From 41c334bf2986c890f3d6032002d83e37f0f79df8 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sun, 6 Sep 2015 18:07:30 -0400
Subject: Add LDAP group sync

---
 doc/ldap-group-sync.markdown | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 doc/ldap-group-sync.markdown

(limited to 'doc/ldap-group-sync.markdown')

diff --git a/doc/ldap-group-sync.markdown b/doc/ldap-group-sync.markdown
new file mode 100644
index 00000000..355a1cde
--- /dev/null
+++ b/doc/ldap-group-sync.markdown
@@ -0,0 +1,36 @@
+LDAP Group Synchronization
+==========================
+
+Requirements
+------------
+
+- Have LDAP authentication properly configured
+- Use a LDAP server that supports `memberOf`
+
+Automatically define Kanboard groups based on LDAP groups
+---------------------------------------------------------
+
+In your config file, define the constants `LDAP_GROUP_ADMIN_DN` and `LDAP_GROUP_PROJECT_ADMIN_DN`. Here an example, replace the values according to your own LDAP configuration:
+
+```php
+define('LDAP_GROUP_ADMIN_DN', 'CN=Kanboard Admins,CN=Users,DC=kanboard,DC=local');
+define('LDAP_GROUP_PROJECT_ADMIN_DN', 'CN=Kanboard Project Admins,CN=Users,DC=kanboard,DC=local');
+```
+
+- People member of "Kanboard Admins" will be "Kanboard Administrators"
+- People member of "Kanboard Project Admins" will be "Kanboard Project Administrators"
+- Everybody else will be Kanboard Standard Users
+
+Note: At the moment, that works only at account creation.
+
+Filter Kanboard access based on the LDAP group
+----------------------------------------------
+
+To allow only some users to use Kanboard, use the existing `LDAP_USER_PATTERN` constant:
+
+```php
+define('LDAP_USER_PATTERN', '(&(objectClass=user)(sAMAccountName=%s)(memberOf=CN=Kanboard Users,CN=Users,DC=kanboard,DC=local))');
+```
+
+This example allow only people member of the group "Kanboard Users" to connect to Kanboard.
+
-- 
cgit v1.2.3