LDAP User backend
Presentation
LDAP is the default (and historical) user backend. It will search the user in the directory (if not already done by LDAP authentication backend) and get all configured exported attributes. It will also search groups if this option is selected (not active by default).Configuration
Set the user backend:userDB => LDAP,
If no user backend is configured, LDAP is choosen by default.
Parameters are the same as LDAP authentication backend.
Password policy has no effect here.
Groups
LemonLDAP::NG can browse the directory and find the groups containing the authenticated user as a member.
Parameters are:
- ldapGroupBase: DN of groups branch (can be the suffix)
- ldapGroupObjectClass: objectClass of the groups
- ldapGroupAttributeName: name of the attribute in the groups storing the link to the user
- ldapGroupAttributeNameUser: name of the attribute in users entries used in the link
- ldapGroupAttributeNameSearch: name(s) of the attribute storing the name of the group (this should be a list reference)
- ldapGroupRecursive: activate recursive group functionality
- ldapGroupAttributeNameGroup: name of the attribute in groups entries used in the link
ldapGroupBase => 'ou=groups,dc=example,dc=com', ldapGroupObjectClass => 'groupOfUniqueNames', ldapGroupAttributeName => 'uniqueMember', ldapGroupAttributeNameUser => 'dn', ldapGroupAttributeNameGroup => 'dn', ldapGroupAttributeNameSearch => ['cn'], ldapGroupRecursive => 1,
Active Directory
As for LDAP authentication, just modify LDAPfitler:LDAPFilter => '(&(sAMAccountName=$user)(objectClass=user))',
And for groups:
ldapGroupBase => 'ou=groups,dc=example,dc=com', ldapGroupObjectClass => 'group', ldapGroupAttributeName => 'member', ldapGroupAttributeNameUser => 'dn', ldapGroupAttributeNameGroup => 'dn', ldapGroupAttributeNameSearch => ['cn'], ldapGroupRecursive => 1,