daily pastebin goal
66%
SHARE
TWEET

NConf Active Directory authentication example

a guest Aug 21st, 2012 231 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ###
  2. ###  Auth by "ad_ldap"
  3. ###
  4. ###  (for modifications to include/login_check.php by ipro-bgardner)
  5. ###
  6.  
  7. # When this is enabled the user should log in using their typical Windows credentials.
  8. # The username should simply be the username, no <domain>\<username> or
  9. # <username>@<domain>.<tld>.
  10.  
  11.  
  12. # This is the LDAP (Active Directory) server to connect to.
  13. # Dont use "ldap://"
  14. #
  15. define('AD_LDAP_SERVER', "ad01.example.local");
  16.  
  17.  
  18. # This is the TCP port to connect to on the LDAP (Active Directory) server.
  19. #
  20. define('AD_LDAP_PORT', "389");
  21.  
  22.  
  23. # At login, this is used together with the user-supplied credentials
  24. # to ldap_bind to Active Directory.
  25. #
  26. define('AD_NTDOMAIN', "corp");
  27.  
  28.  
  29. # The authentication process uses this address as the base container for searches
  30. # in Active Direcory.  Only items at this level or in subcontainers will be searched.  
  31. # (If this is not the root of the directory then the entire directory will not be
  32. # searched.)
  33. #
  34. define('AD_BASE_DN', "OU=Users,DC=example,DC=local");
  35.  
  36.  
  37. # If the groups in AD_ADMIN_GROUP and AD_USER_GROUP are in the same container
  38. # then you can enter the address of their parent container here and save
  39. # yourself from typing it twice.  If this is empty then AD_ADMIN_GROUP
  40. # and AD_USER_GROUP need to contain the full LDAP address of the respective
  41. # groups.  (This seems to lend itself to confusion.  It seems that the only
  42. # purpose of AD_GROUP_DN is to save some typing when initially configuring
  43. # NConf.  I recommend doing away with this concept.)
  44. #
  45. define('AD_GROUP_DN', "OU=Groups,DC=example,DC=local");
  46.  
  47.  
  48. # This is the AD group whose members should have admin rights to NConf.
  49. # If AD_GROUP_DN is empty then this needs to contain the full path to
  50. # the group object.
  51. #
  52. define('AD_ADMIN_GROUP', "CN=NConf Admins");
  53.  
  54.  
  55. # This is the AD group whose members should be able to access NConf,
  56. # but not with admin rights. If AD_GROUP_DN is empty then this needs
  57. # to contain the full path to the group object.
  58. #
  59. define('AD_USER_GROUP', "CN=NConf Non-Admins");
  60.  
  61.  
  62. # If the admin and non-admin groups are not in the same container in AD
  63. # then leave AD_GROUP_DN empty and put full paths in AD_ADMIN_GROUP and
  64. # AD_USER_GROUP
  65. #
  66. #define('AD_GROUP_DN',    "");
  67. #define('AD_ADMIN_GROUP', "CN=NConf Admins,OU=Groups,DC=example,DC=local");
  68. #define('AD_USER_GROUP',  "CN=NConf Non-Admins,OU=Location2,DC=example,DC=local");
  69.  
  70.  
  71. # These are deprecated, they don't do anything under the
  72. # modifications by ipro-bgardner
  73. #
  74. #define('AD_USER_REPLACEMENT',   "<username>");
  75. #define('AD_GROUP_ATTRIBUTE',    "memberof");
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top