Folgend ein paar Beispielkonfigurationen für die Verwendung des LDAP backend und dem Active Directory .

Zu beachten ist, dass es ein eigenes Active Directory Authentifizierungs Backend gibt, welches einfach zu konfigurieren ist und auch SSO via NTLM kann.

Notiz: Case-sensitive

• ersetze „mydomain“ und „dom“ mit deinem Domänennamen.

$conf['authtype']                         = 'ldap';
$conf['auth']['ldap']['server']           = 'mydomain.dom';
$conf['auth']['ldap']['binddn']           = '%{user}@%{server}';
$conf['auth']['ldap']['usertree']         = 'dc=mydomain,dc=dom';
$conf['auth']['ldap']['userfilter']       = '(userPrincipalName=%{user}@%{server})';
$conf['auth']['ldap']['mapping']['name']  = 'displayname';
$conf['auth']['ldap']['mapping']['grps']  = array('memberof' => '/CN=(.+?),/i');
$conf['auth']['ldap']['grouptree']        = 'dc=mydomain,dc=dom'; # position for find groups, at root here
$conf['auth']['ldap']['groupfilter']      = '(&(cn=*)(Member=%{dn})(objectClass=group))'; # find groups for current user(dn)
$conf['auth']['ldap']['referrals']        = 0; # Switch referrals off for use with Active Directory
$conf['auth']['ldap']['version']          = 3;
$conf['auth']['ldap']['debug']            = 0; #set 1 for watch authenticate activity (eg. list of user groups) on html page

Falls ein -fehler,wie „LDAP: bind with xxx failed [ldap.class.php:90]“ auftritt, versuche

$conf['auth']['ldap']['binddn']           = 'domain\%{user}';

Replace domain with your domain name.

$conf['authtype']                         = 'ldap';
$conf['auth']['ldap']['server']           = 'ldap://servername.domain.tld:389';
$conf['auth']['ldap']['binddn']           = '%{user}@domain.tld';
$conf['auth']['ldap']['usertree']         = 'ou=Users,dc=domain,dc=tld';
$conf['auth']['ldap']['userfilter']       = '(SAMAccountName=%{user})';
$conf['auth']['ldap']['mapping']['name']  = 'displayname';
$conf['auth']['ldap']['mapping']['grps']  = array('memberof' => '/CN=(.+?),/i');
$conf['auth']['ldap']['referrals']        = 0; # Switch referrals off for use with Active Directory
$conf['auth']['ldap']['version']          = 3;

$conf['authtype']                        = 'ldap';
$conf['auth']['ldap']['server']          = '127.0.0.1:389';
$conf['auth']['ldap']['binddn']          = '%{user}@yourfulldomainname';
$conf['auth']['ldap']['usertree']        = ''; // point to container where your users are ie OU=x, DC=y etc
$conf['auth']['ldap']['userfilter']      = '(userPrincipalName=%{user}@yourfulldomainname)';
$conf['auth']['ldap']['grouptree']       = ''; // point this to container where your groups are ie CN=Users, DC=x etc
$conf['auth']['ldap']['groupfilter']     = '(&(cn=USR_*)(Member=%{dn})(ObjectCategory=group))';//selects only the groups with the user as a member
//remember dn is the full dn to the user's account - filters on groups starting with USR_
$conf['auth']['ldap']['mapping']['name'] = 'displayname';
$conf['auth']['ldap']['mapping']['grps'] = 'array(\'memberof\' => \'/CN=(.+?),/i\')';
$conf['auth']['ldap']['referrals']       = '0';
$conf['auth']['ldap']['version']         = '3';