Added LDAP configuration examples

ChangeLog

@@ -4,7 +4,7 @@ Version 1.0.28
 New features:
 
 * Added automated action to change task color based on the priority
-* Added support for LDAP Posix Groups (OpenLDAP with memberUid)
+* Added support for LDAP Posix Groups (OpenLDAP with memberUid or groupOfNames)
 * Added support for LDAP user photo attribute (Avatar image)
 * Added support for language LDAP attribute
 * Added support for Mysql SSL connection

doc/index.markdown

@@ -123,6 +123,7 @@ Technical details
 - [LDAP group synchronization](ldap-group-sync.markdown)
 - [LDAP profile picture](ldap-profile-picture.markdown)
 - [LDAP parameters](ldap-parameters.markdown)
+- [LDAP configuration examples](ldap-configuration-examples.markdown)
 - [Reverse proxy authentication](reverse-proxy-authentication.markdown)
 
 ### Contributors

doc/ldap-configuration-examples.markdown

@@ -0,0 +1,221 @@
+LDAP Configuration Examples
+===========================
+
+Microsoft Active Directory
+--------------------------
+
+- User authentication
+- Download the user profile picture from Active Directory
+- Set user language from LDAP attribute
+- Kanboard roles are mapped to Active Directory groups
+- LDAP group providers is enabled
+
+```php
+define('LDAP_AUTH', true);
+
+define('LDAP_SERVER', 'my-ldap-server');
+define('LDAP_PORT', 389);
+
+define('LDAP_BIND_TYPE', 'proxy');
+define('LDAP_USERNAME', 'administrator@kanboard.local');
+define('LDAP_PASSWORD', 'secret');
+
+define('LDAP_USER_BASE_DN', 'CN=Users,DC=kanboard,DC=local');
+define('LDAP_USER_FILTER', '(&(objectClass=user)(sAMAccountName=%s))');
+
+define('LDAP_USER_ATTRIBUTE_USERNAME', 'samaccountname');
+define('LDAP_USER_ATTRIBUTE_FULLNAME', 'displayname');
+define('LDAP_USER_ATTRIBUTE_PHOTO', 'jpegPhoto');
+define('LDAP_USER_ATTRIBUTE_LANGUAGE', 'preferredLanguage');
+
+define('LDAP_GROUP_ADMIN_DN', 'CN=Kanboard Admins,CN=Users,DC=kanboard,DC=local');
+define('LDAP_GROUP_MANAGER_DN', 'CN=Kanboard Managers,CN=Users,DC=kanboard,DC=local');
+
+define('LDAP_GROUP_PROVIDER', true);
+define('LDAP_GROUP_BASE_DN', 'CN=Users,DC=kanboard,DC=local');
+define('LDAP_GROUP_FILTER', '(&(objectClass=group)(sAMAccountName=%s*))');
+define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');
+```
+
+OpenLDAP with memberOf overlay
+------------------------------
+
+User LDIF example:
+
+```
+dn: uid=manager,ou=Users,dc=kanboard,dc=local
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+uid: manager
+sn: Lastname
+givenName: Firstname
+cn: Kanboard Manager
+displayName: Kanboard Manager
+mail: manager@kanboard.local
+userPassword: password
+memberOf: cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local
+```
+
+Group LDIF example:
+
+```
+dn: cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local
+objectClass: top
+objectClass: groupOfNames
+cn: Kanboard Managers
+member: uid=manager,ou=Users,dc=kanboard,dc=local
+```
+
+Kanboard Configuration:
+
+- User authentication
+- Kanboard roles are mapped to LDAP groups
+- LDAP group providers is enabled
+
+```php
+define('LDAP_AUTH', true);
+
+define('LDAP_SERVER', 'my-ldap-server');
+define('LDAP_PORT', 389);
+
+define('LDAP_BIND_TYPE', 'proxy');
+define('LDAP_USERNAME', 'cn=admin,DC=kanboard,DC=local');
+define('LDAP_PASSWORD', 'password');
+
+define('LDAP_USER_BASE_DN', 'OU=Users,DC=kanboard,DC=local');
+define('LDAP_USER_FILTER', 'uid=%s');
+
+define('LDAP_GROUP_ADMIN_DN', 'cn=Kanboard Admins,ou=Groups,dc=kanboard,dc=local');
+define('LDAP_GROUP_MANAGER_DN', 'cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local');
+
+define('LDAP_GROUP_PROVIDER', true);
+define('LDAP_GROUP_BASE_DN', 'ou=Groups,dc=kanboard,dc=local');
+define('LDAP_GROUP_FILTER', '(&(objectClass=groupOfNames)(cn=%s*))');
+define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');
+```
+
+OpenLDAP with Posix groups (memberUid)
+--------------------------------------
+
+User LDIF example:
+
+```
+dn: uid=manager,ou=Users,dc=kanboard,dc=local
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+uid: manager
+sn: Lastname
+givenName: Firstname
+cn: Kanboard Manager
+displayName: Kanboard Manager
+uidNumber: 10001
+gidNumber: 8000
+userPassword: password
+homeDirectory: /home/manager
+mail: manager@kanboard.local
+```
+
+Group LDIF example:
+
+```
+dn: cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local
+objectClass: posixGroup
+cn: Kanboard Managers
+gidNumber: 5001
+memberUid: manager
+```
+
+Kanboard Configuration:
+
+- User authentication
+- Kanboard roles are mapped to LDAP groups
+- LDAP group providers is enabled
+
+```php
+define('LDAP_AUTH', true);
+
+define('LDAP_SERVER', 'my-ldap-server');
+define('LDAP_PORT', 389);
+
+define('LDAP_BIND_TYPE', 'proxy');
+define('LDAP_USERNAME', 'cn=admin,DC=kanboard,DC=local');
+define('LDAP_PASSWORD', 'password');
+
+define('LDAP_USER_BASE_DN', 'OU=Users,DC=kanboard,DC=local');
+define('LDAP_USER_FILTER', 'uid=%s');
+
+define('LDAP_GROUP_ADMIN_DN', 'cn=Kanboard Admins,ou=Groups,dc=kanboard,dc=local');
+define('LDAP_GROUP_MANAGER_DN', 'cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local');
+
+// This filter is used to find the groups of our user
+define('LDAP_GROUP_USER_FILTER', '(&(objectClass=posixGroup)(memberUid=%s))');
+
+define('LDAP_GROUP_PROVIDER', true);
+define('LDAP_GROUP_BASE_DN', 'ou=Groups,dc=kanboard,dc=local');
+define('LDAP_GROUP_FILTER', '(&(objectClass=posixGroup)(cn=%s*))');
+define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');
+```
+
+OpenLDAP with groupOfNames
+--------------------------
+
+User LDIF example:
+
+```
+dn: uid=manager,ou=Users,dc=kanboard,dc=local
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+uid: manager
+sn: Lastname
+givenName: Firstname
+cn: Kanboard Manager
+displayName: Kanboard Manager
+mail: manager@kanboard.local
+userPassword: password
+```
+
+Group LDIF example:
+
+```
+dn: cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local
+objectClass: top
+objectClass: groupOfNames
+cn: Kanboard Managers
+member: uid=manager,ou=Users,dc=kanboard,dc=local
+```
+
+Kanboard Configuration:
+
+- User authentication
+- Kanboard roles are mapped to LDAP groups
+- LDAP group providers is enabled
+
+```php
+define('LDAP_AUTH', true);
+
+define('LDAP_SERVER', 'my-ldap-server');
+define('LDAP_PORT', 389);
+
+define('LDAP_BIND_TYPE', 'proxy');
+define('LDAP_USERNAME', 'cn=admin,DC=kanboard,DC=local');
+define('LDAP_PASSWORD', 'password');
+
+define('LDAP_USER_BASE_DN', 'OU=Users,DC=kanboard,DC=local');
+define('LDAP_USER_FILTER', 'uid=%s');
+
+define('LDAP_GROUP_ADMIN_DN', 'cn=Kanboard Admins,ou=Groups,dc=kanboard,dc=local');
+define('LDAP_GROUP_MANAGER_DN', 'cn=Kanboard Managers,ou=Groups,dc=kanboard,dc=local');
+
+// This filter is used to find the groups of our user
+define('LDAP_GROUP_USER_FILTER', '(&(objectClass=groupOfNames)(member=uid=%s,ou=Users,dc=kanboard,dc=local))');
+
+define('LDAP_GROUP_PROVIDER', true);
+define('LDAP_GROUP_BASE_DN', 'ou=Groups,dc=kanboard,dc=local');
+define('LDAP_GROUP_FILTER', '(&(objectClass=groupOfNames)(cn=%s*))');
+define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');
+```