PHP AD LDAP Authenticator

Download PHP AD LDAP Authenticator AD LDAP v2.1.x

Configure Optional

Version 1 (Bryan Heath, 06/08/2012 03:18 pm) → Version 2/7 (Bryan Heath, 06/08/2012 04:08 pm)

---

h1. Configure Optional

Everything is pretty well documented in the /ldap/config.php file however here is a more inclusive documentation

For all the examples below we will be using mysite.com as the AD prefix and DC=mysite,DC=com as the base DN

h1. h2. @$user_groups = array();@

+*This is not required for a user to login*+

A valid AD user groups (see KAYAKO_LDAP_ERROR_USERGROUP as well) to user group
* AD_Group => Kayako_User_Group
* Can do more than one

h2. h3. Example:

Lets say you have a AD group called Customer Service and a Kayako user group called Service:

@$user_groups = array('Customer Service' => 'Service');@
More than one:
@$user_groups = array('Customer Service' => 'Service', 'Finance' => 'Service');@

h1. h2. @$valid_user_groups = array();@

+*This is not required for a user to login*+

A AD groups a user +must+ be in to login
* If they are not in one of these groups they will +*not*+ be able to login
* Can do more than one

h2. h3. Example:

$valid_user_groups = array('Customer Service', 'IS');

h1. h2. @define('KAYAKO_LDAP_ERROR_USERGROUP', true);@

* true - User will receive an error if they are not in any of the user groups
* false - Users not in the $user_group can still login they just will not be in a User Group

h1. h2. @define('KAYAKO_LDAP_TEST', false);@

* true - Test mode enabled
* false - Test mode disabled
** username and password is ignored

h1. h2. @define('KAYAKO_LDAP_LOG', false);@

* true - Logging enabled
* false - Logging disabled
* The /ldap/log directory must be writable (755 or 777)
* You should leave this disabled unless needed as it does extensive logging

h1. h2. @define('KAYAKO_LDAP_USERNAME', 'username');@

A valid AD username to test with

h1. h2. @define('KAYAKO_LDAP_PASSWORD', 'password');@

The password to go with KAYAKO_LDAP_USERNAME

h1. h2. @define('KAYAKO_LDAP_STRIP_EMAIL', true);@

If found will strip email or domain suffix from a username

* true - Enabled
* false - Disabled

h2. h3. Example:

If enabled:
If the username entered was username@mysite.com it would be changed to username

h1. h2. @define('KAYAKO_LDAP_PHONE_NUMBER', true);@

* true - The AD mobile or home number will be used if the AD telephone number is empty
* false - Disabled