Hallo,
wir haben das plugin autldap installiert, die Anmeldung der User funktioniert einwandfrei, allerdings funktiort die Gruppenzuordnung und die entsprechende Zugangsverwaltung für die Gruppen nicht. Kann mir jemand helfen, ich habe schon soviel recherchiert aber leider keine Lösung gefunden.
Wir haben auch bereits das plugin authad installiert, aber auch das funktioniert nicht.
Unsere derzeitige Konfiguration sieht wie folgt aus:
<?php
/**
* Protected settings
* LDAP configuration example
*/
$conf['useacl'] = 1; //enable ACL
$conf['authtype'] = 'authldap'; //enable this Auth plugin
#$conf['plugin']['authldap']['server'] = 'localhost';
#$conf['plugin']['authldap']['port'] = 389;
$conf['plugin']['authldap']['server'] = 'ldap://HeiLab.loc:389'; #instead of the above two settings
$conf['plugin']['authldap']['usertree'] = 'ou=Benutzer, ou=Schwabach, ou=DE,dc=heilab,dc=loc';
$conf['plugin']['authldap']['grouptree'] = 'ou=WiKi, ou=Anwendungen, ou=Gruppen, ou=Allgemein,dc=heilab,dc=loc';
$conf['plugin']['authldap']['userfilter'] = '(SAMAccountName=%{user})';
$conf['plugin']['authldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))';
$conf['auth']['ldap']['mapping']['name'] = 'displayname';
$conf['auth']['ldap']['mapping']['grps'] = array('memberof' => '/CN=(.+?),/i');
# This is optional but may be required for your server:
#$conf['plugin']['authldap']['version'] = 3;
# This enables the use of the STARTTLS command
#$conf['plugin']['authldap']['starttls'] = 1;
# This is optional and is required to be off when using Active Directory:
#$conf['plugin']['authldap']['referrals'] = 0;
# Optional bind user and password if anonymous bind is not allowed
#$conf['plugin']['authldap']['binddn'] = 'cn=admin, dc=my, dc=home';
#$conf['plugin']['authldap']['bindpw'] = 'secret';
# Limit search scope for user and group searches (sub|one|base)
#$conf['plugin']['authldap']['userscope'] = 'sub';
#$conf['plugin']['authldap']['groupscope'] = 'sub';
# Optional debugging
#$conf['plugin']['authldap']['debug'] = 1;
#### not available via Config Manager ####
# Mapping can be used to specify where the internal data is coming from.
#$conf['plugin']['authldap']['mapping']['name'] = 'displayname'; # Name of attribute Active Directory stores it's pretty print user name.
#$conf['plugin']['authldap']['mapping']['grps'] = array('memberof' => '/CN=(.+?),/i'); # Where groups are defined in Active Directory
Vielen Dank im Voraus!
Schöne Grüße