-
Notifications
You must be signed in to change notification settings - Fork 64
LDAP authentication
LDAP is available in Symbiose as an authentication provider.
You'll have to install the LDAP library for PHP (php5-ldap for Debian/Ubuntu, https://www.archlinux.org/packages/extra/x86_64/php-ldap/ for Arch).
Then, uncomment this line in your php.ini:
extension=ldap.so
It's quite easy to setup LDAP authentication in Symbiose.
It is recommended to login with an admin account before setting up LDAP in order to grant admin privileges to your LDAP account with this opened session. In fact, LDAP users logging in in the webos don't have any permission by default.
Edit the file /etc/daos.json and add/edit the ldap entry :
{
"ldap": {
"callback": [
"\\lib\\dao\\LDAPFactory",
"getConnexion"
],
"config": {
"host":"localhost",
"port":389,
"baseDn":"dc=example,dc=org",
"bindRdn":"cn=Manager,dc=example,dc=org",
"bindPassword":"secret"
}
}
}Change host and port to your server settings. You can also specify an URI in host (port will be ignored). If you do that, you can specify multiple LDAP servers by separating them with a space. In that case, if the first server is not available, the webos will use the second.
You also have to set baseDn to your base DN, bindRdn to a manager's RDN, bindPassword to his password.
Edit the file /etc/managers.json and add this attribute.
{
"user":"ldap"
}Don't try to login for the moment, otherwise the active session will be overwritten.
You can now grant admin privileges to your LDAP account with your opened session (with the System settings app). If you forgot that, don't worry, just remove the line you've added in /etc/managers.json, login as admin and re-add the line.
You should be able now to login in Symbiose using your LDAP server.