Added LDAP configuration examples

author: Frederic Guillot <fred@kanboard.net> 2016-05-08 10:48:37 -0400
committer: Frederic Guillot <fred@kanboard.net> 2016-05-08 10:48:37 -0400
commit: f8cff344a268ab0f408eb361e7db45214b708aa1 (patch)
tree: 752446b178601c22046bfcc563610c59e1cba6a1 /doc
parent: 03179a1269cd27aad99becceab6b0aacc30e0f2a (diff)
2 files changed, 222 insertions, 0 deletions
diff --git a/doc/index.markdown b/doc/index.markdown
index 1294de78..5fc576d8 100644
--- a/doc/index.markdown
+++ b/doc/index.markdown
@@ -123,6 +123,7 @@ Technical details
 - [LDAP group synchronization](ldap-group-sync.markdown)
 - [LDAP profile picture](ldap-profile-picture.markdown)
 - [LDAP parameters](ldap-parameters.markdown)
+- [LDAP configuration examples](ldap-configuration-examples.markdown)
 - [Reverse proxy authentication](reverse-proxy-authentication.markdown)
 
 ### Contributors
diff --git a/doc/ldap-configuration-examples.markdown b/doc/ldap-configuration-examples.markdown
new file mode 100644
index 00000000..a8ad2b61
--- /dev/null
+++ b/doc/ldap-configuration-examples.markdown
@@ -0,0 +1,221 @@
+LDAP Configuration Examples
+===========================
+
+Microsoft Active Directory
+--------------------------
+
+- User authentication
+- Download the user profile picture from Active Directory
+- Set user language from LDAP attribute
+- Kanboard roles are mapped to Active Directory groups
+- LDAP group providers is enabled
+
+```php
+define('LDAP_AUTH', true);
+
+define('LDAP_SERVER', 'my-ldap-server');
+define('LDAP_PORT', 389);
+
+define('LDAP_BIND_TYPE', 'proxy');
+define('LDAP_USERNAME', 'administrator@kanboard.local');
+define('LDAP_PASSWORD', 'secret');
+
+define('LDAP_USER_BASE_DN', 'CN=Users,DC=kanboard,DC=local');
+define('LDAP_USER_FILTER', '(&(objectClass=user)(sAMAccountName=%s))');
+
+define('LDAP_USER_ATTRIBUTE_USERNAME', 'samaccountname');
+define('LDAP_USER_ATTRIBUTE_FULLNAME', 'displayname');
+define('LDAP_USER_ATTRIBUTE_PHOTO', 'jpegPhoto');
+define('LDAP_USER_ATTRIBUTE_LANGUAGE', 'preferredLanguage');
+
+define('LDAP_GROUP_ADMIN_DN', 'CN=Kanboard Admins,CN=Users,DC=kanboard,DC=local');
+define('LDAP_GROUP_MANAGER_DN', 'CN=Kanboard Managers,CN=Users,DC=kanboard,DC=local');
+
+define('LDAP_GROUP_PROVIDER', true);
+define('LDAP_GROUP_BASE_DN', 'CN=Users,DC=kanboard,DC=local');
+define('LDAP_GROUP_FILTER', '(&(objectClass=group)(sAMAccountName=%s*))');
+define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');
+```
+
+OpenLDAP with memberOf overlay
+------------------------------
+
+User LDIF example:
+
+```
+dn: uid=manager,ou=Users,dc=kanboard,dc=local
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+uid: manager
+sn: Lastname
+givenName: Firstname
+cn: Kanboard Manager
+displayName: Kanboard Manager
+mail: manager@kanboard.local
+userPassword: password
+memberOf: cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local
+```
+
+Group LDIF example:
+
+```
+dn: cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local
+objectClass: top
+objectClass: groupOfNames
+cn: Kanboard Managers
+member: uid=manager,ou=Users,dc=kanboard,dc=local
+```
+
+Kanboard Configuration:
+
+- User authentication
+- Kanboard roles are mapped to LDAP groups
+- LDAP group providers is enabled
+
+```php
+define('LDAP_AUTH', true);
+
+define('LDAP_SERVER', 'my-ldap-server');
+define('LDAP_PORT', 389);
+
+define('LDAP_BIND_TYPE', 'proxy');
+define('LDAP_USERNAME', 'cn=admin,DC=kanboard,DC=local');
+define('LDAP_PASSWORD', 'password');
+
+define('LDAP_USER_BASE_DN', 'OU=Users,DC=kanboard,DC=local');
+define('LDAP_USER_FILTER', 'uid=%s');
+
+define('LDAP_GROUP_ADMIN_DN', 'cn=Kanboard Admins,ou=Groups,dc=kanboard,dc=local');
+define('LDAP_GROUP_MANAGER_DN', 'cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local');
+
+define('LDAP_GROUP_PROVIDER', true);
+define('LDAP_GROUP_BASE_DN', 'ou=Groups,dc=kanboard,dc=local');
+define('LDAP_GROUP_FILTER', '(&(objectClass=groupOfNames)(cn=%s*))');
+define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');
+```
+
+OpenLDAP with Posix groups (memberUid)
+--------------------------------------
+
+User LDIF example:
+
+```
+dn: uid=manager,ou=Users,dc=kanboard,dc=local
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+uid: manager
+sn: Lastname
+givenName: Firstname
+cn: Kanboard Manager
+displayName: Kanboard Manager
+uidNumber: 10001
+gidNumber: 8000
+userPassword: password
+homeDirectory: /home/manager
+mail: manager@kanboard.local
+```
+
+Group LDIF example:
+
+```
+dn: cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local
+objectClass: posixGroup
+cn: Kanboard Managers
+gidNumber: 5001
+memberUid: manager
+```
+
+Kanboard Configuration:
+
+- User authentication
+- Kanboard roles are mapped to LDAP groups
+- LDAP group providers is enabled
+
+```php
+define('LDAP_AUTH', true);
+
+define('LDAP_SERVER', 'my-ldap-server');
+define('LDAP_PORT', 389);
+
+define('LDAP_BIND_TYPE', 'proxy');
+define('LDAP_USERNAME', 'cn=admin,DC=kanboard,DC=local');
+define('LDAP_PASSWORD', 'password');
+
+define('LDAP_USER_BASE_DN', 'OU=Users,DC=kanboard,DC=local');
+define('LDAP_USER_FILTER', 'uid=%s');
+
+define('LDAP_GROUP_ADMIN_DN', 'cn=Kanboard Admins,ou=Groups,dc=kanboard,dc=local');
+define('LDAP_GROUP_MANAGER_DN', 'cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local');
+
+// This filter is used to find the groups of our user
+define('LDAP_GROUP_USER_FILTER', '(&(objectClass=posixGroup)(memberUid=%s))');
+
+define('LDAP_GROUP_PROVIDER', true);
+define('LDAP_GROUP_BASE_DN', 'ou=Groups,dc=kanboard,dc=local');
+define('LDAP_GROUP_FILTER', '(&(objectClass=posixGroup)(cn=%s*))');
+define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');
+```
+
+OpenLDAP with groupOfNames
+--------------------------
+
+User LDIF example:
+
+```
+dn: uid=manager,ou=Users,dc=kanboard,dc=local
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+uid: manager
+sn: Lastname
+givenName: Firstname
+cn: Kanboard Manager
+displayName: Kanboard Manager
+mail: manager@kanboard.local
+userPassword: password
+```
+
+Group LDIF example:
+
+```
+dn: cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local
+objectClass: top
+objectClass: groupOfNames
+cn: Kanboard Managers
+member: uid=manager,ou=Users,dc=kanboard,dc=local
+```
+
+Kanboard Configuration:
+
+- User authentication
+- Kanboard roles are mapped to LDAP groups
+- LDAP group providers is enabled
+
+```php
+define('LDAP_AUTH', true);
+
+define('LDAP_SERVER', 'my-ldap-server');
+define('LDAP_PORT', 389);
+
+define('LDAP_BIND_TYPE', 'proxy');
+define('LDAP_USERNAME', 'cn=admin,DC=kanboard,DC=local');
+define('LDAP_PASSWORD', 'password');
+
+define('LDAP_USER_BASE_DN', 'OU=Users,DC=kanboard,DC=local');
+define('LDAP_USER_FILTER', 'uid=%s');
+
+define('LDAP_GROUP_ADMIN_DN', 'cn=Kanboard Admins,ou=Groups,dc=kanboard,dc=local');
+define('LDAP_GROUP_MANAGER_DN', 'cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local');
+
+// This filter is used to find the groups of our user
+define('LDAP_GROUP_USER_FILTER', '(&(objectClass=groupOfNames)(member=uid=%s,ou=Users,dc=kanboard,dc=local))');
+
+define('LDAP_GROUP_PROVIDER', true);
+define('LDAP_GROUP_BASE_DN', 'ou=Groups,dc=kanboard,dc=local');
+define('LDAP_GROUP_FILTER', '(&(objectClass=groupOfNames)(cn=%s*))');
+define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');
+```
author	Frederic Guillot <fred@kanboard.net>	2016-05-08 10:48:37 -0400
committer	Frederic Guillot <fred@kanboard.net>	2016-05-08 10:48:37 -0400
commit	f8cff344a268ab0f408eb361e7db45214b708aa1 (patch)
tree	752446b178601c22046bfcc563610c59e1cba6a1 /doc
parent	03179a1269cd27aad99becceab6b0aacc30e0f2a (diff)