Configuration/Authentication Settings/LDAP groups

From Davical
Jump to navigationJump to search

Group import/sync was added in 0.9.9, to use groups from LDAP first get users syncing from LDAP (see LDAP Configuration for base configuration details). Import/sync users and groups via the Administration > Import Calendars menu in the web interface. Once you have users syncing from LDAP you should be able to sync groups with the following settings.

    'baseDNGroups' => 'ou=Groups,dc=company,dc=com', //where to look for groups
    'filterGroups' => 'objectClass=posixGroup', //filter with same rules as filterUsers, could also be groupOfUniqueNames
    'group_mapping_field' => array('username' => 'cn',
                             'modified' => 'modifyTimestamp',
                             'fullname' => 'cn' ,
                             'members' =>'memberUid'
                             ), //used to create the group based on the ldap properties
     'scope' => 'subtree', // Search scope to use, defaults to subtree ( applies to BOTH user and group mappings )

Explanation of parameters: Template:Tlist Template:TRlistbaseDNGroups Template:TDlistThe base DN to look in for valid groups Template:TRlistfilterGroups Template:TDlistA filter which must pass for this to be a valid group Template:TRlistgroup_mapping_field Template:TDlistAn array of DAViCal field names vs. their LDAP mappings Template:TRlistscope Template:TDlistThe search scope for all LDAP searches(users and groups) |}

Note: the sync operations should be safe to use if you have made changes in LDAP and want those changes reflected in DAViCal.

Troubleshooting

If you do not see a message near the top of the page when syncing try running a search with another ldap tool.

 'baseDNGroups' => 'ou=Groups,dc=company,dc=com',
 'filterGroups' => 'objectClass=posixGroup'
 'scope' => 'subtree'

could be tested with

ldapsearch -h localhost -D "binddn" -W -s sub -b 'ou=Groups,dc=company,dc=com' 'objectClass=posixGroup'