[6779] | 1 | /**************************************************************************\ |
---|
| 2 | * eGroupWare - LDAP usage * |
---|
| 3 | * http://www.egroupware.org * |
---|
| 4 | * -------------------------------------------- * |
---|
| 5 | * This program is free software; you can redistribute it and/or modify it * |
---|
| 6 | * under the terms of the GNU General Public License as published by the * |
---|
| 7 | * Free Software Foundation; either version 2 of the License, or (at your * |
---|
| 8 | * option) any later version. * |
---|
| 9 | \**************************************************************************/ |
---|
| 10 | |
---|
| 11 | /* $Id: README.ldap,v 1.2 2004/01/31 14:23:40 milosch Exp $ */ |
---|
| 12 | |
---|
| 13 | To use LDAP authentication and/or accounts for egroupware, perform the following |
---|
| 14 | in setup: |
---|
| 15 | |
---|
| 16 | 1. If you want to store the account information in SQL: |
---|
| 17 | a. Configure eGroupWare to use LDAP authentication and SQL accounts (Step 2) |
---|
| 18 | b. Configure a valid LDAP host, LDAP accounts context, and LDAP groups context, |
---|
| 19 | LDAP rootdn, and LDAP root password. The rootdn/rootpw can match what is setup |
---|
| 20 | as the rootdn/rootpw in, e.g., slapd.conf. Or it could be a user who is granted |
---|
| 21 | LDAP acl rights to READ data from any entry in the accounts and groups contexts. By |
---|
| 22 | context, we mean the ou in which this information is stored, e.g. ou=People,dc=domain,dc=com |
---|
| 23 | and ou=Group,dc=domain,dc=com. |
---|
| 24 | c. Be sure to also configure a valid LDAP encryption type. This will depend on your system. |
---|
| 25 | d. follow the link: |
---|
| 26 | 'Import accounts from LDAP to the eGroupWare accounts table (for a new install using SQL accounts)' |
---|
| 27 | |
---|
| 28 | This is on the page after submitting the configuration in step 2. This runs |
---|
| 29 | setup/ldapimport.php, which lets you select which accounts and groups you |
---|
| 30 | wish to copy from ldap into sql. You can then authenticate using LDAP, and |
---|
| 31 | the account usernames and other data will be copied to our SQL accounts table. |
---|
| 32 | |
---|
| 33 | 2. If you want to store account information in an existing LDAP tree: |
---|
| 34 | a. Install the LDAP schema per directions in phpgwapi/doc/ldap/README. |
---|
| 35 | b. Configure eGroupWare to use LDAP auth and LDAP accounts (Step 2) |
---|
| 36 | c. Configure a valid LDAP host, LDAP accounts context, and LDAP groups context, |
---|
| 37 | LDAP rootdn, and LDAP root password. The rootdn/rootpw can match what is setup |
---|
| 38 | as the rootdn/rootpw in, e.g., slapd.conf. Or it could be a user who is granted |
---|
| 39 | LDAP acl rights to WRITE data to any entry in the accounts and groups contexts. By |
---|
| 40 | context, we mean the ou in which this information is stored, e.g. ou=People,dc=domain,dc=com |
---|
| 41 | and ou=Group,dc=domain,dc=com. |
---|
| 42 | d. Be sure to also configure a valid LDAP encryption type. This will depend on your system. |
---|
| 43 | e. follow the link in setup: |
---|
| 44 | 'Modify an existing LDAP account store for use with eGroupWare (for a new install using LDAP accounts)' |
---|
| 45 | |
---|
| 46 | This is on the page after submitting the configuration in step 2. This runs |
---|
| 47 | setup/ldapmodify.php, which lets you select which accounts and groups you |
---|
| 48 | wish to modify in LDAP for use with eGroupWare. It will add the necessary objectclass |
---|
| 49 | and attributes to existing LDAP entries. |
---|
| 50 | |
---|
| 51 | 3. If you want to store account information in a new LDAP tree only for eGroupWare: |
---|
| 52 | a. Install the LDAP schema per directions in phpgwapi/doc/ldap/README. |
---|
| 53 | b. Configure eGroupWare to use LDAP auth and LDAP accounts (Step 2) |
---|
| 54 | c. Configure a valid LDAP host, LDAP accounts context, and LDAP groups context, |
---|
| 55 | LDAP rootdn, and LDAP root password. The rootdn/rootpw can match what is setup |
---|
| 56 | as the rootdn/rootpw in, e.g., slapd.conf. Or it could be a user who is granted |
---|
| 57 | LDAP acl rights to WRITE data to any entry in the accounts and groups contexts. By |
---|
| 58 | context, we mean the ou in which this information is stored, e.g. ou=People,dc=domain,dc=com |
---|
| 59 | and ou=Group,dc=domain,dc=com. |
---|
| 60 | d. Be sure to also configure a valid LDAP encryption type. This will depend on your system. |
---|
| 61 | e. follow the link in setup: 'Setup demo accounts in LDAP' |
---|
| 62 | |
---|
| 63 | This is on the page after submitting the configuration in step 2. This runs |
---|
| 64 | setup/setup_demo.php, which creates an admin account you specify, and optionally |
---|
| 65 | the demo, demo2, and demo3 user accounts. The admin account password is configurable |
---|
| 66 | here, and the demo accounts will have their passwords set to 'guest' |
---|
| 67 | |
---|
| 68 | NOTES: |
---|
| 69 | 1. Copying data from LDAP to SQL currently does not transfer the userPassword attr. |
---|
| 70 | You would need to create those values manually in SQL if you want to migrate from |
---|
| 71 | LDAP to SQL auth. However, using LDAP and auth and SQL accounts, this is not a concern. |
---|