Configuration/LDAP

From DAViCal Wiki

Jump to: navigation, search

DAViCal supports LDAP Authentication. This page provides configuration settings and an example of configuring DAViCal with LDAP at version 0.9.3 and newer.

Some authentication examples, including LDAP, are also shown in Configuration, and in the config directory in the tarball.

For LDAP Authentication, it's important to install the LDAP modules for PHP (the php5-ldap package under debian/ubuntu).

LDAP Settings

The settings for the LDAP connection go in the config file /etc/davical/<servername>-conf.php (this file might be in /etc/rscds/ if you upgraded from an older installation). 

  $c->authenticate_hook['call'] = 'LDAP_check';
  $c->authenticate_hook['config'] = array(
    'host'          => '<LDAP SERVER>', //host name of your LDAP Server
    'port'          => '<PORT>', //port
    'bindDN'        => '<BIND-CONTAINER/USERNAME>', //DN to bind request to this server (if required)
    'passDN'        => '<PASSWORD>', //Password of request bind
    'baseDNUsers'   => 'cn=Users,dc=company,dc=com', //where to look for valid user
    'protocolVersion' => 3, // important for simple auth (no sasl)
//    'startTLS'    => true, // securing your LDAP connection
    'mapping_field' => array(
                             'username' => 'uid',
                             'updated'  => 'modifyTimestamp',
                             'fullname' => 'cn', // "Common Name"
//                           'user_no'  => 'uidNumber', // Set DAViCAL user no to match Unix uid from LDAP
                             'email'    => 'mail'), //used to create the user based on his LDAP properties
    'format_updated'=> array('Y' => array(0,4),
                             'm' => array(4,2),
                             'd' => array(6,2),
                             'H' => array(8,2),
                             'M' => array(10,2),
                             'S' => array(12,2)), // map LDAP "modifyTimestamp" field to SQL "updated" field
  );
  include('drivers_ldap.php');

Explanation

When a user logs in for the first time, an SQL record is created from the LDAP data using the mappings above (a cn entry in LDAP becomes username in SQL, etc.)

Working Example

If your OpenLDAP server allows authentication from Apache 2.0 with an httpd config like: 

 <IfModule mod_auth_ldap.c>
   AuthLDAPURL ldap://ldap.example.com/o=example
   AuthName "Example Inc. users"
   AuthType Basic
 </IfModule>
 order deny,allow
 deny from all
 require valid-user
 satisfy any

Then the following config allows authentication from DAViCal via LDAP: 

<?php
 $c->pg_connect[] = 'dbname=davical port=5432 user=general';
 $c->authenticate_hook['call'] = 'LDAP_check';
 $c->authenticate_hook['config'] = array(
     'host' => 'ldap.example.com',
     'port' => '389',
     'filterUsers' => 'objectclass=*',    // we need this to successfully search users
     'baseDNUsers' => 'o=example',  // most orgs have more fields
     'protocolVersion' => 3, 
     'mapping_field' => array("username" => "uid",
                              "updated" => "modifyTimestamp",
                              "fullname" => "cn" ,  // "Common Name" 
                              "user_no" => "uidNumber" ,  // set DAViCal user no to match Unix uid from LDAP
                              "email" => "mail"
                              ), //used to create the user based on his LDAP properties
     'format_updated'=> array('Y' => array(0,4),
                              'm' => array(4,2),
                              'd' => array(6,2),
                              'H' => array(8,2),
                              'M' => array(10,2),
                              'S' => array(12,2)), // map LDAP "modifyTimestamp" field to SQL "updated" field
   );
 include('drivers_ldap.php');
?>
Retrieved from "http://wiki.davical.org/w/Configuration/LDAP"
Personal tools