yourls-ldap-auth/README.md

yourls-ldap-plugin
==================

This plugin for [YOURLS](https://github.com/YOURLS/YOURLS) enables the simple use of [LDAP](http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol) for user authentication. 

Installation
------------
1. Download the latest yourls-ldap-plugin.
1. Copy the plugin folder into your user/plugins folder for YOURLS.
1. Set up the parameters for yourls-ldap-plugin in YOURLS configuration user/config.php (see below).
1. Activate the plugin with the plugin manager in the admin interface.

Usage
-----
When yourls-cas-plugin is enabled and user was not successfuly authenticated using data specified in yourls_user_passwords, an LDAP authentication attempt will be made. If LDAP authentication is successful, then you will immediately go to the admin interface.

You can also set a privileged account to search the LDAP directory with. This is useful for directories that don't allow anonymous binding.

Setting the groups settings will check the user is a member of that group before logging them in and storing their credentials. This check is only performed the first time they auth or when their password changes.

Configuration
-------------

  * define( 'LDAPAUTH_HOST', 'ldaps://ldap.domain.com' ) // LDAP host name, IP or URL. You can use ldaps://host for LDAP with TLS
  * define( 'LDAPAUTH_PORT', '636' ) // LDAP server port - often 389 or 636 for TLS (LDAPS)
  * define( 'LDAPAUTH_BASE', 'dc=domain,dc=com' ) // Base DN (location of users)
  * define( 'LDAPAUTH_USERNAME_FIELD', 'uid') // (optional) LDAP field name in which username is store

To use a privileged account for the user search:
  * define( 'LDAPAUTH_SEARCH_USER', 'cn=your-user,dc=domain,dc=com' ) // (optional) Privileged user to search with
  * define( 'LDAPAUTH_SEARCH_PASS', 'the-pass') // (optional) (only if LDAPAUTH_SEARCH_USER set) Privileged user pass

To check group membership before authenticating:
  * define( 'LDAPAUTH_GROUP_ATTR', 'memberof' ) // (optional) LDAP groups attr
  * define( 'LDAPAUTH_GROUP_REQ', 'the-group') // (only if LDAPAUTH_GROUP_REQ set) Group user must be in

To automatically add LDAP users to config.php:
  * define( 'LDAPAUTH_ADD_NEW', true ) // (optional) Add LDAP users to config.php
NOTE: This will require config.php to be writable by your webserver user
 
Troubleshooting
---------------
  * Check PHP error log usually at `/var/log/php.log`
  * Check your webserver logs
  * You can try modifying plugin code to print some more debug info

License
-------
Copyright 2013 K3A, #1davoaust <BR>
Copyright 2013 Nicholas Waller (code@nicwaller.com) as I used some parts of his CAS authentication plugin :)

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
Initial commit 2013-08-25 16:14:29 +02:00			`yourls-ldap-plugin`
			`==================`

added stuff 2013-08-25 16:15:26 +02:00			`This plugin for [YOURLS](https://github.com/YOURLS/YOURLS) enables the simple use of [LDAP](http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol) for user authentication.`

			`Installation`
			`------------`
			`1. Download the latest yourls-ldap-plugin.`
			`1. Copy the plugin folder into your user/plugins folder for YOURLS.`
prefix 2013-08-25 20:00:04 +02:00			`1. Set up the parameters for yourls-ldap-plugin in YOURLS configuration user/config.php (see below).`
added stuff 2013-08-25 16:15:26 +02:00			`1. Activate the plugin with the plugin manager in the admin interface.`

			`Usage`
			`-----`
doc update 2013-08-25 16:16:59 +02:00			`When yourls-cas-plugin is enabled and user was not successfuly authenticated using data specified in yourls_user_passwords, an LDAP authentication attempt will be made. If LDAP authentication is successful, then you will immediately go to the admin interface.`
added stuff 2013-08-25 16:15:26 +02:00
Updating with privileged account and group settings Added information for connection to LDAP with a privileged account. Added information for authenticating users against a group. 2015-05-18 07:20:41 +02:00			`You can also set a privileged account to search the LDAP directory with. This is useful for directories that don't allow anonymous binding.`

			`Setting the groups settings will check the user is a member of that group before logging them in and storing their credentials. This check is only performed the first time they auth or when their password changes.`

added stuff 2013-08-25 16:15:26 +02:00			`Configuration`
			`-------------`
prefix 2013-08-25 20:00:04 +02:00
Added config option to add new users 2015-05-19 03:41:19 +02:00			`* define( 'LDAPAUTH_HOST', 'ldaps://ldap.domain.com' ) // LDAP host name, IP or URL. You can use ldaps://host for LDAP with TLS`
			`* define( 'LDAPAUTH_PORT', '636' ) // LDAP server port - often 389 or 636 for TLS (LDAPS)`
			`* define( 'LDAPAUTH_BASE', 'dc=domain,dc=com' ) // Base DN (location of users)`
			`* define( 'LDAPAUTH_USERNAME_FIELD', 'uid') // (optional) LDAP field name in which username is store`
added stuff 2013-08-25 16:15:26 +02:00
Updating with privileged account and group settings Added information for connection to LDAP with a privileged account. Added information for authenticating users against a group. 2015-05-18 07:20:41 +02:00			`To use a privileged account for the user search:`
			`* define( 'LDAPAUTH_SEARCH_USER', 'cn=your-user,dc=domain,dc=com' ) // (optional) Privileged user to search with`
			`* define( 'LDAPAUTH_SEARCH_PASS', 'the-pass') // (optional) (only if LDAPAUTH_SEARCH_USER set) Privileged user pass`

			`To check group membership before authenticating:`
			`* define( 'LDAPAUTH_GROUP_ATTR', 'memberof' ) // (optional) LDAP groups attr`
			`* define( 'LDAPAUTH_GROUP_REQ', 'the-group') // (only if LDAPAUTH_GROUP_REQ set) Group user must be in`
Added config option to add new users 2015-05-19 03:41:19 +02:00
			`To automatically add LDAP users to config.php:`
			`* define( 'LDAPAUTH_ADD_NEW', true ) // (optional) Add LDAP users to config.php`
			`NOTE: This will require config.php to be writable by your webserver user`
Updating with privileged account and group settings Added information for connection to LDAP with a privileged account. Added information for authenticating users against a group. 2015-05-18 07:20:41 +02:00
added stuff 2013-08-25 16:15:26 +02:00			`Troubleshooting`
			`---------------`
			* Check PHP error log usually at `/var/log/php.log`
			`* Check your webserver logs`
			`* You can try modifying plugin code to print some more debug info`

			`License`
			`-------`
Update README.md mentioned #1davoaust 2015-05-19 18:23:35 +02:00			`Copyright 2013 K3A, #1davoaust <BR>`
added stuff 2013-08-25 16:15:26 +02:00			`Copyright 2013 Nicholas Waller (code@nicwaller.com) as I used some parts of his CAS authentication plugin :)`

			`This program is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation, either version 3 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program. If not, see <http://www.gnu.org/licenses/>.`