PHP AD LDAP Authenticator

h1. Configure Optional

Everything is pretty well documented in the /ldap/config.php file however here is a more inclusive documentation

For all the examples below we will be using mysite.com as the AD prefix and DC=mysite,DC=com as the base DN

h1. @$user_groups = array();@

+*This is not required for a user to login*+

A valid AD user groups (see KAYAKO_LDAP_ERROR_USERGROUP as well) to user group

* AD_Group => Kayako_User_Group

* Can do more than one

h2. Example:

Lets say you have a AD group called Customer Service and a Kayako user group called Service:

h1. @$user_group_bypass = array();@

+*This is not required for a user to login*+

This allows the ability to bypass the default Kayako user groups, which is Registered. 

* AD_Username => User_Group

* Can do more than one

* AD Username *+must+* be lowercase (this ensures the validation)

* This bypasses the user_group completely

h2. Example:

@$user_group_bypass = array('jdoe' => 'Service');@

More than one:

@$user_group_bypass = array('jdoe' => 'Service', 'janedoe' => 'Service', 'fdoe' => 'Technical');@

h1. @$valid_user_groups = array();@

+*This is not required for a user to login*+

A AD groups a user +must+ be in to login

* If they are not in one of these groups they will +*not*+ be able to login

* Can do more than one

h2. Example:

$valid_user_groups = array('Customer Service', 'IS');

h1. @define('KAYAKO_LDAP_VERIFY_CONTROLLER', true);@

This is only used if more than one domain controller is used for authentication.

* true -  adLDAP will attempt to verify it can connect to one of the controllers.  If failed it will try another until one is found or all have been tried

* false - The default behavior is used where adLDAP will to try to connect to one random controller in the list.  If failed it will NOT try another server.

h1. @define('KAYAKO_LDAP_ERROR_USERGROUP', true);@

* true - User will receive an error if they are not in any of the user groups

* false - Users not in the $user_group can still login they just will not be in a User Group

h1. @define('KAYAKO_LDAP_TEST', false);@

* true - Test mode enabled

* false - Test mode disabled

** username and password is ignored

h1. @define('KAYAKO_LDAP_SHOW_ERRORS', false);@

* true - Show errors and/or warnings on the screen.  Please note that this will cause login to fail if there is even one displayed.  Thus this should +*only*+ be used for testing

* false - Hides them

h1. @define('KAYAKO_LDAP_LOG', false);@

* true - Logging enabled

* false - Logging disabled

* The /ldap/log directory must be writable (755 or 777)

* You should leave this disabled unless needed as it does extensive logging

h1. @define('KAYAKO_LDAP_LOG_XML', false);@

* true - Log the XML output

* false - Disabled

h1. @define('KAYAKO_LDAP_LOG_OUTPUT', false);@

* true - Attempts to log everything displayed to the screen

* false - Disabled

* Note the KAYAKO_LDAP_LOG_XML is redundant if this is enabled

h1. @define('KAYAKO_LDAP_USERNAME', 'username');@

A valid AD username to test with

h1. @define('KAYAKO_LDAP_PASSWORD', 'password');@

The password to go with KAYAKO_LDAP_USERNAME

h1. @define('KAYAKO_LDAP_PHONE_NUMBER', true);@

* true - The AD mobile or home number will be used if the AD telephone number is empty

* false - Disabled

h1. @define('KAYAKO_LDAP_IMPORT_DEPARTMENT', true);@

* true -  Import AD Department to Organization in the user's profile

* false - Disabled

h1. @define('KAYAKO_LDAP_IMPORT_TITLE', true);@

* true -  Import AD Job Title to Title/Position in the user's profile

* false - Disabled