29,113
edits
Changes
m
→Setup to login in Dolibarr using the password in LDAP
Line 37:
Line 37:
See file htdocs/conf/conf.php.example+
*''Install stunnel. For example, on Ubuntu:''
*''Install stunnel. For example, on Ubuntu:''
−<syntaxhighlight>
+<syntaxHighlight lang="bash">
sudo apt-get install stunnel4
sudo apt-get install stunnel4
−</syntaxhighlight>
+</syntaxHighlight>
*''Create a configuration file /etc/stunnel/google-ldap.conf (that will contain the location of the certificates) with the following contents (assuming ldap-client.crt is the cert, and ldap-client.key is the key)''
*''Create a configuration file /etc/stunnel/google-ldap.conf (that will contain the location of the certificates) with the following contents (assuming ldap-client.crt is the cert, and ldap-client.key is the key)''
−<syntaxhighlight>
+<syntaxHighlight lang="bash">
[ldap]
[ldap]
client = yes
client = yes
Line 50:
Line 50:
cert = ldap-client.crt
cert = ldap-client.crt
key = ldap-client.key''
key = ldap-client.key''
−</syntaxhighlight>
+</syntaxHighlight>
*To enable stunnel, edit /etc/default/stunnel4 and set ENABLED=1
*To enable stunnel, edit /etc/default/stunnel4 and set ENABLED=1
Line 56:
Line 56:
*Restart stunnel.
*Restart stunnel.
−<syntaxhighlight>
+<syntaxHighlight lang="bash">
sudo /etc/init.d/stunnel4 restart
sudo /etc/init.d/stunnel4 restart
−</syntaxhighlight>
+</syntaxHighlight>
*''Configure your application to point to ldap://ip.of.stunnel:1636. You can replace “1636” with any unused port if you also change the accept line in the configuration file above. ''
*''Configure your application to point to ldap://ip.of.stunnel:1636. You can replace “1636” with any unused port if you also change the accept line in the configuration file above. ''
Line 88:
Line 88:
==Setup to login in Dolibarr using the password in LDAP==
==Setup to login in Dolibarr using the password in LDAP==
−Modify your configuration file of application '''htdocs/conf/conf.php''' to ask Dolibarr to test tha validity of password into the LDAP server, this is an example working with openLDAP :
+<syntaxhighlight lang="php">
+[...]
+// Authentication settings
+//$dolibarr_main_authentication='dolibarr';
+$dolibarr_main_authentication='ldap,dolibarr'; // To be able to login with both the LDAP or the Dolibarr password (if there is problem with the LDAP server, keep a non LDAP password for one admin user !)
+$dolibarr_main_auth_ldap_host='<ldap>ou<ldaps>: //<hostname>'; // Plusieurs serveurs peuvent être ajouter en séparant par une virgule.
+$dolibarr_main_auth_ldap_port='<389>ou<636>'; // Port
+$dolibarr_main_auth_ldap_version='3';
+$dolibarr_main_auth_ldap_servertype='openldap'; // openldap, activedirectory or egroupware
+$dolibarr_main_auth_ldap_login_attribute='uid'; // Ex: uid or samaccountname for active directory
+$dolibarr_main_auth_ldap_dn='dc=company,dc=com'; // Ex: ou=users,dc=my-domain,dc=com
+$dolibarr_main_auth_ldap_filter = ''; // If defined, two previous parameters are not used to find a user into LDAP. Ex: (uid=%1%) or &(uid=%1%)(isMemberOf=$
+$dolibarr_main_auth_ldap_admin_login='uid=admin,dc=company,dc=com'; // Required only if anonymous bind disabled. Ex: cn=admin,dc=example,dc=com
+$dolibarr_main_auth_ldap_admin_pass='secret'; // Required only if anonymous bind disabled. Ex: secret
+$dolibarr_main_auth_ldap_debug='false';
+[...]
+</syntaxhighlight>
=Usage=
=Usage=