vTiger CRM6+ LDAP身份验证
vTiger CRM6+ LDAP身份验证
提问于 2014-10-19 04:34:01
我利用了过去几天的经验,但我找不到一个真正有用的教程来将LDAP身份验证集成到LinuxCRM6(运行在vTiger CentOS 6.5发行版上)中。
有没有经验丰富的人,或者可能分享一些有用手册的人?
回答 1
Stack Overflow用户
发布于 2014-12-30 19:07:17
将目录设置为crm目标:
/var/www/html/crm/modules/Users/authTypes/
然后,从以下位置下载ldap文件:
http://downloads.sourceforge.net/project/adldap/adLDAP/adLDAP_4.0.4/adLDAP_4.0
只需根据需要打开并自定义设置即可。以下设置与2012R2 Active Directory所需的设置相匹配。
...
class adLDAP {
/**
* Define the different types of account in AD
*/
const ADLDAP_NORMAL_ACCOUNT = 805306368;
const ADLDAP_WORKSTATION_TRUST = 805306369;
const ADLDAP_INTERDOMAIN_TRUST = 805306370;
const ADLDAP_SECURITY_GLOBAL_GROUP = 268435456;
const ADLDAP_DISTRIBUTION_GROUP = 268435457;
const ADLDAP_SECURITY_LOCAL_GROUP = 536870912;
const ADLDAP_DISTRIBUTION_LOCAL_GROUP = 536870913;
const ADLDAP_FOLDER = 'OU';
const ADLDAP_CONTAINER = 'CN';
/**
* The default port for LDAP non-SSL connections
*/
const ADLDAP_LDAP_PORT = '389';
/**
* The default port for LDAPS SSL connections
*/
const ADLDAP_LDAPS_PORT = '636';
/**
* The account suffix for your domain, can be set when the class is invoked
*
* @var string
*/
protected $accountSuffix = "@cortoso.com";
/**
* The base dn for your domain
*
* If this is set to null then adLDAP will attempt to obtain this automatically from the rootDSE
*
* @var string
*/
protected $baseDn = "";
/**
* Port used to talk to the domain controllers.
*
* @var int
*/
protected $adPort = self::ADLDAP_LDAP_PORT;
/**
* Array of domain controllers. Specifiy multiple controllers if you
* would like the class to balance the LDAP queries amongst multiple servers
*
* @var array
*/
protected $domainControllers = array("dc01.cortoso.com", "dc02.cortoso.com");
/**
* Optional account with higher privileges for searching
* This should be set to a domain admin account
*
* @var string
* @var string
*/
protected $adminUsername = "ldap-binduser";
protected $adminPassword = "super-password";
/**
* AD does not return the primary group. http://support.microsoft.com/?kbid=321360
* This tweak will resolve the real primary group.
* Setting to false will fudge "Domain Users" and is much faster. Keep in mind though that if
* someone's primary group is NOT domain users, this is obviously going to mess up the results
*
* @var bool
*/
protected $realPrimaryGroup = false;
/**
* Use SSL (LDAPS), your server needs to be setup, please see
* http://adldap.sourceforge.net/wiki/doku.php?id=ldap_over_ssl
*
* @var bool
*/
protected $useSSL = false;
/**
* Use TLS
* If you wish to use TLS you should ensure that $useSSL is set to false and vice-versa
*
* @var bool
*/
protected $useTLS = true;
/**
* Use SSO
* To indicate to adLDAP to reuse password set by the brower through NTLM or Kerberos
*
* @var bool
*/
protected $useSSO = false;
/**
* When querying group memberships, do it recursively
* eg. User Fred is a member of Group A, which is a member of Group B, which is a member of Group C
* user_ingroup("Fred","C") will returns true with this option turned on, false if turned off
*
* @var bool
*/
protected $recursiveGroups = true;
...
?>为了能够测试adLDAP,编写一个小的php sniplet要比直接使用vTiger CRM容易得多。只需在adLDAP.php所在的目录中创建一个包含以下内容的小adldap_test.php文件:
<?php
require_once(dirname(FILE) . '/adLDAP.php');
try {
$adldap = new adLDAP();
}
catch (adLDAPException $e) {
echo $e;
exit();
}
$authUser = $adldap->authenticate('user-to-authenticate', 'users-password');
if ($authUser == true) {
echo "User authenticated successfully";
}
else {
// getLastError is not needed, but may be helpful for finding out why:
echo "\n";
echo $adldap->getLastError();
echo "\n";
echo "User authentication unsuccessful";
}
echo "\n";
$result=$adldap->user()->infoCollection('ldap', array("*"));
echo "User:\n";
echo $result->displayName;
echo "Mail:\n";
echo $result->mail;
?>页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/26444284
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号