vTiger CRM 6 + LDAP 身份验证
[英]vTiger CRM 6 + LDAP Authentication
问题描述
我利用了最后几天,但我找不到真正有用的教程来将 LDAP 身份验证集成到 vTiger CRM 6(在 Linux CentOS 6.5 发行版上运行)。
任何在这里有经验的人或一些可能会分享一些有用手册的人?
1 个解决方案
解决方案1
0 2014-12-30 11:07:17
将目录设为您的 crm 目标:
/var/www/html/crm/modules/Users/authTypes/
然后,从以下位置下载 ldap 文件:
http://downloads.sourceforge.net/project/adldap/adLDAP/adLDAP_4.0.4/adLDAP_4.0
只需打开并根据您的需要自定义设置。 以下设置与 2012R2 Active Directory 所需的设置相匹配。
...
class adLDAP {
/**
* Define the different types of account in AD
*/
const ADLDAP_NORMAL_ACCOUNT = 805306368;
const ADLDAP_WORKSTATION_TRUST = 805306369;
const ADLDAP_INTERDOMAIN_TRUST = 805306370;
const ADLDAP_SECURITY_GLOBAL_GROUP = 268435456;
const ADLDAP_DISTRIBUTION_GROUP = 268435457;
const ADLDAP_SECURITY_LOCAL_GROUP = 536870912;
const ADLDAP_DISTRIBUTION_LOCAL_GROUP = 536870913;
const ADLDAP_FOLDER = 'OU';
const ADLDAP_CONTAINER = 'CN';
/**
* The default port for LDAP non-SSL connections
*/
const ADLDAP_LDAP_PORT = '389';
/**
* The default port for LDAPS SSL connections
*/
const ADLDAP_LDAPS_PORT = '636';
/**
* The account suffix for your domain, can be set when the class is invoked
*
* @var string
*/
protected $accountSuffix = "@cortoso.com";
/**
* The base dn for your domain
*
* If this is set to null then adLDAP will attempt to obtain this automatically from the rootDSE
*
* @var string
*/
protected $baseDn = "";
/**
* Port used to talk to the domain controllers.
*
* @var int
*/
protected $adPort = self::ADLDAP_LDAP_PORT;
/**
* Array of domain controllers. Specifiy multiple controllers if you
* would like the class to balance the LDAP queries amongst multiple servers
*
* @var array
*/
protected $domainControllers = array("dc01.cortoso.com", "dc02.cortoso.com");
/**
* Optional account with higher privileges for searching
* This should be set to a domain admin account
*
* @var string
* @var string
*/
protected $adminUsername = "ldap-binduser";
protected $adminPassword = "super-password";
/**
* AD does not return the primary group. http://support.microsoft.com/?kbid=321360
* This tweak will resolve the real primary group.
* Setting to false will fudge "Domain Users" and is much faster. Keep in mind though that if
* someone's primary group is NOT domain users, this is obviously going to mess up the results
*
* @var bool
*/
protected $realPrimaryGroup = false;
/**
* Use SSL (LDAPS), your server needs to be setup, please see
* http://adldap.sourceforge.net/wiki/doku.php?id=ldap_over_ssl
*
* @var bool
*/
protected $useSSL = false;
/**
* Use TLS
* If you wish to use TLS you should ensure that $useSSL is set to false and vice-versa
*
* @var bool
*/
protected $useTLS = true;
/**
* Use SSO
* To indicate to adLDAP to reuse password set by the brower through NTLM or Kerberos
*
* @var bool
*/
protected $useSSO = false;
/**
* When querying group memberships, do it recursively
* eg. User Fred is a member of Group A, which is a member of Group B, which is a member of Group C
* user_ingroup("Fred","C") will returns true with this option turned on, false if turned off
*
* @var bool
*/
protected $recursiveGroups = true;
...
?>
为了能够测试 adLDAP,编写一个小的 php sniplet 比直接用 vTiger CRM 做要容易得多。 只需在 adLDAP.php 所在的同一目录中创建一个小的 adldap_test.php 文件,内容如下:
<?php
require_once(dirname(FILE) . '/adLDAP.php');
try {
$adldap = new adLDAP();
}
catch (adLDAPException $e) {
echo $e;
exit();
}
$authUser = $adldap->authenticate('user-to-authenticate', 'users-password');
if ($authUser == true) {
echo "User authenticated successfully";
}
else {
// getLastError is not needed, but may be helpful for finding out why:
echo "\n";
echo $adldap->getLastError();
echo "\n";
echo "User authentication unsuccessful";
}
echo "\n";
$result=$adldap->user()->infoCollection('ldap', array("*"));
echo "User:\n";
echo $result->displayName;
echo "Mail:\n";
echo $result->mail;
?>
如何在localhost中安装vtiger crm
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.