Configuration/Authentication Settings

From Davical
< Configuration
Revision as of 11:16, 27 December 2010 by Karora (talk) (New page: In general, using DAViCal's built-in user and group management, no special configuration should be needed. == External Authentication Configuration == === Using LDAP === See [[Configur...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

In general, using DAViCal's built-in user and group management, no special configuration should be needed.

External Authentication Configuration

Using LDAP

See Configuration/LDAP for some detailed examples of configuring DAViCal to use an LDAP server for an authentication source. Here is a brief example, however:

$c->authenticate_hook['call'] = 'LDAP_check';
$c->authenticate_hook['config'] = array(
    'host' => 'www.tennaxia.net',
    'port' => '389',
    'bindDN'=> 'cn=manager,cn=internal,dc=tennaxia,dc=net',
    'passDN'=> 'xxxxxxxx',
    'baseDNUsers'=> 'dc=tennaxia,dc=net', //where to look at valid user
    'filterUsers' => 'objectClass=kolabInetOrgPerson', //filter that must validate an valid user
    'baseDNGroups' => 'ou=divisions,dc=tennaxia,dc=net', //where to look for groups
    'filterGroups' => 'objectClass=posixGroup', //filter with same rules as filterUsers
    'mapping_field' => array('username' => 'uid',
                             'updated' => 'modifyTimestamp',
                             'fullname' => 'cn' ,
                             'email' =>'mail',
                             'active' => ), //used to create the user based on his ldap properties
   'group_mapping_field' => array('username' => 'cn',
                            'updated" => 'modifyTimestamp',
                            'fullname" => 'cn' ,
                            'members" =>'memberUid'
                            ), //used to create the group based on the ldap properties
    'default_value' => array("date_format_type" => "E","locale" => "fr_FR"),
    'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),
                             'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2))
    'scope' => 'subtree', // Search scope to use, defaults to subtree 
    );
 include_once('drivers_ldap.php');

Explanation of parameters:

host The hostname of the LDAP server
port The port to connect to the LDAP server on
bindDN The DN to bind to
passDN The password for the bind
baseDNUsers The base DN to look in for valid users
filterUsers A filter which must pass for this to be a valid user
baseDNGroups The base DN to look in for valid groups
filterGroups A filter which must pass for this to be a valid group
mapping_field An array of DAViCal field names vs. their LDAP mappings
group_mapping_field An array of DAViCal field names vs. their LDAP mappings
default_value An array of DAViCal field names vs. fixed default values
format_updated An array, keyed on Y, m, d, H, M and S with the values being arrays of (start,length) for substring operations on the DAViCal 'updated' field sourced from LDAP.
scope The search scope for all LDAP searches(users and groups)

NB: it's important to remember to install the LDAP modules for PHP (the php5-ldap package under debian/ubuntu).

Using a different 'AWL' database

The "AWL" library contains the basic database structure for user data which is used by DAViCal, and it is possible to use this data from a different database. This plugin is written more-or-less as an example of how to write an authentication plugin, but may be useful.