Go to file
2018-01-17 19:43:52 +01:00
model creates test taker and adds it to LDAP group when logging with ldap credentials for first time 2018-01-17 19:43:52 +01:00
test test added but not finisehd and some code refactoring followign test 2014-07-18 10:39:17 +02:00
.gitignore first commit 2014-07-14 16:45:33 +02:00
composer.json added ldap module requirement 2015-02-04 15:00:40 +01:00
LICENSE Initial commit 2014-07-14 16:24:51 +02:00
README.md specified override of example 2015-12-23 17:37:43 +01:00

generis-auth-ldap

An LDAP implementation of the Tao 3.0 user authentication

Requirement

In order to use this system, you need to have an ldap server installed. It should have user in it. Test have been maded with openldap. I recommend a graphical client to use with, like phpldap admin You can correct the bug of the 1.2.2-5ubuntu1 with the following process : http://forums.debian.net/viewtopic.php?f=5&t=111508

Installation

This system can be added to a projet as a library. You need to add this parameter to your composer.json

"minimum-stability" : "dev",
"repositories": [
    {
        "type": "vcs",
        "url": "https://github.com/oat-sa/generis-auth-ldap"
    }
],
"require": {
    "oat-sa/generis-auth-ldap": "*"
},

Once it's done, run a composer update.


To enable them, you need to go to /config/generis/auth.conf.php and add these lines

array(
    'driver' => 'oat\authLdap\model\LdapAdapter',
    'config' => array(
        array(
            'host' => '127.0.0.1',
            'accountDomainName' => 'test.com',
            'username' => 'cn=admin,dc=test,dc=com',
            'password' => 'admin',
            'baseDn' => 'OU=organisation,dc=test,dc=com',
            'bindRequiresDn' => 'true',
        )
    )
),

here the domain is test.com All the parameters are in a separate dc in ldap

These are the configuration of the connection to the ldap server.

Then the login will try to use this library.

Configuration

By default and LDAP user will be considered a test-taker belonging to no group.

The following attributes will be taken from LDAP and mapped to TAO properties by default:

  • 'mail' as PROPERTY_USER_MAIL
  • 'givenName' as PROPERTY_USER_FIRSTNAME
  • 'sn' as PROPERTY_USER_LASTNAME
  • 'displayName' as RDFS_LABEL

However there are several ways to enhance or override this default behaviour:


To hardcode one of the user properties, you would need to add a mapping of the type 'value' to the configuration:

array(
    'driver' => 'oat\authLdap\model\LdapAdapter',
    'config' => SEE_ABOVE
    'mapping' => array(
        'http://www.tao.lu/Ontologies/TAOGroup.rdf#member' => array(
            'type' => 'value',
            'value' => array('http://localnamespace.com/install#i123456789')
        )
    );
),

This example would set the group membership of all users loging in to a group identified by the id http://localnamespace.com/install#i123456789


Alternatively if you want to take over a value of an LDAP attribute you would add a mapping of type 'attributeValue'

array(
    'driver' => 'oat\authLdap\model\LdapAdapter',
    'config' => SEE_ABOVE
    'mapping' => array(
        'http://www.tao.lu/Ontologies/TAOGroup.rdf#member' => array(
            'type' => 'value',
            'value' => array('http://localnamespace.com/install#i123456789')
        ),
        'http://www.w3.org/2000/01/rdf-schema#label' => array(
            'type' => 'attributeValue',
            'attribute' => 'username'
        )
    );
),

This would use the value of the LDAP attribute 'username' as label (RDFS_LABEL) for the user, overriding the default rule to use 'displayName'.


For more advanced cases there is the type 'callback' which allows you to programmatically enhance the mapping of the LDAP attributes to the TAO properties. See oat\authLdap\model\LdapUserFactory for details.