History

« Previous - Version 2/7 (diff) - Next » - Current version
Bryan Heath, 06/08/2012 04:08 pm

Configure Optional

Everything is pretty well documented in the /ldap/config.php file however here is a more inclusive documentation

For all the examples below we will be using mysite.com as the AD prefix and DC=mysite,DC=com as the base DN

$user_groups = array();

This is not required for a user to login

A valid AD user groups (see KAYAKO_LDAP_ERROR_USERGROUP as well) to user group
  • AD_Group => Kayako_User_Group
  • Can do more than one

Example:

Lets say you have a AD group called Customer Service and a Kayako user group called Service:

$user_groups = array('Customer Service' => 'Service');
More than one:
$user_groups = array('Customer Service' => 'Service', 'Finance' => 'Service');

$valid_user_groups = array();

This is not required for a user to login

A AD groups a user must be in to login
  • If they are not in one of these groups they will not be able to login
  • Can do more than one

Example:

$valid_user_groups = array('Customer Service', 'IS');

define('KAYAKO_LDAP_ERROR_USERGROUP', true);

  • true - User will receive an error if they are not in any of the user groups
  • false - Users not in the $user_group can still login they just will not be in a User Group

define('KAYAKO_LDAP_TEST', false);

  • true - Test mode enabled
  • false - Test mode disabled
    • username and password is ignored

define('KAYAKO_LDAP_LOG', false);

  • true - Logging enabled
  • false - Logging disabled
  • The /ldap/log directory must be writable (755 or 777)
  • You should leave this disabled unless needed as it does extensive logging

define('KAYAKO_LDAP_USERNAME', 'username');

A valid AD username to test with

define('KAYAKO_LDAP_PASSWORD', 'password');

The password to go with KAYAKO_LDAP_USERNAME

define('KAYAKO_LDAP_STRIP_EMAIL', true);

If found will strip email or domain suffix from a username

  • true - Enabled
  • false - Disabled

Example:

If enabled:
If the username entered was it would be changed to username

define('KAYAKO_LDAP_PHONE_NUMBER', true);

  • true - The AD mobile or home number will be used if the AD telephone number is empty
  • false - Disabled