API tools faq
paste
Advertisement
Guest User

NConf Active Directory authentication example

a guest
Aug 21st, 2012
323
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.58 KB | None | 0 0
raw download clone embed print report
  1. ###
  2. ###  Auth by "ad_ldap"
  3. ###
  4. ###  (for modifications to include/login_check.php by ipro-bgardner)
  5. ###
  6.  
  7. # When this is enabled the user should log in using their typical Windows credentials.
  8. # The username should simply be the username, no <domain>\<username> or
  9. # <username>@<domain>.<tld>.
  10.  
  11.  
  12. # This is the LDAP (Active Directory) server to connect to.
  13. # Dont use "ldap://"
  14. #
  15. define('AD_LDAP_SERVER', "ad01.example.local");
  16.  
  17.  
  18. # This is the TCP port to connect to on the LDAP (Active Directory) server.
  19. #
  20. define('AD_LDAP_PORT', "389");
  21.  
  22.  
  23. # At login, this is used together with the user-supplied credentials
  24. # to ldap_bind to Active Directory.
  25. #
  26. define('AD_NTDOMAIN', "corp");
  27.  
  28.  
  29. # The authentication process uses this address as the base container for searches
  30. # in Active Direcory.  Only items at this level or in subcontainers will be searched.  
  31. # (If this is not the root of the directory then the entire directory will not be
  32. # searched.)
  33. #
  34. define('AD_BASE_DN', "OU=Users,DC=example,DC=local");
  35.  
  36.  
  37. # If the groups in AD_ADMIN_GROUP and AD_USER_GROUP are in the same container
  38. # then you can enter the address of their parent container here and save
  39. # yourself from typing it twice.  If this is empty then AD_ADMIN_GROUP
  40. # and AD_USER_GROUP need to contain the full LDAP address of the respective
  41. # groups.  (This seems to lend itself to confusion.  It seems that the only
  42. # purpose of AD_GROUP_DN is to save some typing when initially configuring
  43. # NConf.  I recommend doing away with this concept.)
  44. #
  45. define('AD_GROUP_DN', "OU=Groups,DC=example,DC=local");
  46.  
  47.  
  48. # This is the AD group whose members should have admin rights to NConf.
  49. # If AD_GROUP_DN is empty then this needs to contain the full path to
  50. # the group object.
  51. #
  52. define('AD_ADMIN_GROUP', "CN=NConf Admins");
  53.  
  54.  
  55. # This is the AD group whose members should be able to access NConf,
  56. # but not with admin rights. If AD_GROUP_DN is empty then this needs
  57. # to contain the full path to the group object.
  58. #
  59. define('AD_USER_GROUP', "CN=NConf Non-Admins");
  60.  
  61.  
  62. # If the admin and non-admin groups are not in the same container in AD
  63. # then leave AD_GROUP_DN empty and put full paths in AD_ADMIN_GROUP and
  64. # AD_USER_GROUP
  65. #
  66. #define('AD_GROUP_DN',    "");
  67. #define('AD_ADMIN_GROUP', "CN=NConf Admins,OU=Groups,DC=example,DC=local");
  68. #define('AD_USER_GROUP',  "CN=NConf Non-Admins,OU=Location2,DC=example,DC=local");
  69.  
  70.  
  71. # These are deprecated, they don't do anything under the
  72. # modifications by ipro-bgardner
  73. #
  74. #define('AD_USER_REPLACEMENT',   "<username>");
  75. #define('AD_GROUP_ATTRIBUTE',    "memberof");
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!