Configuration/Authentication Settings/LDAP groups

From Davical
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Group import/sync was added in 0.9.9, to use groups from LDAP first get users syncing from LDAP (see LDAP Configuration for base configuration details). Import/sync users and groups via the Administration > Import Calendars menu in the web interface. Once you have users syncing from LDAP you should be able to sync groups with the following settings.

    'baseDNGroups' => 'ou=Groups,dc=company,dc=com', //where to look for groups
    'filterGroups' => 'objectClass=posixGroup', //filter with same rules as filterUsers, could also be groupOfUniqueNames
    'group_mapping_field' => array('username' => 'cn',
                             'modified' => 'modifyTimestamp',
                             'fullname' => 'cn' ,
                             'members' =>'memberUid'
                             ), //used to create the group based on the ldap properties
     'scope' => 'subtree', // Search scope to use, defaults to subtree ( applies to BOTH user and group mappings )

Explanation of parameters: Template:Tlist Template:TRlistbaseDNGroups Template:TDlistThe base DN to look in for valid groups Template:TRlistfilterGroups Template:TDlistA filter which must pass for this to be a valid group Template:TRlistgroup_mapping_field Template:TDlistAn array of DAViCal field names vs. their LDAP mappings Template:TRlistscope Template:TDlistThe search scope for all LDAP searches(users and groups) |}

Note: the sync operations should be safe to use if you have made changes in LDAP and want those changes reflected in DAViCal.

Troubleshooting

If you do not see a message near the top of the page when syncing try running a search with another ldap tool.

 'baseDNGroups' => 'ou=Groups,dc=company,dc=com',
 'filterGroups' => 'objectClass=posixGroup'
 'scope' => 'subtree'

could be tested with

ldapsearch -h localhost -D "binddn" -W -s sub -b 'ou=Groups,dc=company,dc=com' 'objectClass=posixGroup'