Configure Optional
Version 4 (Bryan Heath, 06/27/2012 06:16 pm) → Version 5/7 (Bryan Heath, 12/11/2012 12:28 pm)
h1. Configure Optional
Everything is pretty well documented in the /ldap/config.php file however here is a more inclusive documentation
For all the examples below we will be using mysite.com as the AD prefix and DC=mysite,DC=com as the base DN
h1. @$user_groups = array();@
+*This is not required for a user to login*+
A valid AD user groups (see KAYAKO_LDAP_ERROR_USERGROUP as well) to user group
* AD_Group => Kayako_User_Group
* Can do more than one
h2. Example:
Lets say you have a AD group called Customer Service and a Kayako user group called Service:
h1. @$user_group_bypass
@$user_groups = array();@
+*This is not required for a user to login*+
This allows the ability to bypass the default Kayako user groups, which is Registered.
* AD_Username array('Customer Service' => User_Group
* Can do more than one
* AD Username *+must+* be lowercase (this ensures the validation)
* This bypasses the user_group completely
h2. Example:
@$user_group_bypass= array('jdoe' => 'Service');@
More than one:
@$user_group_bypass @$user_groups = array('jdoe' array('Customer Service' => 'Service', 'janedoe' 'Finance' => 'Service');@
h1. @$valid_user_groups = array();@
+*This is not required for a user to login*+
A AD groups a user +must+ be in to login
* If they are not in one of these groups they will +*not*+ be able to login
* Can do more than one
h2. Example:
$valid_user_groups = array('Customer Service', 'IS');
h1. @define('KAYAKO_LDAP_VERIFY_CONTROLLER', true);@
This is only used if more than one domain controller is used for authentication.
* true - adLDAP will attempt to verify it can connect to one of the controllers. If failed it will try another until one is found or all have been tried
* false - The default behavior is used where adLDAP will to try to connect to one random controller in the list. If failed it will NOT try another server.
h1. @define('KAYAKO_LDAP_ERROR_USERGROUP', true);@
* true - User will receive an error if they are not in any of the user groups
* false - Users not in the $user_group can still login they just will not be in a User Group
h1. @define('KAYAKO_LDAP_TEST', false);@
* true - Test mode enabled
* false - Test mode disabled
** username and password is ignored
h1. @define('KAYAKO_LDAP_SHOW_ERRORS', false);@
* true - Show errors and/or warnings on the screen. Please note that this will cause login to fail if there is even one displayed. Thus this should +*only*+ be used for testing
* false - Hides them
h1. @define('KAYAKO_LDAP_LOG', false);@
* true - Logging enabled
* false - Logging disabled
* The /ldap/log directory must be writable (755 or 777)
* You should leave this disabled unless needed as it does extensive logging
h1. @define('KAYAKO_LDAP_LOG_XML', false);@
* true - Log the XML output
* false - Disabled
h1. @define('KAYAKO_LDAP_LOG_OUTPUT', false);@
* true - Attempts to log everything displayed to the screen
* false - Disabled
* Note the KAYAKO_LDAP_LOG_XML is redundant if this is enabled
h1. @define('KAYAKO_LDAP_USERNAME', 'username');@
A valid AD username to test with
h1. @define('KAYAKO_LDAP_PASSWORD', 'password');@
The password to go with KAYAKO_LDAP_USERNAME
h1. @define('KAYAKO_LDAP_PHONE_NUMBER', true);@
* true - The AD mobile or home number will be used if the AD telephone number is empty
* false - Disabled
h1. @define('KAYAKO_LDAP_IMPORT_DEPARTMENT', true);@
* true - Import AD Department to Organization in the user's profile
* false - Disabled
h1. @define('KAYAKO_LDAP_IMPORT_TITLE', true);@
* true - Import AD Job Title to Title/Position in the user's profile
* false - Disabled