1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
| [LDAPSettings]
# Enable tracing the the ldap login, outputs extensive debug info for use during setup
# NOTE: Do not keep this enabled on production setup as login name and passwords will be
# logged to logfiles or outputted if DebugOutput settings are enabled.
LDAPDebugTrace=disabled
# Set LDAP version number
LDAPVersion=3
# Determines whether the LDAP library automatically follows referrals returned by LDAP servers or not.
# set to 1 to enable
LDAPFollowReferrals=0
# Set to true if use LDAP server
LDAPEnabled=true
# LDAP host
LDAPServer=srv01001-dmz1
# Port nr for LDAP, default is 389
LDAPPort=389
# Specifies the base DN for the directory.
LDAPBaseDn=DC--SOLIC,DC--RSX
# If the server does not allow anonymous bind, specify the user name for the bind here.
LDAPBindUser= ******
# If the server does not allow anonymous bind, specify the password for the bind here.
LDAPBindPassword= ******
# Could be sub, one, base.
LDAPSearchScope=sub
# Use the equla sign to replace "=" when specify LDAPBaseDn or LDAPSearchFilters
LDAPEqualSign=--
# Add extra search requirment. Uncomment it if you don't need it.
# Example LDAPSearchFilters[]=objectClass--inetOrgPerson
LDAPSearchFilters[]
# LDAP attribute for login. Normally, uid
LDAPLoginAttribute=userPrincipalName
# Could be id or name
LDAPUserGroupType=id
# Default place to store LDAP users. Could be content object id or group name for LDAP user group,
# depends on LDAPUserGroupType.
LDAPUserGroup[]
# Group mapping settings:
# Root node id where LDAP groups are created, node id: 5 is used if blank
LDAPGroupRootNodeId=5
# Possible values: UseGroupAttribute (old style group assignig using LDAPUserGroupAttribute setting),
# SimpleMapping (using LDAPUserGroupMap array for name-to-name group mapping) or GetGroupsTree
LDAPGroupMappingType=UseGroupAttribute
# Base LDAP dn which should be used to fetch user group objects from LDAP
LDAPGroupBaseDN=
# LDAP user group class
LDAPGroupClass=exampleGroupDAClassName
# Attribute which should be used to obtain name of an LDAP group
# Required then 'LDAPGroupMappingType' is set to 'GetGroupsTree' or 'SimpleMapping'
LDAPGroupNameAttribute=cn
# Attribute of LDAP user which should be used to obtain groups which user(group) belongs to.
# Required then 'LDAPGroupMappingType' is set to 'GetGroupsTree' or 'SimpleMapping'
LDAPGroupMemberAttribute=member
# Attribute which contain description of LDAP group, optional
LDAPGroupDescriptionAttribute=
# Group names map (from LDAP to ezpublish user-groups),
# used then 'LDAPGroupMappingType' is set to 'SimpleMapping'
LDAPUserGroupMap[]
# LDAP attribute type for user group. Could be name or id
LDAPUserGroupAttributeType=name
# LDAP attribute for user group. For example, employeetype. If specified, LDAP users
# will be saved under the same group as in LDAP server.
LDAPUserGroupAttribute=employeetype
# LDAP attribute for First name. Normally, givenname
LDAPFirstNameAttribute=givenname
# If cn (common name) is used for first name, sn (Last name) will be removed from first name
LDAPFirstNameIsCommonName=false
# LDAP attribute for Last name. Normally, sn
LDAPLastNameAttribute=sn
# LDAP attribute for email. Normally, mail
LDAPEmailAttribute=mail
# For use if LDAP does not return mail, creates one using login name + email suffix, like '@ez.no'
LDAPEmailEmptyAttributeSuffix=@solic-group.com
# LDAP encoding is utf-8 or not
Utf8Encoding=false
# if 'enabled' you can move LDAP users to a different group and they will not
# be automatically moved back (to the group they are configured to be placed in)
# when the user logs in again.
KeepGroupAssignment=disabled |
[eZ Publish] Identification AD avec LDAP
Répondre avec citation
Partager