Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###
- ### Auth by "ad_ldap"
- ###
- ### (for modifications to include/login_check.php by ipro-bgardner)
- ###
- # When this is enabled the user should log in using their typical Windows credentials.
- # The username should simply be the username, no <domain>\<username> or
- # <username>@<domain>.<tld>.
- # This is the LDAP (Active Directory) server to connect to.
- # Dont use "ldap://"
- #
- define('AD_LDAP_SERVER', "ad01.example.local");
- # This is the TCP port to connect to on the LDAP (Active Directory) server.
- #
- define('AD_LDAP_PORT', "389");
- # At login, this is used together with the user-supplied credentials
- # to ldap_bind to Active Directory.
- #
- define('AD_NTDOMAIN', "corp");
- # The authentication process uses this address as the base container for searches
- # in Active Direcory. Only items at this level or in subcontainers will be searched.
- # (If this is not the root of the directory then the entire directory will not be
- # searched.)
- #
- define('AD_BASE_DN', "OU=Users,DC=example,DC=local");
- # If the groups in AD_ADMIN_GROUP and AD_USER_GROUP are in the same container
- # then you can enter the address of their parent container here and save
- # yourself from typing it twice. If this is empty then AD_ADMIN_GROUP
- # and AD_USER_GROUP need to contain the full LDAP address of the respective
- # groups. (This seems to lend itself to confusion. It seems that the only
- # purpose of AD_GROUP_DN is to save some typing when initially configuring
- # NConf. I recommend doing away with this concept.)
- #
- define('AD_GROUP_DN', "OU=Groups,DC=example,DC=local");
- # This is the AD group whose members should have admin rights to NConf.
- # If AD_GROUP_DN is empty then this needs to contain the full path to
- # the group object.
- #
- define('AD_ADMIN_GROUP', "CN=NConf Admins");
- # This is the AD group whose members should be able to access NConf,
- # but not with admin rights. If AD_GROUP_DN is empty then this needs
- # to contain the full path to the group object.
- #
- define('AD_USER_GROUP', "CN=NConf Non-Admins");
- # If the admin and non-admin groups are not in the same container in AD
- # then leave AD_GROUP_DN empty and put full paths in AD_ADMIN_GROUP and
- # AD_USER_GROUP
- #
- #define('AD_GROUP_DN', "");
- #define('AD_ADMIN_GROUP', "CN=NConf Admins,OU=Groups,DC=example,DC=local");
- #define('AD_USER_GROUP', "CN=NConf Non-Admins,OU=Location2,DC=example,DC=local");
- # These are deprecated, they don't do anything under the
- # modifications by ipro-bgardner
- #
- #define('AD_USER_REPLACEMENT', "<username>");
- #define('AD_GROUP_ATTRIBUTE', "memberof");
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement