PHP AD LDAP Authenticator - Kayako Forge

Configure Optional

Version 3 (Bryan Heath, 06/27/2012 06:13 pm)

 h1. Configure Optional
 Everything is pretty well documented in the /ldap/config.php file however here is a more inclusive documentation
 For all the examples below we will be using mysite.com as the AD prefix and DC=mysite,DC=com as the base DN
-Bryan Heath
+h1. @$user_groups = array();@
 +*This is not required for a user to login*+
 A valid AD user groups (see KAYAKO_LDAP_ERROR_USERGROUP as well) to user group
 * AD_Group => Kayako_User_Group
 * Can do more than one
-Bryan Heath
+h2. Example:
 Lets say you have a AD group called Customer Service and a Kayako user group called Service:
 @$user_groups = array('Customer Service' => 'Service');@
 More than one:
 @$user_groups = array('Customer Service' => 'Service', 'Finance' => 'Service');@
-Bryan Heath
+h1. @$valid_user_groups = array();@
 +*This is not required for a user to login*+
 A AD groups a user +must+ be in to login
 * If they are not in one of these groups they will +*not*+ be able to login
 * Can do more than one
-Bryan Heath
+h2. Example:
 $valid_user_groups = array('Customer Service', 'IS');
-Bryan Heath
+h1. @define('KAYAKO_LDAP_VERIFY_CONTROLLER', true);@
 Bryan Heath
-Bryan Heath
+This is only used if more than one domain controller is used for authentication.
 Bryan Heath
-Bryan Heath
+* true -  adLDAP will attempt to verify it can connect to one of the controllers.  If failed it will try another until one is found or all have been tried
-Bryan Heath
+* false - The default behavior is used where adLDAP will to try to connect to one random controller in the list.  If failed it will NOT try another server.
 Bryan Heath
-Bryan Heath
+h1. @define('KAYAKO_LDAP_ERROR_USERGROUP', true);@
 * true - User will receive an error if they are not in any of the user groups
 * false - Users not in the $user_group can still login they just will not be in a User Group
-Bryan Heath
+h1. @define('KAYAKO_LDAP_TEST', false);@
 * true - Test mode enabled
 * false - Test mode disabled
 ** username and password is ignored
-Bryan Heath
+h1. @define('KAYAKO_LDAP_SHOW_ERRORS', false);@
 Bryan Heath
-Bryan Heath
+* true - Show errors and/or warnings on the screen.  Please note that this will cause login to fail if there is even one displayed.  Thus this should +*only*+ be used for testing
-Bryan Heath
+* false - Hides them
 Bryan Heath
-Bryan Heath
+h1. @define('KAYAKO_LDAP_LOG', false);@
 * true - Logging enabled
 * false - Logging disabled
 * The /ldap/log directory must be writable (755 or 777)
 * You should leave this disabled unless needed as it does extensive logging
 Bryan Heath
-Bryan Heath
+h1. @define('KAYAKO_LDAP_LOG_XML', false);@
 Bryan Heath
-Bryan Heath
+* true - Log the XML output
-Bryan Heath
+* false - Disabled
 Bryan Heath
-Bryan Heath
+h1. @define('KAYAKO_LDAP_LOG_OUTPUT', false);@
 Bryan Heath
-Bryan Heath
+* true - Attempts to log everything displayed to the screen
-Bryan Heath
+* false - Disabled
-Bryan Heath
+h1. @define('KAYAKO_LDAP_USERNAME', 'username');@
 A valid AD username to test with
-Bryan Heath
+h1. @define('KAYAKO_LDAP_PASSWORD', 'password');@
 The password to go with KAYAKO_LDAP_USERNAME
-Bryan Heath
+h1. @define('KAYAKO_LDAP_STRIP_EMAIL', true);@
 If found will strip email or domain suffix from a username
 * true - Enabled
 * false - Disabled
-Bryan Heath
+h2. Example:
 If enabled:
 If the username entered was username@mysite.com it would be changed to username
-Bryan Heath
+h1. @define('KAYAKO_LDAP_PHONE_NUMBER', true);@
 * true - The AD mobile or home number will be used if the AD telephone number is empty
 * false - Disabled