1<?php
2/*
3 * LimeSurvey
4 * Copyright (C) 2007-2011 The LimeSurvey Project Team / Carsten Schmitz
5 * All rights reserved.
6 * License: GNU/GPL License v2 or later, see LICENSE.php
7 * LimeSurvey is free software. This version may have been modified pursuant
8 * to the GNU General Public License, and as distributed it includes or
9 * is derivative of works licensed under the GNU General Public License or
10 * other free or open source software licenses.
11 * See COPYRIGHT.php for copyright notices and details.
12 *
13 */
14
15/*********** LDAP Parameters and Functions ***********************
16 *
17 *  - First define your ldap servers and remember the serverId
18 *  - Then define your ldap_query and 'attach' it to the serverId
19 ******************************************************************/
20
21/*********************************************/
22/* LDAP servers                              */
23/*********************************************/
24
25$serverId = 0;
26// Define the server DNS name or IP Address
27// If encryption is enabled, make sure the name given here
28// corresponds to the certificate's identity
29$ldap_server[$serverId]['server'] = "ldap.mycompany.org";
30
31// Define the TCP port on which the LDAP server is listenning
32// This should be 389 for standard LDAP servers
33// or 636 for standard LDAPS connections
34$ldap_server[$serverId]['port'] = "636";
35
36// Define the ldap protocol to use
37// 'ldapv2' and 'ldapv3' are supported
38$ldap_server[$serverId]['protoversion'] = "ldapv2";
39
40// Define the encryption method to use
41// 'ldaps' is supported for 'ldapv2' servers
42// 'start-tls' is supproted for 'ldapv3' servers
43// 'none' is supproted for no encryption at all
44// Don't forget to setup your CA's certificate in
45// the openldap ldap.conf file
46$ldap_server[$serverId]['encrypt'] = "ldaps";
47
48// Define the referral option
49// 'false' is recommended for ActiveDirectory servers
50$ldap_server[$serverId]['referrals'] = false;
51
52// Define the encoding used by the Ldap directory
53// You may omit this parameter (let it commented out)
54// as the default value, 'utf-8', should work for most installations.
55// However, Active Directory in West Europe may use 'cp850'.
56// $ldap_server[$serverId]['encoding'] = 'utf-8';
57
58// Define the authentication used to bind to the directory
59// We currently support simple authentication
60// If anonymous bind must be performed, comment the following two lines
61// Note that Active Directory (AD) usually requires authentication before
62// you are authorized to read its content. Remeber as well that user's DN
63// in AD are in the form of CN=username,CN=Users,DC=WindowsDomainName,DC=mycompany,DC=org
64//
65$ldap_server[$serverId]['binddn']	= "uid=mybinduser,dc=mycompany,dc=org";
66$ldap_server[$serverId]['bindpw']	= "AsecretPassword";
67
68/********* Copy for more definitions *****
69 $serverId++;
70 $ldap_server[$serverId]['server'] = "ldap.mycompany.org";
71 $ldap_server[$serverId]['port'] = "389";
72 $ldap_server[$serverId]['protoversion'] = "ldapv3";
73 $ldap_server[$serverId]['encrypt'] = "start-tls";
74 $ldap_server[$serverId]['referrals'] = false;
75 $ldap_server[$serverId]['binddn']	=	"uid=mybinduser,dc=mycompany,dc=org";
76 $ldap_server[$serverId]['bindpw']	=	"AsecretPassword";
77 *****************************************/
78
79/**********************************************************************/
80/* Predefined Queries for Token Imports                               */
81/*                                                                    */
82/* This sample query definition is just an fake theme: do not      */
83/* expect it to do something intelligent on your directory            */
84/* Instead have a look at the online documentation:                   */
85/* - Section Installation, paragraph LDAP_Settings                     */
86/* And for Active Directory tips:                                     */
87/* - Section Installation FAQ, paragraph                               */
88/*   How_do_I_configure_LDAP_settings_to_work_with_Active_Directory_  */
89/**********************************************************************/
90
91$query_id = 0;
92
93// First define the serverId on which you want to run the query
94$ldap_queries[$query_id]['ldapServerId'] = 0;
95
96// Give a name that will appear on the user interface
97$ldap_queries[$query_id]['name'] = 'Staff with an enabled account';
98
99// Define the ldap base used for user searches
100$ldap_queries[$query_id]['userbase'] = 'ou=staff,dc=mycompany,dc=org';
101
102// Define the user filter to apply
103// Must begin with '(' and end with ')'
104// Note that for AD, checking the 'active' status of a user is done with the following filter:
105// "(&(objectCategory=Person)(objectClass=user)(!(userAccountControl=514)))"
106$ldap_queries[$query_id]['userfilter'] = '(&(objectClass=inetOrgPerson)(my-fake-accountstatus-attribute=enabled))';
107
108// Define how deep under the userbase you want to search
109// 'sub' means: search on the entire subtree
110// 'one' means: only search 1 level under the userbase
111// 'base' means: only search the userbase DN entry
112$ldap_queries[$query_id]['userscope'] = 'sub';
113
114// Define the user's attribute that provides the firstname
115// do not use capital letters in the attribute name
116// for instance use 'givenname' and not 'givenName'
117$ldap_queries[$query_id]['firstname_attr'] = 'givenname';
118
119// Give the user's attribute that provides the lastname
120// do not use capital letters in the attribute name
121$ldap_queries[$query_id]['lastname_attr'] = 'sn';
122
123// Give the user's attribute that provides the email address
124// do not use capital letters in the attribute name
125// If multivalued, only the first entry is read
126$ldap_queries[$query_id]['email_attr'] = 'mail';
127
128
129// Optionnally give the user's attributes that provides the
130// token, language, attr1 and attr2 piece of information
131// do not use capital letters in the attribute name
132// if unused, leave empty or comment the lines
133$ldap_queries[$query_id]['token_attr'] = ''; // Leave empty for Auto Token generation bu phpsv
134$ldap_queries[$query_id]['language'] = '';
135$ldap_queries[$query_id]['attr1'] = '';
136$ldap_queries[$query_id]['attr2'] = '';
137
138/********** Other queries examples ********************/
139
140// This query is an example of a group search in which group members are DNs
141// The query runs in two steps:
142//   1- Look for user candidates matching the group filter part
143//   2- Then, Apply a user filter to user candidates found in step 1
144$query_id++;
145$ldap_queries[$query_id]['ldapServerId'] = 0;
146$ldap_queries[$query_id]['name'] = 'Administrator group';
147// Define a group filter (base, filter, scope)
148// Note that in AD, user groups are defined in the foloowing base:
149// CN=Users,DC=WindowsDomainName,DC=mycompany,DC=org
150$ldap_queries[$query_id]['groupbase'] = 'ou=groups,dc=mycompany,dc=org';
151$ldap_queries[$query_id]['groupfilter'] = '(&(objectClass=groupOfNames)(cn=AdministratorGroup))';
152$ldap_queries[$query_id]['groupscope'] = 'sub';
153// Define which group's attribute is used to get users' Ids
154$ldap_queries[$query_id]['groupmemberattr'] = 'member';
155// Define if the groupmemberattr contains users's DNs or NOT
156$ldap_queries[$query_id]['groupmemberisdn'] = true;
157
158// Optionnally you can complete the group query with an additionnal
159// user filter that will be applied to the user's found by the group search
160// Comment the userbase, userfilter, and userscope lines
161// if you don't use this extra filter.
162$ldap_queries[$query_id]['userbase'] = 'ou=users,dc=mycompany,dc=org';
163$ldap_queries[$query_id]['userfilter'] = '(my-fake-accountstatus-attribute=enabled)';
164$ldap_queries[$query_id]['userscope'] = 'sub';
165
166$ldap_queries[$query_id]['firstname_attr'] = 'givenname';
167$ldap_queries[$query_id]['lastname_attr'] = 'sn';
168$ldap_queries[$query_id]['email_attr'] = 'mail';
169$ldap_queries[$query_id]['token_attr'] = ''; // Leave empty for Auto Token generation bu phpsv
170$ldap_queries[$query_id]['language'] = '';
171$ldap_queries[$query_id]['attr1'] = '';
172$ldap_queries[$query_id]['attr2'] = '';
173
174
175// This query is an example of a group search in which group members are UIDs
176// an additionnal user filter is applied to a already found users
177$query_id++;
178$ldap_queries[$query_id]['ldapServerId'] = 0;
179$ldap_queries[$query_id]['name'] = 'Admins via POSIXGroups';
180$ldap_queries[$query_id]['groupbase'] = 'ou=group,dc=mycompany,dc=org';
181$ldap_queries[$query_id]['groupfilter'] = '(&(cn=admins)(objectclass=posixgroup))';
182$ldap_queries[$query_id]['groupscope'] = 'sub';
183// Define which attribute within the group entry contains users' IDs
184$ldap_queries[$query_id]['groupmemberattr'] = 'memberuid';
185// Declare that groupmemberattr contains users' IDs and not DNs
186$ldap_queries[$query_id]['groupmemberisdn'] = false;
187// Give the name of the attribute in the user entry that matches the
188// 'groupmemberattr' value
189$ldap_queries[$query_id]['useridattr'] = 'uid';
190// Give the base DN used to search the users based on the users' IDs
191$ldap_queries[$query_id]['userbase'] = 'ou=people,dc=mycompany,dc=org';
192// Optionnally give an additionnal filter to filter users
193$ldap_queries[$query_id]['userfilter'] = '(objectclass=*)';
194$ldap_queries[$query_id]['userscope'] = 'sub';
195
196$ldap_queries[$query_id]['firstname_attr'] = 'givenname';
197$ldap_queries[$query_id]['lastname_attr'] = 'sn';
198$ldap_queries[$query_id]['email_attr'] = 'mail';
199$ldap_queries[$query_id]['token_attr'] = ''; // Leave empty for Auto Token generation bu phpsv
200$ldap_queries[$query_id]['language'] = '';
201$ldap_queries[$query_id]['attr1'] = '';
202$ldap_queries[$query_id]['attr2'] = '';
203
204/********
205 $query_id++;
206 //Copy previous definition lines
207 ********/
208
209
210//DO NOT CHANGE BELOW HERE --------------------
211
212return array('ldap_server' => $ldap_server, 'ldap_queries' => $ldap_queries);
213