LDAP parameters
Server address
Use an LDAP URI to configure the location of your LDAP server in $ldap_url
:
$ldap_url = "ldap://localhost:389";
You can set several URI, so that next server will be tried if the previous is down:
$ldap_url = "ldap://server1 ldap://server2";
To use SSL, set ldaps in the URI:
$ldap_url = "ldaps://localhost";
To use StartTLS, set true
in $ldap_starttls
:
$ldap_starttls = true;
Tip
LDAP certificate management in PHP relies on LDAP system libraries. Under Linux, you can configure /etc/ldap.conf
(or /etc/ldap/ldap.conf
on Debian/Ubuntu, or C:\OpenLDAP\sysconf\ldap.conf
for Windows). Provide the certificate from the certificate authority that issued your LDAP server’s certificate.
Credentials
Configure DN and password in $ldap_bindn
and $ldap_bindpw
:
$ldap_binddn = "cn=manager,dc=example,dc=com";
$ldap_bindpw = "secret";
Tip
You can leave these parameters empty to bind anonymously.
LDAP Base
You can set global base in $ldap_base
:
$ldap_base = "dc=example,dc=com";
User search parameters
You can set base of the search in $ldap_user_base
:
$ldap_user_base = "ou=users,".$ldap_base;
The filter can be set in $ldap_user_filter
:
$ldap_user_filter = "(objectClass=inetOrgPerson)";
When an entry is displayed, to help the software to determine if this is a user, you can configure a regular expression:
$ldap_user_regex = "/,ou=users,/i";
Tip
If you don’t set this value, the software will use the LDAP filters: if the entry can be found with the user filter, it is a user object, if it can be found with the group filter, it is a group.
Group search parameters
You can set the base of the search in $ldap_group_base
:
$ldap_group_base = "ou=groups,".$ldap_base;
The filter can be set in $ldap_group_filter
:
$ldap_group_filter = "(|(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))";
Size limit
It is advised to set a search limit on client side if no limit is set by the server:
$ldap_size_limit = 100;
Note
This limit will also restrict the number of entries shown in the gallery menu.