2014-10-18 2 views
0

Я использовал последние дни, но не смог найти полезное учебное пособие по инсталляции аутентификации LDAP в vTiger CRM 6 (работающий на дистрибутиве Linux CentOS 6.5).vTiger CRM 6 + аутентификация LDAP

Кто-нибудь испытал здесь или некоторых людей, которые могут поделиться некоторыми полезными руководствами?

ответ

0
каталог

Сделать в ваш УРК назначения:

/вар/WWW/HTML/CRM/модули/Пользователи/authTypes/

Затем Скачать файл Ldap из:

http://downloads.sourceforge.net/project/adldap/adLDAP/adLDAP_4.0.4/adLDAP_4.0

Просто откройте и настройте параметры для ваших нужд. Следующие параметры соответствуют тем, которые необходимы для Active Directory 2012R2.

... 
class adLDAP { 

    /** 
    * Define the different types of account in AD 
    */ 
    const ADLDAP_NORMAL_ACCOUNT = 805306368; 
    const ADLDAP_WORKSTATION_TRUST = 805306369; 
    const ADLDAP_INTERDOMAIN_TRUST = 805306370; 
    const ADLDAP_SECURITY_GLOBAL_GROUP = 268435456; 
    const ADLDAP_DISTRIBUTION_GROUP = 268435457; 
    const ADLDAP_SECURITY_LOCAL_GROUP = 536870912; 
    const ADLDAP_DISTRIBUTION_LOCAL_GROUP = 536870913; 
    const ADLDAP_FOLDER = 'OU'; 
    const ADLDAP_CONTAINER = 'CN'; 

    /** 
    * The default port for LDAP non-SSL connections 
    */ 
    const ADLDAP_LDAP_PORT = '389'; 
    /** 
    * The default port for LDAPS SSL connections 
    */ 
    const ADLDAP_LDAPS_PORT = '636'; 

    /** 
    * The account suffix for your domain, can be set when the class is invoked 
    * 
    * @var string 
    */ 
     protected $accountSuffix = "@cortoso.com"; 

    /** 
    * The base dn for your domain 
    * 
    * If this is set to null then adLDAP will attempt to obtain this automatically from the rootDSE 
    * 
    * @var string 
    */ 
     protected $baseDn = ""; 

    /** 
    * Port used to talk to the domain controllers. 
    * 
    * @var int 
    */ 
    protected $adPort = self::ADLDAP_LDAP_PORT; 
    /** 
    * Array of domain controllers. Specifiy multiple controllers if you 
    * would like the class to balance the LDAP queries amongst multiple servers 
    * 
    * @var array 
    */ 
    protected $domainControllers = array("dc01.cortoso.com", "dc02.cortoso.com"); 

    /** 
    * Optional account with higher privileges for searching 
    * This should be set to a domain admin account 
    * 
    * @var string 
    * @var string 
    */ 
    protected $adminUsername = "ldap-binduser"; 
    protected $adminPassword = "super-password"; 

    /** 
    * AD does not return the primary group. http://support.microsoft.com/?kbid=321360 
    * This tweak will resolve the real primary group. 
    * Setting to false will fudge "Domain Users" and is much faster. Keep in mind though that if 
    * someone's primary group is NOT domain users, this is obviously going to mess up the results 
    * 
    * @var bool 
    */ 
     protected $realPrimaryGroup = false; 

    /** 
    * Use SSL (LDAPS), your server needs to be setup, please see 
    * http://adldap.sourceforge.net/wiki/doku.php?id=ldap_over_ssl 
    * 
    * @var bool 
    */ 
     protected $useSSL = false; 

    /** 
    * Use TLS 
    * If you wish to use TLS you should ensure that $useSSL is set to false and vice-versa 
    * 
    * @var bool 
    */ 
    protected $useTLS = true; 

    /** 
    * Use SSO 
    * To indicate to adLDAP to reuse password set by the brower through NTLM or Kerberos 
    * 
    * @var bool 
    */ 
    protected $useSSO = false; 

    /** 
    * When querying group memberships, do it recursively 
    * eg. User Fred is a member of Group A, which is a member of Group B, which is a member of Group C 
    * user_ingroup("Fred","C") will returns true with this option turned on, false if turned off 
    * 
    * @var bool 
    */ 
     protected $recursiveGroups = true; 

    ... 
?> 

Чтобы быть в состоянии проверить adLDAP, гораздо проще написать небольшой PHP sniplet, чем делать это непосредственно с Vtiger CRM. Просто создайте небольшой файл adldap_test.php в том же каталоге, где находится adLDAP.php, со следующим содержанием:

<?php 

require_once(dirname(FILE) . '/adLDAP.php'); 

try { 
    $adldap = new adLDAP(); 
} 

catch (adLDAPException $e) { 
    echo $e; 
    exit(); 
} 
$authUser = $adldap->authenticate('user-to-authenticate', 'users-password'); 
if ($authUser == true) { 
    echo "User authenticated successfully"; 
} 
else { 
    // getLastError is not needed, but may be helpful for finding out why: 
    echo "\n"; 
    echo $adldap->getLastError(); 
    echo "\n"; 

    echo "User authentication unsuccessful"; 
} 

echo "\n"; 
$result=$adldap->user()->infoCollection('ldap', array("*")); 
echo "User:\n"; 
echo $result->displayName; 
echo "Mail:\n"; 
echo $result->mail; 

?> 

 Смежные вопросы

  • Нет связанных вопросов^_^