Created
April 2, 2014 08:00
-
-
Save dangtrinhnt/9929825 to your computer and use it in GitHub Desktop.
simplesamlphp authsources.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $config = array( | |
| // This is a authentication source which handles admin authentication. | |
| 'admin' => array( | |
| // The default is to use core:AdminPassword, but it can be replaced with | |
| // any authentication source. | |
| 'core:AdminPassword', | |
| ), | |
| 'my-ldap' => array( | |
| 'ldap:LDAP', | |
| 'remember.username.enabled' => TRUE, | |
| 'remember.username.checked' => FALSE, | |
| // Active Directory or LDAP server IPs/addresses | |
| 'hostname' => '192.168.5.2 192.168.6.2 192.168.7.2', | |
| 'enable_tls' => TRUE, | |
| 'debug' => TRUE, | |
| 'timeout' => 45, | |
| // Set whether to follow referrals. AD Controllers may require FALSE to function. | |
| 'referrals' => FALSE, | |
| // Which attributes should be retrieved from the LDAP server. | |
| // This can be an array of attribute names, or NULL, in which case | |
| // all attributes are fetched. | |
| 'attributes' => NULL, | |
| // The pattern which should be used to create the users DN given the username. | |
| // %username% in this pattern will be replaced with the users username. | |
| // | |
| // This option is not used if the search.enable option is set to TRUE. | |
| 'dnpattern' => 'uid=%username%,dc=mydomain,dc=com', | |
| // As an alternative to specifying a pattern for the users DN, it is possible to | |
| // search for the username in a set of attributes. This is enabled by this option. | |
| 'search.enable' => TRUE, | |
| // The DN which will be used as a base for the search. | |
| // This can be a single string, in which case only that DN is searched, or an | |
| // array of strings, in which case they will be searched in the order given. | |
| 'search.base' => 'dc=mydomain,dc=com', | |
| // The attribute(s) the username should match against. | |
| // | |
| // This is an array with one or more attribute names. Any of the attributes in | |
| // the array may match the value the username. | |
| 'search.attributes' => array('sAMAccountName'), | |
| // The username & password the simpleSAMLphp should bind to before searching. If | |
| // this is left as NULL, no bind will be performed before searching. | |
| 'search.username' => 'myUsernam3@mydomain.com', | |
| 'search.password' => 'myP@ssw0rd', | |
| // If the directory uses privilege separation, | |
| // the authenticated user may not be able to retrieve | |
| // all required attribures, a privileged entity is required | |
| // to get them. This is enabled with this option. | |
| 'priv.read' => FALSE, | |
| // The DN & password the simpleSAMLphp should bind to before | |
| // retrieving attributes. These options are required if | |
| // 'priv.read' is set to TRUE. | |
| 'priv.username' => NULL, | |
| 'priv.password' => NULL, | |
| ), | |
| ); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment