Les exemples de configuration ci-dessous fonctionnent avec LDAP et un serveur Active Directory.

Merci de noter qu'il existe un module d'authentification Active Directory qui est beaucoup plus facile à configurer et supporte le Single-Sign-On au travers de NTLM.

Note: Attention aux majuscules dans les nom de domaine, la connexion fonctionnera mais l'utilisation des groupes Active Directory ne sera pas actif, utiliser un outils tel que AD Explorer pour debuger.

• changer “mydomain” et “dom” par votre nom de domaine AD (dc).

$conf['authtype']                         = 'ldap';
$conf['auth']['ldap']['server']           = 'mydomain.dom';
$conf['auth']['ldap']['binddn']           = '%{user}@%{server}';
$conf['auth']['ldap']['usertree']         = 'dc=mydomain,dc=dom';
$conf['auth']['ldap']['userfilter']       = '(userPrincipalName=%{user}@%{server})';
$conf['auth']['ldap']['mapping']['name']  = 'displayname';
$conf['auth']['ldap']['mapping']['grps']  = array('memberof' => '/CN=(.+?),/i');
$conf['auth']['ldap']['grouptree']        = 'dc=mydomain,dc=dom'; # position for find groups, at root here
$conf['auth']['ldap']['groupfilter']      = '(&(cn=*)(Member=%{dn})(objectClass=group))'; # find groups for current user(dn)
$conf['auth']['ldap']['referrals']        = 0; # Switch referrals off for use with Active Directory
$conf['auth']['ldap']['version']          = 3;
$conf['auth']['ldap']['debug']            = 0; #set 1 for watch authenticate activity (eg. list of user groups) on html page

Si vous avez l'erreur “LDAP: bind with xxx failed [ldap.class.php:90]”, essayer ceci

$conf['auth']['ldap']['binddn']           = 'domain\%{user}';

Remplacez domain par votre nom de domaine.

$conf['authtype']                         = 'ldap';
$conf['auth']['ldap']['server']           = 'ldap://servername.domain.tld:389';
$conf['auth']['ldap']['binddn']           = '%{user}@domain.tld';
$conf['auth']['ldap']['usertree']         = 'ou=Users,dc=domain,dc=tld';
$conf['auth']['ldap']['userfilter']       = '(SAMAccountName=%{user})';
$conf['auth']['ldap']['mapping']['name']  = 'displayname';
$conf['auth']['ldap']['mapping']['grps']  = array('memberof' => '/CN=(.+?),/i');
$conf['auth']['ldap']['referrals']        = 0; # Switch referrals off for use with Active Directory
$conf['auth']['ldap']['version']          = 3;

$conf['authtype']                        = 'ldap';
$conf['auth']['ldap']['server']          = '127.0.0.1:389';
$conf['auth']['ldap']['binddn']          = '%{user}@yourfulldomainname';
$conf['auth']['ldap']['usertree']        = ''; // point to container where your users are ie OU=x, DC=y etc
$conf['auth']['ldap']['userfilter']      = '(userPrincipalName=%{user}@yourfulldomainname)';
$conf['auth']['ldap']['grouptree']       = ''; // point this to container where your groups are ie CN=Users, DC=x etc
$conf['auth']['ldap']['groupfilter']     = '(&(cn=USR_*)(Member=%{dn})(ObjectCategory=group))';//selects only the groups with the user as a member
//remember dn is the full dn to the user's account - filters on groups starting with USR_
$conf['auth']['ldap']['mapping']['name'] = 'displayname';
$conf['auth']['ldap']['mapping']['grps'] = 'array(\'memberof\' => \'/CN=(.+?),/i\')';
$conf['auth']['ldap']['referrals']       = '0';
$conf['auth']['ldap']['version']         = '3';