Edit LDAP Server Configuration | Pruebas Clasifi...
https://web2print.axai.mx/admin/config/people/ld...
Edit LDAP Server Con�guration
Inicio
Administración
Con�guración
Usuarios
LDAP Con�guration
2. Servers
Connection settings
Machine name for this server con�guration. *
ldap_mydomain
May only contain alphanumeric characters (a-z, A-Z, 0-9, and _)
Name
ldap_server
Choose a unique name for this server con�guration.
Activado
Disable in order to keep con�guration without having it active.
LDAP Server Type
Default LDAP
This �eld is informative. It's purpose is to assist with default values and give validation warnings.
LDAP server
ldap.mydomain.com
The domain name or IP address of your LDAP Server such as "ad.unm.edu". For SSL use the form ldaps://DOMAIN such as "ldaps://ad.unm.edu"
LDAP port
389
The TCP/IP port on the above server which accepts LDAP connections. Must be an integer.
Use Start-TLS
Secure the connection between the Drupal and the LDAP servers using TLS.
Note: To use START-TLS, you must set the LDAP Port to 389.
Follow LDAP Referrals
Makes the LDAP client follow referrals (in the responses from the LDAP server) to other LDAP servers. This requires that the Bind Settings you give, is ALSO valid on these other servers.
Binding Method
How the Drupal system is authenticated by the LDAP server.
Binding Method for Searches (such as �nding user object or their group memberships)
Service Account Bind: Use credentials in the Service Account �eld to bind to LDAP. This option is usually a best practice.
Bind with Users Credentials: Use user's entered credentials to bind to LDAP.
This is only useful for modules that execute during user logon such as LDAP Authentication and LDAP Authorization. This option is not a best practice in most cases.
This option skips the initial anonymous bind and anonymous search to determine the LDAP user DN, but you can only use this option if your user DNs follow a
consistent pattern, for example all of them being of the form "cn=[username],[base dn]", or all of them being of the form "uid=[username],ou=accounts,[base dn]". You
specify the pattern under "Expression for user DN" in the next con�guration block below.
Anonymous Bind for search, then Bind with Users Credentials: Searches for user dn then uses user's entered credentials to bind to LDAP.
This is only useful for modules that work during user logon such as LDAP Authentication and LDAP Authorization. The user's dn must be discovered by an anonymous
search for this option to work.
Anonymous Bind: Use no credentials to bind to LDAP server.
This option will not work on most LDAPS connections.
Service Account
Some LDAP con�gurations prohibit or restrict the results of anonymous searches. These LDAPs require a DN//password pair for binding. For security reasons, this pair
should belong to an LDAP account with stripped down permissions. This is also required for provisioning LDAP accounts and groups!
DN for non-anonymous search
cn=Directory Manager
Password for non-anonymous search
Clear existing password from database. Check this when switching away from Service Account Binding.
1 of 3
29/04/15 01:18
Edit LDAP Server Configuration | Pruebas Clasifi...
https://web2print.axai.mx/admin/config/people/ld...
LDAP User to Drupal User Relationship
How are LDAP user entries found based on Drupal username or email? And vice-versa? Needed for LDAP Authentication and Authorization functionality.
Base DNs for LDAP users, groups, and other entries.
ou=People,dc=mydomain,dc=com
What DNs have entries relavant to this con�guration? e.g. ou=campus accounts,dc=ad,dc=uiuc,dc=edu Keep in mind that every additional basedn likely doubles the number of queries. Place
the more heavily used one �rst and consider using one higher base DN rather than 2 or more lower base DNs. Enter one per line in case if you need more than one.
AuthName attribute
uid
The attribute that holds the users' login name. (eg. cn for eDir or sAMAccountName for Active Directory).
AccountName attribute
The attribute that holds the unique account name. Defaults to the same as the AuthName attribute.
Email attribute
mail
The attribute that holds the users' email address. (eg. mail). Leave empty if no such attribute exists
Email template
If no attribute contains the user's email address, but it can be derived from other attributes, enter an email "template" here. Templates should have the user's attribute name in form such as [cn],
[uin], etc. such as [cn]@mycompany.com. See http://drupal.org/node/997082 for additional documentation on ldap tokens.
Thumbnail attribute
The attribute that holds the users' thumnail image. (eg. thumbnailPhoto). Leave empty if no such attribute exists
Persistent and Unique User ID Attribute
nsuniqueid
In some LDAPs, a user's DN, CN, or mail value may change when a user's name changes or for other reasons. In order to avoid creation of multiple accounts for that user or other ambiguities, enter
a unique and persistent ldap attribute for users. In cases where DN does not change, enter "dn" here. If no such attribute exists, leave this blank.
Does PUID hold a binary value?
Información de facturación
Expression for user DN. Required when "Bind with Users Credentials" method selected.
%username and %basedn are valid tokens in the expression. Typically it will be:
cn=%username,%basedn which might evaluate to cn=jdoe,ou=campus accounts,dc=ad,dc=mycampus,dc=edu Base DNs are entered above.
PHP to transform Drupal login username to LDAP UserName attribute.
This will appear as disabled unless the "PHP �lter" core module is enabled. Enter PHP to transform Drupal username to the value of the UserName attribute. The code should print the UserName
attribute. PHP �lter module must be enabled for this to work. The variable $name is available and is the user's login username. Careful, bad PHP code here will break your site. If left empty, no name
transformation will be done.
Example:
Given the user will logon with jdoe@xyz.com and you want the ldap UserName attribute to be jdoe.
$parts = explode('@', $name); if (count($parts) == 2) {print $parts[0]};
Testing Drupal Username
This is optional and used for testing this server's con�guration against an actual username. The user need not exist in Drupal and testing will not a�ect the user's LDAP or Drupal Account.
DN of testing username, e.g. cn=hpotter,ou=people,dc=hogwarts,dc=edu
This is optional and used for testing this server's con�guration against an actual username. The user need not exist in Drupal and testing will not a�ect the user's LDAP or Drupal Account.
2 of 3
29/04/15 01:18
Edit LDAP Server Configuration | Pruebas Clasifi...
https://web2print.axai.mx/admin/config/people/ld...
LDAP Group Con�guration
How are groups de�ned on your LDAP server? This varies slightly from one LDAP implementation to another such as Active Directory, Novell, OpenLDAP, etc. Check
everything that is true and enter all the values you know.
Groups are not relevant to this Drupal site. This is generally true if LDAP Groups, LDAP Authorization, etc are not it use.
LDAP Pagination
In PHP 5.4, pagination is supported in ldap queries. A patch to earlier versions of PHP also supports this. This PHP installation appears to support pagination!
The advantage to pagination support is that if an ldap server is setup to return only 1000 entries at a time, you can use page through 1000 records at a time; without pagination you would never see
more than the �rst 1000 entries. Pagination is most useful when large queries for batch creating or synching accounts are used. If you are not using this server for such tasks, its recommended to
leave pagination disabled.
Use LDAP Pagination.
Update
3 of 3
29/04/15 01:18