Tuesday 15 June 2010 2:22:17 am
I got it! After some 'try & error' I found the correct settings for ldap.ini. Here is how it works now:
- Create users in your ActiveDirectory (AD)
- Create groups that should be used with eZ Publish in your AD
- Create the same groups in eZ Publish
- Link users with groups in your AD
If you use "SimpleMapping" method now the user will be created in the same group as he is in your AD. Here are all ini settings you need to have in your ldap.ini.append.php (based on Windows Active Directory):
[LDAPSettings]
# Enable tracing the the ldap login, outputs extensive debug info for use during setup
# NOTE: Do not keep this enabled on production setup as login name and passwords will be
# logged to logfiles or outputted if DebugOutput settings are enabled.
LDAPDebugTrace=enabled
# Set LDAP version number
LDAPVersion=3
# Determines whether the LDAP library automatically follows referrals returned by LDAP servers or not.
# set to 1 to enable
LDAPFollowReferrals=0
# Set to true if use LDAP server
LDAPEnabled=true
# LDAP host
LDAPServer=<YOUR SERVER IP>
# Port nr for LDAP, default is 389
LDAPPort=389
# Specifies the base DN for the directory.
LDAPBaseDn=DC--example,DC--com
# If the server does not allow anonymous bind, specify the user name for the bind here.
LDAPBindUser=administrator@example.com
# If the server does not allow anonymous bind, specify the password for the bind here.
LDAPBindPassword=<YOUR ADMIN PASS>
# Could be sub, one, base.
LDAPSearchScope=sub
# Use the equla sign to replace "=" when specify LDAPBaseDn or LDAPSearchFilters
LDAPEqualSign=--
# Add extra search requirment. Uncomment it if you don't need it.
# Example LDAPSearchFilters[]=objectClass--inetOrgPerson
LDAPSearchFilters[]=objectCategory--person
# LDAP attribute for login. Normally, uid
LDAPLoginAttribute=sAMAccountName
## LDAP GROUP SETTINGS
LDAPGroupBaseDN=DC--example,DC--com
LDAPGroupMappingType=SimpleMapping
LDAPGroupClass=group
LDAPGroupNameAttribute=cn
LDAPGroupMemberAttribute=member
LDAPUserGroupMap[]
LDAPUserGroupMap[eZPublish1]=eZPublish1
LDAPUserGroupMap[eZPublish2]=eZPublish2 Finally I have to say that the example on documentation page for "SimpleMapping" is absolutly wrong! Thank you Nicolas for your help! Philip
Linux is like a wigwam; no windows, now gates, and apache inside!
|