A page in your DokuWiki was added or changed. Here are the details: Date : 2011/12/18 23:28 Browser : Mozilla/5.0 (Ubuntu; X11; Linux i686; rv:8.0) Gecko/20100101 Firefox/8.0 IP-Address : 82.225.22.177 Hostname : lyon.oodo.net Old Revision: http://ltb-project.org/wiki/documentation/self-service-password/0.7/config_ldap?rev=1322494577 New Revision: http://ltb-project.org/wiki/documentation/self-service-password/0.7/config_ldap Edit Summary: User : coudot
@@ -4,19 +4,19 @@ ===== Server address ===== Use an LDAP URI to configure the location of your LDAP server in ''$ldap_url'': - <file> + <file php> $ldap_url = "ldap://localhost:389";; </file> You can set several URI, so that next server will be tried if the previous is down: - <file> + <file php> $ldap_url = "ldap://server1 ldap://server2";; </file> To use SSL, set ''ldaps'' in the URI: - <file> + <file php> $ldap_url = "ldaps://localhost"; </file> <note important> @@ -33,29 +33,29 @@ ===== Credentials ===== Configure DN and password in ''$ldap_bindn'' and ''$ldap_bindpw'': - <file> + <file php> $ldap_binddn = "cn=manager,dc=example,dc=com"; $ldap_bindpw = "secret"; </file> <note tip>You can leave these parameters empty to bind anonymously. In this case, the password modification must be done with user's credentials.</note> To use user's credentials when writing in LDAP directory, replace ''manager'' with ''user'' in ''$who_change_password'': - <file> + <file php> $who_change_password = "user"; </file> ===== Search parameters ===== You can set the base of the search in ''$ldap_base'': - <file> + <file php> $ldap_base = "dc=example,dc=com"; </file> The filter can be set in ''$ldap_filter'': - <file> + <file php> $ldap_filter = "(&(objectClass=person)(uid={login}))"; </file> <note>The string ''{login}'' is replaced by submitted login.</note> @@ -64,27 +64,37 @@ ==== Active Directory ==== Password in Active Directory is not managed like in other LDAP directories. Use option ''$ad_mode'' to use ''unicodePwd'' as password field: - <file> + <file php> $ad_mode = true; </file> You must also use SSL on LDAP connection because AD refuses to change a password on a clear connection. See this [[:documentation:general:active_directory_certificates|documentation]] to manage Active Directory certificates. Adapt the search filter too: - <file> + <file php> $ldap_filter = (&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.803:=2))); </file> <note warning>Due to PHP LDAP API limitations, changing password as user is not possible. You need to change it as manager.</note> + + You can tune some options: + * Force unlock: will unlock a locked account when password is changed + <file php> + $ad_options['force_unlock'] = true; + </file> + * Force user to change password at next login: + <file php> + $ad_options['force_pwd_change'] = true; + </file> ==== Samba ==== To manage compatibility with Windows world, Samba stores a specific hash of the password in a second attribute (''sambaNTpassword''). It also store modification date in ''sambaPwdLastSet''. Use ''$samba_mode'' to manage these attributes: - <file> + <file php> $samba_mode = true; </file> <note important>You must enable Samba schema on your LDAP directory, else LDAP modifications will fail.</note> -- This mail was generated by DokuWiki at http://ltb-project.org/wiki/ _______________________________________________ ltb-changes mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-changes
