PHP download

Download the PHP package jelix/ldapdao-module without Composer

On this page you can find all versions of the php package jelix/ldapdao-module. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download jelix/ldapdao-module
More information about jelix/ldapdao-module
Files in jelix/ldapdao-module

Vendor jelix
Package ldapdao-module
Short Description module for Jelix,allowing to authenticate with an ldap server and to register users locally.
License MPL-2.0
Homepage http://jelix.org

Keywords ldap dao jelix

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of jelix/ldapdao-module

Informations about the package ldapdao-module

This is a module for Jelix, providing a plugin for jAuth allowing to authenticate with an ldap server, and register them in the app database, using a dao.

This module is for Jelix 1.6.x and higher.

Installation

Configuration with Jelix 1.7

You should use Composer to install the module. Run this commands in a shell:

Launch the configurator for your application to enable the module

Configuration with Jelix 1.6

Copy the ldapdao directory into the modules/ directory of your application.

Next you must say to Jelix that you want to use the module. Declare it into the var/config/mainconfig.ini.php file.

In the [modules] section, add:

Following modules are required: jacl2, jauth, jauthdb. In this same section verify that they are activated:

If you are using the jCommunity module, you must not activate jauth and jauthdb, so keep jauth.access=0 and jauthdb.access=0.

Launch the installer

In the command line, launch:

Install other languages

The module is provided with english and french content. If you want other languages, you should retrieve them from https://download.jelix.org/jelix/langpacks/ldapdao/.

Unzip the archives into app/locales/ or var/locales/.

Configuration

This module provides two things:

a plugin, , for jAuth
a configuration file for the plugin for jCoordinator.

The plugin replaces the db or ldap plugin for jAuth. The installer of the module deactivates some jAcl2 rights, and copy an example of the configuration file authldap.coord.ini.php into the configuration directory
(var/config in Jelix 1.6, app/system in Jelix 1.7).

You should edit the new file authldap.coord.ini.php. Many properties should be changed to match your ldap structure.

Second, you should indicate this new configuration file into the mainconfig.ini.php file, in the coordplugins section:

General configuration properties

First you should set the dao, profile, ldapprofile and form properties in the ldapdao section of authldap.coord.ini.php, to indicate the dao (for the table), the form (for the administration module) and profiles to access to the database and the ldap.

Here is an example:

For profiles, you should set connections parameters into the var/config/profiles.ini.php file.

Example of a profile for the dao:

Here the profile is named myldapdao so you should set profile=myldapdao into authldap.coord.ini.php.

Connection configuration

You should create an ldap profile, with the name indicated into the ldapprofile parameter. The ldap profile should be into the var/config/profiles.ini.php file.

For example, if the profile is named myldap (like in the following example), so you should set ldapprofile=myldap into authldap.coord.ini.php.

Example of a profile for the ldap connection:

First, you should set hostname, port, which are the name and the port of the ldap server.

You must also indicate how the connexion should be made. You should indicate if you are using the ldap protocol without encryption (tlsmode=), the ldap protocol with STARTTLS, (tlsMode=starttls) or if you are using the ldaps protocol (tlsMode=ldaps).

If you use the standard port 389, you have the choice between no encryption (empty value) or starttls, for the tlsMode setting.

If you are using the port 636, it automatically uses the ldaps protocol. In this case, setting tlsMode to ldaps is optional.

Since ldaps is deprecated in OpenLdap, the best solution is to use the port 389 with tlsMode=starttls.

Configuration properties for the admin

The plugin needs to query the directory with a user having some rights allowing to search a user, to get his attributes, his groups etc... He's called the "admin" in the plugin.

You must indicate in adminUserDn and adminPassword, the DN (Distinguished Name) and the password of this user.

Configuration properties for user data

To verify password, or to register the user into the Jelix application the first time he authenticate himself, the plugin needs some data about the user.

You should indicate to it which ldap attributes it can retrieve, and which database fields that will receive the ldap attributes values.

You indicate such informations into the searchAttributes property. It is a pair of names, <ldap attribute>:<table field>, separated by a comma.

In this example, searchAttributes="uid:login,givenName,sn:lastname,mail:email,dn:":

the value of the uid ldap attribute will be stored into the login field
the value of the sn ldap attribute will be stored into the lastname field
the value of the givenName ldap attribute will be stored into a field that have the same name, as there is no field name nor :.
there will not be mapping for the dn property. There is a : without field name. It will be readed from ldap, and can be used into the bindUserDN DN template. (see below).

The possible list of possible fields is indicated into the dao file, whose name is indicated into the dao configuration property.

Configuration properties for authentication

Starting from 2.0.0, the login process has changed, to take care of various ldap structure and server configuration.

Before to try to authenticate the user against the ldap, the plugin retrieves user properties. It uses two configuration parameters : searchUserFilter and searchAttributes.

The searchUserFilter should contain the ldap query, and a %%LOGIN%% placeholder that will be replaced by the login given by the user.

Example: searchUserFilter="(&(objectClass=posixAccount)(uid=%%LOGIN%%))"

You may also indicate the base DN for the search, into searchUserBaseDN. Example: searchUserBaseDN="ou=ADAM users,o=Microsoft,c=US".

Note that you can indicate several search filters, if you have complex ldap structure. Use [] to indicate an item list:

To verify the password, the plugin needs the DN (Distinguished Name) corresponding to the user. It builds the DN from a "template" indicated into the bindUserDN property, and from various data. These data can be the given login or one of the ldap attributes of the user.

Building the DN from the login given by the user: bindUserDN should contain a DN, with a %%LOGIN%% placeholder that will be replaced by the login.

Example: bindUserDN="uid=%%LOGIN%%,ou=users,dc=XY,dc=fr". If the user give john.smith as a login, the authentication will be made with the DN bindUserDN="uid=john.smith,ou=users,dc=XY,dc=fr".

For some LDAP, the DN could be a simple string, for example an email. You could then set bindUserDN="%%LOGIN%%@company.local". Or even bindUserDN="%%LOGIN%%" if the user can type the full value of the DN or an email or else.. (Probably it's not recommended to allow a user to type himself its full DN, it can be a security issue)
Building the DN from one of the ldap attributes of the user. In this case, the plugin will first query the ldap directory with the searchUserFilter filter, to retrieve the user's ldap attributes. Then, in bindUserDN, you can indicate a DN where some values will be replaced by some attributes values, or you can indicate a single attribute name, corresponding to an attribute that contain the full DN of the user.

For the first case, bindUserDn should contain a DN, with some %?% placeholders that will be replaced by corresponding attributes value. Example: bindUserDN="uid=%?%,ou=users,dc=XY,dc=fr". Here it replaces the %?% by the value of the uid attribute readed from the user's attributes. The attribute name should be present into the searchAttributes configuration property, even with no field mapping. Ex: ...,uid,.... See above.

For the second case, just indicate the attribute name, prefixed with a $. Example: bindUserDN="$dn". Here it takes the dn attribute readed from the search, and use its full value as the DN to login against the ldap server. It is useful for some LDAP server like sometimes Active Directory that need a full DN specific for each user. The attribute name should be present into the searchAttributes configuration property, even with no field mapping. Ex: ...,dn:,.... See above.

Note that you can indicate several dn templates, if you have complex ldap structure. Use [] to indicate an item list:

Configuration properties for user rights

If you have configured groups rights into your application, and if these groups match your ldap groups, you can indicate to the plugin to automatically put the user into the application groups, according to the user ldap groups.

You should then indicate into searchGroupFilter the ldap query that will retrieve the groups of the user.

Example: searchGroupFilter="(&(objectClass=posixGroup)(member=%%USERDN%%))"

%%USERDN%% is replaced by the user dn.%%LOGIN%% is replaced by the login.
You can also use any ldap attributes you indicate into searchAttributes, between %%. Example: searchGroupFilter="(&(objectClass=posixGroup)(member=%%givenName%%))"

Warning : setting searchGroupFilter will remove the user from any other application groups that don't match the ldap group, except default groups of user into the application, when searchGroupKeepUserInDefaultGroups is set to on. If you don't want a groups synchronization, leave searchGroupFilter empty.

With searchGroupProperty, you must indicate the ldap attribute that contains the group name. Ex: searchGroupProperty="cn".

You may also indicate the base DN for the search, into searchGroupBaseDN. Example: searchGroupBaseDN="ou=Groups,dc=Acme,dc=pt".

All versions of ldapdao-module with dependencies

PHP Build Version

Package Version

Version v2.2.5 Release 09. Oct 2023
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of ldapdao-module from vendor jelix

No informations.

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package jelix/ldapdao-module contains the following files

Loading the files please wait ....