diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/index.markdown | 1 | ||||
-rw-r--r-- | doc/ldap-configuration-examples.markdown | 221 |
2 files changed, 222 insertions, 0 deletions
diff --git a/doc/index.markdown b/doc/index.markdown index 1294de78..5fc576d8 100644 --- a/doc/index.markdown +++ b/doc/index.markdown @@ -123,6 +123,7 @@ Technical details - [LDAP group synchronization](ldap-group-sync.markdown) - [LDAP profile picture](ldap-profile-picture.markdown) - [LDAP parameters](ldap-parameters.markdown) +- [LDAP configuration examples](ldap-configuration-examples.markdown) - [Reverse proxy authentication](reverse-proxy-authentication.markdown) ### Contributors diff --git a/doc/ldap-configuration-examples.markdown b/doc/ldap-configuration-examples.markdown new file mode 100644 index 00000000..a8ad2b61 --- /dev/null +++ b/doc/ldap-configuration-examples.markdown @@ -0,0 +1,221 @@ +LDAP Configuration Examples +=========================== + +Microsoft Active Directory +-------------------------- + +- User authentication +- Download the user profile picture from Active Directory +- Set user language from LDAP attribute +- Kanboard roles are mapped to Active Directory groups +- LDAP group providers is enabled + +```php +define('LDAP_AUTH', true); + +define('LDAP_SERVER', 'my-ldap-server'); +define('LDAP_PORT', 389); + +define('LDAP_BIND_TYPE', 'proxy'); +define('LDAP_USERNAME', 'administrator@kanboard.local'); +define('LDAP_PASSWORD', 'secret'); + +define('LDAP_USER_BASE_DN', 'CN=Users,DC=kanboard,DC=local'); +define('LDAP_USER_FILTER', '(&(objectClass=user)(sAMAccountName=%s))'); + +define('LDAP_USER_ATTRIBUTE_USERNAME', 'samaccountname'); +define('LDAP_USER_ATTRIBUTE_FULLNAME', 'displayname'); +define('LDAP_USER_ATTRIBUTE_PHOTO', 'jpegPhoto'); +define('LDAP_USER_ATTRIBUTE_LANGUAGE', 'preferredLanguage'); + +define('LDAP_GROUP_ADMIN_DN', 'CN=Kanboard Admins,CN=Users,DC=kanboard,DC=local'); +define('LDAP_GROUP_MANAGER_DN', 'CN=Kanboard Managers,CN=Users,DC=kanboard,DC=local'); + +define('LDAP_GROUP_PROVIDER', true); +define('LDAP_GROUP_BASE_DN', 'CN=Users,DC=kanboard,DC=local'); +define('LDAP_GROUP_FILTER', '(&(objectClass=group)(sAMAccountName=%s*))'); +define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn'); +``` + +OpenLDAP with memberOf overlay +------------------------------ + +User LDIF example: + +``` +dn: uid=manager,ou=Users,dc=kanboard,dc=local +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +uid: manager +sn: Lastname +givenName: Firstname +cn: Kanboard Manager +displayName: Kanboard Manager +mail: manager@kanboard.local +userPassword: password +memberOf: cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local +``` + +Group LDIF example: + +``` +dn: cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local +objectClass: top +objectClass: groupOfNames +cn: Kanboard Managers +member: uid=manager,ou=Users,dc=kanboard,dc=local +``` + +Kanboard Configuration: + +- User authentication +- Kanboard roles are mapped to LDAP groups +- LDAP group providers is enabled + +```php +define('LDAP_AUTH', true); + +define('LDAP_SERVER', 'my-ldap-server'); +define('LDAP_PORT', 389); + +define('LDAP_BIND_TYPE', 'proxy'); +define('LDAP_USERNAME', 'cn=admin,DC=kanboard,DC=local'); +define('LDAP_PASSWORD', 'password'); + +define('LDAP_USER_BASE_DN', 'OU=Users,DC=kanboard,DC=local'); +define('LDAP_USER_FILTER', 'uid=%s'); + +define('LDAP_GROUP_ADMIN_DN', 'cn=Kanboard Admins,ou=Groups,dc=kanboard,dc=local'); +define('LDAP_GROUP_MANAGER_DN', 'cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local'); + +define('LDAP_GROUP_PROVIDER', true); +define('LDAP_GROUP_BASE_DN', 'ou=Groups,dc=kanboard,dc=local'); +define('LDAP_GROUP_FILTER', '(&(objectClass=groupOfNames)(cn=%s*))'); +define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn'); +``` + +OpenLDAP with Posix groups (memberUid) +-------------------------------------- + +User LDIF example: + +``` +dn: uid=manager,ou=Users,dc=kanboard,dc=local +objectClass: inetOrgPerson +objectClass: posixAccount +objectClass: shadowAccount +uid: manager +sn: Lastname +givenName: Firstname +cn: Kanboard Manager +displayName: Kanboard Manager +uidNumber: 10001 +gidNumber: 8000 +userPassword: password +homeDirectory: /home/manager +mail: manager@kanboard.local +``` + +Group LDIF example: + +``` +dn: cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local +objectClass: posixGroup +cn: Kanboard Managers +gidNumber: 5001 +memberUid: manager +``` + +Kanboard Configuration: + +- User authentication +- Kanboard roles are mapped to LDAP groups +- LDAP group providers is enabled + +```php +define('LDAP_AUTH', true); + +define('LDAP_SERVER', 'my-ldap-server'); +define('LDAP_PORT', 389); + +define('LDAP_BIND_TYPE', 'proxy'); +define('LDAP_USERNAME', 'cn=admin,DC=kanboard,DC=local'); +define('LDAP_PASSWORD', 'password'); + +define('LDAP_USER_BASE_DN', 'OU=Users,DC=kanboard,DC=local'); +define('LDAP_USER_FILTER', 'uid=%s'); + +define('LDAP_GROUP_ADMIN_DN', 'cn=Kanboard Admins,ou=Groups,dc=kanboard,dc=local'); +define('LDAP_GROUP_MANAGER_DN', 'cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local'); + +// This filter is used to find the groups of our user +define('LDAP_GROUP_USER_FILTER', '(&(objectClass=posixGroup)(memberUid=%s))'); + +define('LDAP_GROUP_PROVIDER', true); +define('LDAP_GROUP_BASE_DN', 'ou=Groups,dc=kanboard,dc=local'); +define('LDAP_GROUP_FILTER', '(&(objectClass=posixGroup)(cn=%s*))'); +define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn'); +``` + +OpenLDAP with groupOfNames +-------------------------- + +User LDIF example: + +``` +dn: uid=manager,ou=Users,dc=kanboard,dc=local +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +uid: manager +sn: Lastname +givenName: Firstname +cn: Kanboard Manager +displayName: Kanboard Manager +mail: manager@kanboard.local +userPassword: password +``` + +Group LDIF example: + +``` +dn: cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local +objectClass: top +objectClass: groupOfNames +cn: Kanboard Managers +member: uid=manager,ou=Users,dc=kanboard,dc=local +``` + +Kanboard Configuration: + +- User authentication +- Kanboard roles are mapped to LDAP groups +- LDAP group providers is enabled + +```php +define('LDAP_AUTH', true); + +define('LDAP_SERVER', 'my-ldap-server'); +define('LDAP_PORT', 389); + +define('LDAP_BIND_TYPE', 'proxy'); +define('LDAP_USERNAME', 'cn=admin,DC=kanboard,DC=local'); +define('LDAP_PASSWORD', 'password'); + +define('LDAP_USER_BASE_DN', 'OU=Users,DC=kanboard,DC=local'); +define('LDAP_USER_FILTER', 'uid=%s'); + +define('LDAP_GROUP_ADMIN_DN', 'cn=Kanboard Admins,ou=Groups,dc=kanboard,dc=local'); +define('LDAP_GROUP_MANAGER_DN', 'cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local'); + +// This filter is used to find the groups of our user +define('LDAP_GROUP_USER_FILTER', '(&(objectClass=groupOfNames)(member=uid=%s,ou=Users,dc=kanboard,dc=local))'); + +define('LDAP_GROUP_PROVIDER', true); +define('LDAP_GROUP_BASE_DN', 'ou=Groups,dc=kanboard,dc=local'); +define('LDAP_GROUP_FILTER', '(&(objectClass=groupOfNames)(cn=%s*))'); +define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn'); +``` |