LDAP authentication - gd-99/symbiogd GitHub Wiki
LDAP is available in Symbiose as an authentication provider.
Installation
You'll have to install the LDAP library for PHP (php5-ldap
for Debian/Ubuntu, https://www.archlinux.org/packages/extra/x86_64/php-ldap/ for Arch).
Then, uncomment this line in your php.ini
:
extension=ldap.so
Configuration
It's quite easy to setup LDAP authentication in Symbiose.
Before setting up LDAP
It is recommended to login with an admin account before setting up LDAP in order to grant admin privileges to your LDAP account with this opened session. In fact, LDAP users logging in in the webos don't have any permission by default.
Setup LDAP
Edit the file /etc/daos.json
and add/edit the ldap
entry :
{
"ldap": {
"callback": [
"\\lib\\dao\\LDAPFactory",
"getConnexion"
],
"config": {
"host":"localhost",
"port":389,
"baseDn":"dc=example,dc=org",
"bindRdn":"cn=Manager,dc=example,dc=org",
"bindPassword":"secret"
}
}
}
Change host
and port
to your server settings. You can also specify an URI in host
(port
will be ignored). If you do that, you can specify multiple LDAP servers by separating them with a space. In that case, if the first server is not available, the webos will use the second.
You also have to set baseDn
to your base DN, bindRdn
to a manager's RDN, bindPassword
to his password.
Set LDAP as default authentication mode
Edit the file /etc/managers.json
and add this attribute.
{
"user":"ldap"
}
Don't try to login for the moment, otherwise the active session will be overwritten.
Granting permissions to your LDAP account
You can now grant admin privileges to your LDAP account with your opened session (with the System settings app). If you forgot that, don't worry, just remove the line you've added in /etc/managers.json
, login as admin and re-add the line.
You should be able now to login in Symbiose using your LDAP server.