generis-auth-ldap/README.md

generis-auth-ldap
=================

An LDAP implementation of the Tao 3.0 user authentication

Requirement
=====================
In order to use this system, you need to have an ldap server installed. It should have user in it. 
Test have been maded with openldap. 
I recommend a graphical client to use with, like phpldap admin 
You can correct the bug of the 1.2.2-5ubuntu1 with the following process : 
http://forums.debian.net/viewtopic.php?f=5&t=111508 


Installation 
============================

This system can be added to a projet as a library. You need to add this parameter to your composer.json 

    "minimum-stability" : "dev",
    "repositories": [
        {
            "type": "vcs",
            "url": "https://github.com/oat-sa/generis-auth-ldap"
        }
    ],
    "require": {
        "oat-sa/generis-auth-ldap": "*"
    },

Once it's done, run a composer update. 

------------------------------

To enable them, you need to go to /config/generis/auth.conf.php and add these lines 

    array(
        'driver' => 'oat\authLdap\model\LdapAdapter',
        'config' => array(
            array(
                'host' => '127.0.0.1',
                'accountDomainName' => 'test.com',
                'username' => 'cn=admin,dc=test,dc=com',
                'password' => 'admin',
                'baseDn' => 'OU=organisation,dc=test,dc=com',
                'bindRequiresDn' => 'true',
            )
        )
    ),

here the domain is test.com All the parameters are in a separate dc in ldap

These are the configuration of the connection to the ldap server. 

Then the login will try to use this library. 

Configuration
============================

By default and LDAP user will be considered a test-taker belonging to no group.

The following attributes will be taken from LDAP and mapped to TAO properties by default:

* 'mail' as PROPERTY_USER_MAIL
* 'givenName' as PROPERTY_USER_FIRSTNAME
* 'sn' as PROPERTY_USER_LASTNAME
* 'displayName' as RDFS_LABEL

However there are several ways to enhance or override this default behaviour:

------------------------------

To hardcode one of the user properties, you would need to add a mapping of the type 'value' to the configuration:

    array(
        'driver' => 'oat\authLdap\model\LdapAdapter',
        'config' => SEE_ABOVE
        'mapping' => array(
            'http://www.tao.lu/Ontologies/TAOGroup.rdf#member' => array(
                'type' => 'value',
                'value' => array('http://localnamespace.com/install#i123456789')
            )
        );
    ),

This example would set the group membership of all users loging in to a group identified by the id http://localnamespace.com/install#i123456789
    
------------------------------

Alternatively if you want to take over a value of an LDAP attribute you would add a mapping of type 'attributeValue'

    array(
        'driver' => 'oat\authLdap\model\LdapAdapter',
        'config' => SEE_ABOVE
        'mapping' => array(
            'http://www.tao.lu/Ontologies/TAOGroup.rdf#member' => array(
                'type' => 'value',
                'value' => array('http://localnamespace.com/install#i123456789')
            ),
            'http://www.w3.org/2000/01/rdf-schema#label' => array(
                'type' => 'attributeValue',
                'attribute' => 'username'
            )
        );
    ),
    
This would use the value of the LDAP attribute 'username' as label (RDFS_LABEL) for the user, overriding the default rule to use 'displayName'.

------------------------------

For more advanced cases there is the type 'callback' which allows you to programmatically enhance the mapping of the LDAP attributes to the TAO properties. See oat\authLdap\model\LdapUserFactory for details.
Initial commit 2014-07-14 16:24:51 +02:00			`generis-auth-ldap`
			`=================`
adding readme md 2014-07-18 16:02:50 +02:00
corrected Tao 3.0 config path 2015-02-04 14:35:06 +01:00			`An LDAP implementation of the Tao 3.0 user authentication`
adding readme md 2014-07-18 16:02:50 +02:00
			`Requirement`
			`=====================`
			`In order to use this system, you need to have an ldap server installed. It should have user in it.`
			`Test have been maded with openldap.`
			`I recommend a graphical client to use with, like phpldap admin`
			`You can correct the bug of the 1.2.2-5ubuntu1 with the following process :`
			`http://forums.debian.net/viewtopic.php?f=5&t=111508`




			`Installation`
			`============================`

			`This system can be added to a projet as a library. You need to add this parameter to your composer.json`

			`"minimum-stability" : "dev",`
			`"repositories": [`
			`{`
			`"type": "vcs",`
			`"url": "https://github.com/oat-sa/generis-auth-ldap"`
			`}`
			`],`
			`"require": {`
			`"oat-sa/generis-auth-ldap": "*"`
			`},`

			`Once it's done, run a composer update.`

			`------------------------------`

corrected Tao 3.0 config path 2015-02-04 14:35:06 +01:00			`To enable them, you need to go to /config/generis/auth.conf.php and add these lines`
adding readme md 2014-07-18 16:02:50 +02:00
			`array(`
			`'driver' => 'oat\authLdap\model\LdapAdapter',`
			`'config' => array(`
			`array(`
			`'host' => '127.0.0.1',`
			`'accountDomainName' => 'test.com',`
			`'username' => 'cn=admin,dc=test,dc=com',`
			`'password' => 'admin',`
			`'baseDn' => 'OU=organisation,dc=test,dc=com',`
			`'bindRequiresDn' => 'true',`
			`)`
			`)`
			`),`

			`here the domain is test.com All the parameters are in a separate dc in ldap`

			`These are the configuration of the connection to the ldap server.`

			`Then the login will try to use this library.`
added mapping examples and explanations 2015-12-23 17:35:12 +01:00
			`Configuration`
			`============================`

			`By default and LDAP user will be considered a test-taker belonging to no group.`

			`The following attributes will be taken from LDAP and mapped to TAO properties by default:`

			`* 'mail' as PROPERTY_USER_MAIL`
			`* 'givenName' as PROPERTY_USER_FIRSTNAME`
			`* 'sn' as PROPERTY_USER_LASTNAME`
			`* 'displayName' as RDFS_LABEL`

			`However there are several ways to enhance or override this default behaviour:`

			`------------------------------`

			`To hardcode one of the user properties, you would need to add a mapping of the type 'value' to the configuration:`

			`array(`
			`'driver' => 'oat\authLdap\model\LdapAdapter',`
			`'config' => SEE_ABOVE`
			`'mapping' => array(`
			`'http://www.tao.lu/Ontologies/TAOGroup.rdf#member' => array(`
			`'type' => 'value',`
			`'value' => array('http://localnamespace.com/install#i123456789')`
			`)`
			`);`
			`),`

			`This example would set the group membership of all users loging in to a group identified by the id http://localnamespace.com/install#i123456789`

			`------------------------------`

			`Alternatively if you want to take over a value of an LDAP attribute you would add a mapping of type 'attributeValue'`

			`array(`
			`'driver' => 'oat\authLdap\model\LdapAdapter',`
			`'config' => SEE_ABOVE`
			`'mapping' => array(`
			`'http://www.tao.lu/Ontologies/TAOGroup.rdf#member' => array(`
			`'type' => 'value',`
			`'value' => array('http://localnamespace.com/install#i123456789')`
			`),`
			`'http://www.w3.org/2000/01/rdf-schema#label' => array(`
			`'type' => 'attributeValue',`
			`'attribute' => 'username'`
			`)`
			`);`
			`),`

specified override of example 2015-12-23 17:37:43 +01:00			`This would use the value of the LDAP attribute 'username' as label (RDFS_LABEL) for the user, overriding the default rule to use 'displayName'.`
added mapping examples and explanations 2015-12-23 17:35:12 +01:00
			`------------------------------`

			`For more advanced cases there is the type 'callback' which allows you to programmatically enhance the mapping of the LDAP attributes to the TAO properties. See oat\authLdap\model\LdapUserFactory for details.`