First make sure you have the ldap-functions available in php.
Then edit your ini-files:
settings/override/site.ini.append.php:
[UserSettings] LoginHandler[]=LDAP
settings/override/ldap.ini.append.php:
[LDAPSettings]
# Set to true if use LDAP server
LDAPEnabled=true
# LDAP host
# This example uses stunnel from localhost to ldap-server.
LDAPServer=ldapserverhostname
# Port nr for LDAP, default is 389
# 636 is ldaps (ldap over SSL/TLS)
LDAPPort=389
# Specifies the base DN for the directory.
# Ex: dc=example,dc=com
LDAPBaseDn=<your base DN>
# LDAP attribute for login. Normally, uid
LDAPLoginAttribute=uid
# Could be id or name
LDAPUserGroupType=id
# Default place to store LDAP users. Could be content object id or group name for LDAP
user group, depends on LDAPUserGroupType.
LDAPUserGroup=<your content object id where you store ldap-users in eZ>
# LDAP attribute type for user group. Could be name or id. Optional
# Having different user-type (ie. Employees and students? Then you could put them into
different user-groups in eZ to assign different roles/rights.
LDAPUserGroupAttributeType=
# LDAP attribute for user group. For example, employeetype. If specified, LDAP users will
be saved under the same group as in LDAP server. Depends on LDAPUserGroupAttributeType. LDAPUserGroupAttribute=
Start doing a test with ie. ldapsearch on your ez-server to check that it has access to getting information from the ldap-server.
The structure of objects in the ldap-server is not important. eZ-ldap-handler can do a sub-tree search on your ldap-server starting at the base-dn.
There is also some issues with the ldap-ssl functionality. Try non-ssl first is my tip (port 389).
Okay, I have it working now but I still think there is something that I am doing wrong. In order for me to log in using LDAP authentication I had to enter the id as the username rather than the username and once I did this and logged in, a duplicate user was created in eZ Publish based on the information that was stored in LDAP. Is this what is supposed to happen? If not, what am I doing wrong? If it is supposed to work like this, how can I change it to log in with the username rather than the id?
Yes, it is supposed to create a local eZ-users for several reasons:
-content is stamped with the user that created/edited it. -have the possibility to manage user-groups within eZ if you don't have that information in ldap-directory.
There is also a cron-job that sync's the local eZ-users against ldap-directory (ldapusermanage.php). If a user is deleted from ldap, then this script will disable the eZ-user (but not delete it).
For the login-name try changing LDAPLoginAttribute to the attribute you use in your ldap-directory that store the usernames. (Ex: In Novell it would often be the CN attribute).
You must be logged in to post messages in this topic!