_LDAP_LOG_XML is redundant if this is enabled

define('KAYAKO_LDAP_USERNAME', 'username');

A valid AD username to test with

define('KAYAKO_LDAP_PASSWORD', 'password');

The password to go with KAYAKO_LDAP_USERNAME

define('KAYAKO_LDAP_PHONE_NUMBER', true);

  • true - The AD mobile or home number will be used if the AD telephone number is empty
  • false - Disabled

define('KAYAKO_LDAP_IMPORT_DEPARTMENT', true);

  • true - Import AD Department to Organization in the user's profile
  • false - Disabled

define('KAYAKO_LDAP_IMPORT_TITLE', true);

  • true - Import AD Job Title to Title/Position in the user's profile
  • false - Disabled

$use_adldap_options = false;

This enables all the options listed below

  • true - Use the adLdap options
  • false - Disabled

$admin_user_name = ''; $admin_password = '';

An account with higher privileges to perform privileged operations.

Example:

$admin_user_name = 'CIO';
$admin_password = 'MyPa$$w0rd';

$use_ssl = false;

  • true - Use SSL to connect to AD
  • false - Disabled

$use_tls = false;

  • true - Use TLS to connect to AD
  • false - Disabled

$ad_port = 389;

Change to use a port other than the standard. It must be numeric