summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/index.markdown1
-rw-r--r--doc/ldap-configuration-examples.markdown221
2 files changed, 222 insertions, 0 deletions
diff --git a/doc/index.markdown b/doc/index.markdown
index 1294de78..5fc576d8 100644
--- a/doc/index.markdown
+++ b/doc/index.markdown
@@ -123,6 +123,7 @@ Technical details
- [LDAP group synchronization](ldap-group-sync.markdown)
- [LDAP profile picture](ldap-profile-picture.markdown)
- [LDAP parameters](ldap-parameters.markdown)
+- [LDAP configuration examples](ldap-configuration-examples.markdown)
- [Reverse proxy authentication](reverse-proxy-authentication.markdown)
### Contributors
diff --git a/doc/ldap-configuration-examples.markdown b/doc/ldap-configuration-examples.markdown
new file mode 100644
index 00000000..a8ad2b61
--- /dev/null
+++ b/doc/ldap-configuration-examples.markdown
@@ -0,0 +1,221 @@
+LDAP Configuration Examples
+===========================
+
+Microsoft Active Directory
+--------------------------
+
+- User authentication
+- Download the user profile picture from Active Directory
+- Set user language from LDAP attribute
+- Kanboard roles are mapped to Active Directory groups
+- LDAP group providers is enabled
+
+```php
+define('LDAP_AUTH', true);
+
+define('LDAP_SERVER', 'my-ldap-server');
+define('LDAP_PORT', 389);
+
+define('LDAP_BIND_TYPE', 'proxy');
+define('LDAP_USERNAME', 'administrator@kanboard.local');
+define('LDAP_PASSWORD', 'secret');
+
+define('LDAP_USER_BASE_DN', 'CN=Users,DC=kanboard,DC=local');
+define('LDAP_USER_FILTER', '(&(objectClass=user)(sAMAccountName=%s))');
+
+define('LDAP_USER_ATTRIBUTE_USERNAME', 'samaccountname');
+define('LDAP_USER_ATTRIBUTE_FULLNAME', 'displayname');
+define('LDAP_USER_ATTRIBUTE_PHOTO', 'jpegPhoto');
+define('LDAP_USER_ATTRIBUTE_LANGUAGE', 'preferredLanguage');
+
+define('LDAP_GROUP_ADMIN_DN', 'CN=Kanboard Admins,CN=Users,DC=kanboard,DC=local');
+define('LDAP_GROUP_MANAGER_DN', 'CN=Kanboard Managers,CN=Users,DC=kanboard,DC=local');
+
+define('LDAP_GROUP_PROVIDER', true);
+define('LDAP_GROUP_BASE_DN', 'CN=Users,DC=kanboard,DC=local');
+define('LDAP_GROUP_FILTER', '(&(objectClass=group)(sAMAccountName=%s*))');
+define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');
+```
+
+OpenLDAP with memberOf overlay
+------------------------------
+
+User LDIF example:
+
+```
+dn: uid=manager,ou=Users,dc=kanboard,dc=local
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+uid: manager
+sn: Lastname
+givenName: Firstname
+cn: Kanboard Manager
+displayName: Kanboard Manager
+mail: manager@kanboard.local
+userPassword: password
+memberOf: cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local
+```
+
+Group LDIF example:
+
+```
+dn: cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local
+objectClass: top
+objectClass: groupOfNames
+cn: Kanboard Managers
+member: uid=manager,ou=Users,dc=kanboard,dc=local
+```
+
+Kanboard Configuration:
+
+- User authentication
+- Kanboard roles are mapped to LDAP groups
+- LDAP group providers is enabled
+
+```php
+define('LDAP_AUTH', true);
+
+define('LDAP_SERVER', 'my-ldap-server');
+define('LDAP_PORT', 389);
+
+define('LDAP_BIND_TYPE', 'proxy');
+define('LDAP_USERNAME', 'cn=admin,DC=kanboard,DC=local');
+define('LDAP_PASSWORD', 'password');
+
+define('LDAP_USER_BASE_DN', 'OU=Users,DC=kanboard,DC=local');
+define('LDAP_USER_FILTER', 'uid=%s');
+
+define('LDAP_GROUP_ADMIN_DN', 'cn=Kanboard Admins,ou=Groups,dc=kanboard,dc=local');
+define('LDAP_GROUP_MANAGER_DN', 'cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local');
+
+define('LDAP_GROUP_PROVIDER', true);
+define('LDAP_GROUP_BASE_DN', 'ou=Groups,dc=kanboard,dc=local');
+define('LDAP_GROUP_FILTER', '(&(objectClass=groupOfNames)(cn=%s*))');
+define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');
+```
+
+OpenLDAP with Posix groups (memberUid)
+--------------------------------------
+
+User LDIF example:
+
+```
+dn: uid=manager,ou=Users,dc=kanboard,dc=local
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+uid: manager
+sn: Lastname
+givenName: Firstname
+cn: Kanboard Manager
+displayName: Kanboard Manager
+uidNumber: 10001
+gidNumber: 8000
+userPassword: password
+homeDirectory: /home/manager
+mail: manager@kanboard.local
+```
+
+Group LDIF example:
+
+```
+dn: cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local
+objectClass: posixGroup
+cn: Kanboard Managers
+gidNumber: 5001
+memberUid: manager
+```
+
+Kanboard Configuration:
+
+- User authentication
+- Kanboard roles are mapped to LDAP groups
+- LDAP group providers is enabled
+
+```php
+define('LDAP_AUTH', true);
+
+define('LDAP_SERVER', 'my-ldap-server');
+define('LDAP_PORT', 389);
+
+define('LDAP_BIND_TYPE', 'proxy');
+define('LDAP_USERNAME', 'cn=admin,DC=kanboard,DC=local');
+define('LDAP_PASSWORD', 'password');
+
+define('LDAP_USER_BASE_DN', 'OU=Users,DC=kanboard,DC=local');
+define('LDAP_USER_FILTER', 'uid=%s');
+
+define('LDAP_GROUP_ADMIN_DN', 'cn=Kanboard Admins,ou=Groups,dc=kanboard,dc=local');
+define('LDAP_GROUP_MANAGER_DN', 'cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local');
+
+// This filter is used to find the groups of our user
+define('LDAP_GROUP_USER_FILTER', '(&(objectClass=posixGroup)(memberUid=%s))');
+
+define('LDAP_GROUP_PROVIDER', true);
+define('LDAP_GROUP_BASE_DN', 'ou=Groups,dc=kanboard,dc=local');
+define('LDAP_GROUP_FILTER', '(&(objectClass=posixGroup)(cn=%s*))');
+define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');
+```
+
+OpenLDAP with groupOfNames
+--------------------------
+
+User LDIF example:
+
+```
+dn: uid=manager,ou=Users,dc=kanboard,dc=local
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+uid: manager
+sn: Lastname
+givenName: Firstname
+cn: Kanboard Manager
+displayName: Kanboard Manager
+mail: manager@kanboard.local
+userPassword: password
+```
+
+Group LDIF example:
+
+```
+dn: cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local
+objectClass: top
+objectClass: groupOfNames
+cn: Kanboard Managers
+member: uid=manager,ou=Users,dc=kanboard,dc=local
+```
+
+Kanboard Configuration:
+
+- User authentication
+- Kanboard roles are mapped to LDAP groups
+- LDAP group providers is enabled
+
+```php
+define('LDAP_AUTH', true);
+
+define('LDAP_SERVER', 'my-ldap-server');
+define('LDAP_PORT', 389);
+
+define('LDAP_BIND_TYPE', 'proxy');
+define('LDAP_USERNAME', 'cn=admin,DC=kanboard,DC=local');
+define('LDAP_PASSWORD', 'password');
+
+define('LDAP_USER_BASE_DN', 'OU=Users,DC=kanboard,DC=local');
+define('LDAP_USER_FILTER', 'uid=%s');
+
+define('LDAP_GROUP_ADMIN_DN', 'cn=Kanboard Admins,ou=Groups,dc=kanboard,dc=local');
+define('LDAP_GROUP_MANAGER_DN', 'cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local');
+
+// This filter is used to find the groups of our user
+define('LDAP_GROUP_USER_FILTER', '(&(objectClass=groupOfNames)(member=uid=%s,ou=Users,dc=kanboard,dc=local))');
+
+define('LDAP_GROUP_PROVIDER', true);
+define('LDAP_GROUP_BASE_DN', 'ou=Groups,dc=kanboard,dc=local');
+define('LDAP_GROUP_FILTER', '(&(objectClass=groupOfNames)(cn=%s*))');
+define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');
+```