Configure Optional
Version 2 (Bryan Heath, 06/08/2012 04:08 pm) → Version 3/7 (Bryan Heath, 06/27/2012 06:13 pm)
h1. Configure Optional
Everything is pretty well documented in the /ldap/config.php file however here is a more inclusive documentation
For all the examples below we will be using mysite.com as the AD prefix and DC=mysite,DC=com as the base DN
h1. @$user_groups = array();@
+*This is not required for a user to login*+
A valid AD user groups (see KAYAKO_LDAP_ERROR_USERGROUP as well) to user group
* AD_Group => Kayako_User_Group
* Can do more than one
h2. Example:
Lets say you have a AD group called Customer Service and a Kayako user group called Service:
@$user_groups = array('Customer Service' => 'Service');@
More than one:
@$user_groups = array('Customer Service' => 'Service', 'Finance' => 'Service');@
h1. @$valid_user_groups = array();@
+*This is not required for a user to login*+
A AD groups a user +must+ be in to login
* If they are not in one of these groups they will +*not*+ be able to login
* Can do more than one
h2. Example:
$valid_user_groups = array('Customer Service', 'IS');
h1. @define('KAYAKO_LDAP_VERIFY_CONTROLLER', true);@
This is only used if more than one domain controller is used for authentication.
* true - adLDAP will attempt to verify it can connect to one of the controllers. If failed it will try another until one is found or all have been tried
* false - The default behavior is used where adLDAP will to try to connect to one random controller in the list. If failed it will NOT try another server.
h1. @define('KAYAKO_LDAP_ERROR_USERGROUP', true);@
* true - User will receive an error if they are not in any of the user groups
* false - Users not in the $user_group can still login they just will not be in a User Group
h1. @define('KAYAKO_LDAP_TEST', false);@
* true - Test mode enabled
* false - Test mode disabled
** username and password is ignored
h1. @define('KAYAKO_LDAP_SHOW_ERRORS', false);@
* true - Show errors and/or warnings on the screen. Please note that this will cause login to fail if there is even one displayed. Thus this should +*only*+ be used for testing
* false - Hides them
h1. @define('KAYAKO_LDAP_LOG', false);@
* true - Logging enabled
* false - Logging disabled
* The /ldap/log directory must be writable (755 or 777)
* You should leave this disabled unless needed as it does extensive logging
h1. @define('KAYAKO_LDAP_LOG_XML', false);@
* true - Log the XML output
* false - Disabled
h1. @define('KAYAKO_LDAP_LOG_OUTPUT', false);@
* true - Attempts to log everything displayed to the screen
* false - Disabled
h1. @define('KAYAKO_LDAP_USERNAME', 'username');@
A valid AD username to test with
h1. @define('KAYAKO_LDAP_PASSWORD', 'password');@
The password to go with KAYAKO_LDAP_USERNAME
h1. @define('KAYAKO_LDAP_STRIP_EMAIL', true);@
If found will strip email or domain suffix from a username
* true - Enabled
* false - Disabled
h2. Example:
If enabled:
If the username entered was username@mysite.com it would be changed to username
h1. @define('KAYAKO_LDAP_PHONE_NUMBER', true);@
* true - The AD mobile or home number will be used if the AD telephone number is empty
* false - Disabled