Configure Required
Version 3 (Bryan Heath, 06/08/2012 04:06 pm)
| 1 | 1 | h1. Configure Required |
|
|---|---|---|---|
| 2 | 1 | ||
| 3 | 1 | Everything is pretty well documented in the /ldap/config.php file however here is a more inclusive documentation |
|
| 4 | 1 | ||
| 5 | 1 | For all the examples below we will be using mysite.com as the AD prefix and DC=mysite,DC=com as the base DN |
|
| 6 | 1 | ||
| 7 | 3 | Bryan Heath | h1. @$ldap_domain_info = array('@mydomain.local' => 'DC=mydomain,DC=local');@ |
| 8 | 1 | ||
| 9 | 1 | This is the LDAP domain info. |
|
| 10 | 1 | * You can have more than one domain if needed. |
|
| 11 | 1 | * It goes AD Prefix => Base DN |
|
| 12 | 1 | ||
| 13 | 3 | Bryan Heath | h2. Example: |
| 14 | 1 | ||
| 15 | 1 | @$ldap_domain_info = array('@mysite.com' => 'DC=mysite,DC=com');@ |
|
| 16 | 1 | ||
| 17 | 1 | Lets say you have a second domain called mysite2.net that you want to authenticate to as well: |
|
| 18 | 1 | @$ldap_domain_info = array('@mysite.com' => 'DC=mysite,DC=com', '@mysite2.net' => 'DC=mysite2,DC=net');@ |
|
| 19 | 1 | ||
| 20 | 3 | Bryan Heath | h1. @$ldap_domain_controllers = array('dc01.mydomain.local');@ |
| 21 | 1 | ||
| 22 | 1 | Domain controller(s). |
|
| 23 | 1 | * You can use DNS names or IPs |
|
| 24 | 1 | * You can also have more than one |
|
| 25 | 1 | ||
| 26 | 3 | Bryan Heath | h2. Example: |
| 27 | 1 | ||
| 28 | 1 | @$ldap_domain_controllers = array('dc01.mysite.com');@ |
|
| 29 | 1 | More than one: |
|
| 30 | 1 | @$ldap_domain_controllers = array('dc01.mysite.com', '192.168.1.2', 'dc04.mysite.com');@ |
|
| 31 | 1 | ||
| 32 | 3 | Bryan Heath | h1. @$staff_groups = array('Group' => 'Staff');@ |
| 33 | 1 | ||
| 34 | 2 | Bryan Heath | *+This is only required if you are going to use this for staff logins+* |
| 35 | 1 | ||
| 36 | 2 | Bryan Heath | Change for AD staff groups a user +must+ be in to login |
| 37 | 2 | Bryan Heath | |
| 38 | 2 | Bryan Heath | * AD_Group => Kayako_Staff_Team |
| 39 | 2 | Bryan Heath | * Case sensitive |
| 40 | 2 | Bryan Heath | * Can have more than one |
| 41 | 2 | Bryan Heath | ** The list goes in order of how its entered and stops when a user is found. So if the user is in more than one AD group that have a Staff Team he will only be apart of the team of the first AD group they are found in |
| 42 | 2 | Bryan Heath | ** So in the example below lets say you have a user in the Tech Support and Finance AD Group. They would only be a Support team because that one is before Sales on the list. |
| 43 | 2 | Bryan Heath | |
| 44 | 3 | Bryan Heath | h2. Example: |
| 45 | 2 | Bryan Heath | |
| 46 | 2 | Bryan Heath | Let's say you have an AD group call Tech Support and you have a Kayako Staff Team called Support |
| 47 | 2 | Bryan Heath | @$staff_groups = array('Tech Support' => 'Support');@ |
| 48 | 2 | Bryan Heath | More than one: |
| 49 | 2 | Bryan Heath | @$staff_groups = array('Tech Support' => 'Support', 'IS' => 'Support', 'Finance' => 'Sales', 'Customer Service' => 'Sales');@ |