1 | /**************************************************************************\ |
---|
2 | * eGroupWare - LDAP usage * |
---|
3 | * http://www.egroupware.org * |
---|
4 | * -------------------------------------------- * |
---|
5 | * This program is free software; you can redistribute it and/or modify it * |
---|
6 | * under the terms of the GNU General Public License as published by the * |
---|
7 | * Free Software Foundation; either version 2 of the License, or (at your * |
---|
8 | * option) any later version. * |
---|
9 | \**************************************************************************/ |
---|
10 | |
---|
11 | /* $Id: README.ldap,v 1.2 2004/01/31 14:23:40 milosch Exp $ */ |
---|
12 | |
---|
13 | To use LDAP authentication and/or accounts for egroupware, perform the following |
---|
14 | in setup: |
---|
15 | |
---|
16 | 1. If you want to store the account information in SQL: |
---|
17 | a. Configure eGroupWare to use LDAP authentication and SQL accounts (Step 2) |
---|
18 | b. Configure a valid LDAP host, LDAP accounts context, and LDAP groups context, |
---|
19 | LDAP rootdn, and LDAP root password. The rootdn/rootpw can match what is setup |
---|
20 | as the rootdn/rootpw in, e.g., slapd.conf. Or it could be a user who is granted |
---|
21 | LDAP acl rights to READ data from any entry in the accounts and groups contexts. By |
---|
22 | context, we mean the ou in which this information is stored, e.g. ou=People,dc=domain,dc=com |
---|
23 | and ou=Group,dc=domain,dc=com. |
---|
24 | c. Be sure to also configure a valid LDAP encryption type. This will depend on your system. |
---|
25 | d. follow the link: |
---|
26 | 'Import accounts from LDAP to the eGroupWare accounts table (for a new install using SQL accounts)' |
---|
27 | |
---|
28 | This is on the page after submitting the configuration in step 2. This runs |
---|
29 | setup/ldapimport.php, which lets you select which accounts and groups you |
---|
30 | wish to copy from ldap into sql. You can then authenticate using LDAP, and |
---|
31 | the account usernames and other data will be copied to our SQL accounts table. |
---|
32 | |
---|
33 | 2. If you want to store account information in an existing LDAP tree: |
---|
34 | a. Install the LDAP schema per directions in phpgwapi/doc/ldap/README. |
---|
35 | b. Configure eGroupWare to use LDAP auth and LDAP accounts (Step 2) |
---|
36 | c. Configure a valid LDAP host, LDAP accounts context, and LDAP groups context, |
---|
37 | LDAP rootdn, and LDAP root password. The rootdn/rootpw can match what is setup |
---|
38 | as the rootdn/rootpw in, e.g., slapd.conf. Or it could be a user who is granted |
---|
39 | LDAP acl rights to WRITE data to any entry in the accounts and groups contexts. By |
---|
40 | context, we mean the ou in which this information is stored, e.g. ou=People,dc=domain,dc=com |
---|
41 | and ou=Group,dc=domain,dc=com. |
---|
42 | d. Be sure to also configure a valid LDAP encryption type. This will depend on your system. |
---|
43 | e. follow the link in setup: |
---|
44 | 'Modify an existing LDAP account store for use with eGroupWare (for a new install using LDAP accounts)' |
---|
45 | |
---|
46 | This is on the page after submitting the configuration in step 2. This runs |
---|
47 | setup/ldapmodify.php, which lets you select which accounts and groups you |
---|
48 | wish to modify in LDAP for use with eGroupWare. It will add the necessary objectclass |
---|
49 | and attributes to existing LDAP entries. |
---|
50 | |
---|
51 | 3. If you want to store account information in a new LDAP tree only for eGroupWare: |
---|
52 | a. Install the LDAP schema per directions in phpgwapi/doc/ldap/README. |
---|
53 | b. Configure eGroupWare to use LDAP auth and LDAP accounts (Step 2) |
---|
54 | c. Configure a valid LDAP host, LDAP accounts context, and LDAP groups context, |
---|
55 | LDAP rootdn, and LDAP root password. The rootdn/rootpw can match what is setup |
---|
56 | as the rootdn/rootpw in, e.g., slapd.conf. Or it could be a user who is granted |
---|
57 | LDAP acl rights to WRITE data to any entry in the accounts and groups contexts. By |
---|
58 | context, we mean the ou in which this information is stored, e.g. ou=People,dc=domain,dc=com |
---|
59 | and ou=Group,dc=domain,dc=com. |
---|
60 | d. Be sure to also configure a valid LDAP encryption type. This will depend on your system. |
---|
61 | e. follow the link in setup: 'Setup demo accounts in LDAP' |
---|
62 | |
---|
63 | This is on the page after submitting the configuration in step 2. This runs |
---|
64 | setup/setup_demo.php, which creates an admin account you specify, and optionally |
---|
65 | the demo, demo2, and demo3 user accounts. The admin account password is configurable |
---|
66 | here, and the demo accounts will have their passwords set to 'guest' |
---|
67 | |
---|
68 | NOTES: |
---|
69 | 1. Copying data from LDAP to SQL currently does not transfer the userPassword attr. |
---|
70 | You would need to create those values manually in SQL if you want to migrate from |
---|
71 | LDAP to SQL auth. However, using LDAP and auth and SQL accounts, this is not a concern. |
---|