| This manual is deprecated. Please visit https://groupoffice.readthedocs.io for the latest documentation. |
Difference between revisions of "IMAP or LDAP authentication"
| Line 1: | Line 1: | ||
| + | It's easy to implement other authentication plugins. Read more about it here: http://www.group-office.com/wiki/Event_handling | ||
| + | |||
| + | ==LDAP authentication== | ||
| + | Group-Office 3.01-stable-29 and up can use an LDAP server for authentication. It can also be used in conjunction with the imapauth module so it can automatically create an e-mail account for the user. | ||
| + | |||
| + | To setup LDAP authentication you need to install the "ldapauth" module and add the following configuration parameters to the config.php file: | ||
| + | |||
| + | <pre> | ||
| + | $config['ldap_host']='localhost'; | ||
| + | $config['ldap_user']='admin'; | ||
| + | $config['ldap_pass']='admin'; | ||
| + | $config['ldap_basedn']='dc=intermeshdev,dc=nl'; | ||
| + | $config['ldap_peopledn']='ou=People,dc=intermeshdev,dc=nl'; | ||
| + | $config['ldap_groupsdn']='ou=Groups,dc=intermeshdev,dc=nl'; | ||
| + | </pre> | ||
| + | |||
| + | Group-Office will use the following mapping (Only uid, givenname, sn and mail are required at the LDAP server): | ||
| + | |||
| + | <pre> | ||
| + | 'username' => 'uid' | ||
| + | 'first_name' => 'givenname' | ||
| + | 'middle_name' => 'middlename' | ||
| + | 'last_name' => 'sn' | ||
| + | 'initials' => 'initials' | ||
| + | 'title' => 'title' | ||
| + | 'sex' => 'gender' | ||
| + | 'birthday' => 'birthday' | ||
| + | 'email' => 'mail' | ||
| + | 'company' => 'o' | ||
| + | 'department' => 'ou' | ||
| + | 'function' => 'businessrole' | ||
| + | 'home_phone' => 'homephone' | ||
| + | 'work_phone' => 'telephonenumber' | ||
| + | 'fax' => 'homefacsimiletelephonenumber' | ||
| + | 'cellular' => 'mobile' | ||
| + | 'country' => 'homecountryname' | ||
| + | 'state' => 'homestate' | ||
| + | 'city' => 'homelocalityname' | ||
| + | 'zip' => 'homepostalcode' | ||
| + | 'address' => 'homepostaladdress' | ||
| + | 'homepage' => 'homeurl' | ||
| + | 'work_address'=> 'postaladdress' | ||
| + | 'work_zip' => 'postalcode' | ||
| + | 'work_country'=> 'c' | ||
| + | 'work_state' => 'st' | ||
| + | 'work_city' => 'l' | ||
| + | 'work_fax' => 'facsimiletelephonenumber' | ||
| + | 'currency' => 'gocurrency' | ||
| + | 'max_rows_list' => 'gomaxrowslist' | ||
| + | 'timezone' => 'gotimezone' | ||
| + | 'start_module'=> 'gostartmodule' | ||
| + | 'theme' => 'gotheme' | ||
| + | 'language' => 'golanguage' | ||
| + | </pre> | ||
| + | |||
| + | |||
| + | If this works you can configure the imapauth module as described below. It's not necessary to install the imapauth module but it is necessary to create the imapauth.config.inc.php file to autocreate e-mail accounts. | ||
| + | |||
| + | For the ldapauth module there is one extra parameter called "ldap_use_email_as_imap_username". Set it to true if you want to use the e-mail address to use as username for the imap server instead of the username. | ||
| + | |||
| + | |||
==IMAP authentication== | ==IMAP authentication== | ||
| − | Group-Office supports IMAP This means it will check an IMAP server for a valid account and will add/update the corresponding Group-Office account. To set this up you must install the "imapauth | + | Group-Office supports IMAP This means it will check an IMAP server for a valid account and will add/update the corresponding Group-Office account. To set this up you must install the "imapauth" module and rename "imapauth.config.php.example" to "imapauth.config.php" and put that file in the same directory as where your config.php file is. |
When a user logs in it must login with the full e-mail address. When Group-Office finds a configuration it will attempt IMAP authentication. If it fails it will fall back on Group-Office authentication. | When a user logs in it must login with the full e-mail address. When Group-Office finds a configuration it will attempt IMAP authentication. If it fails it will fall back on Group-Office authentication. | ||
| − | Then you must edit the values in the file. Below a list of parameters. | + | Then you must edit the values in the file. Below is a list of parameters. |
| − | + | ||
| − | + | ||
==Parameters== | ==Parameters== | ||
| Line 89: | Line 148: | ||
Grant new users administrator permissions to these modules. | Grant new users administrator permissions to these modules. | ||
| + | |||
| + | <b>ldap_use_email_as_imap_username</b> | ||
| + | |||
| + | Used in conjunction with "ldapauth" only. Set it to true if you want to use the e-mail address to use as username for the imap server instead of the username. | ||
Revision as of 16:00, 14 April 2009
It's easy to implement other authentication plugins. Read more about it here: http://www.group-office.com/wiki/Event_handling
LDAP authentication
Group-Office 3.01-stable-29 and up can use an LDAP server for authentication. It can also be used in conjunction with the imapauth module so it can automatically create an e-mail account for the user.
To setup LDAP authentication you need to install the "ldapauth" module and add the following configuration parameters to the config.php file:
$config['ldap_host']='localhost'; $config['ldap_user']='admin'; $config['ldap_pass']='admin'; $config['ldap_basedn']='dc=intermeshdev,dc=nl'; $config['ldap_peopledn']='ou=People,dc=intermeshdev,dc=nl'; $config['ldap_groupsdn']='ou=Groups,dc=intermeshdev,dc=nl';
Group-Office will use the following mapping (Only uid, givenname, sn and mail are required at the LDAP server):
'username' => 'uid' 'first_name' => 'givenname' 'middle_name' => 'middlename' 'last_name' => 'sn' 'initials' => 'initials' 'title' => 'title' 'sex' => 'gender' 'birthday' => 'birthday' 'email' => 'mail' 'company' => 'o' 'department' => 'ou' 'function' => 'businessrole' 'home_phone' => 'homephone' 'work_phone' => 'telephonenumber' 'fax' => 'homefacsimiletelephonenumber' 'cellular' => 'mobile' 'country' => 'homecountryname' 'state' => 'homestate' 'city' => 'homelocalityname' 'zip' => 'homepostalcode' 'address' => 'homepostaladdress' 'homepage' => 'homeurl' 'work_address'=> 'postaladdress' 'work_zip' => 'postalcode' 'work_country'=> 'c' 'work_state' => 'st' 'work_city' => 'l' 'work_fax' => 'facsimiletelephonenumber' 'currency' => 'gocurrency' 'max_rows_list' => 'gomaxrowslist' 'timezone' => 'gotimezone' 'start_module'=> 'gostartmodule' 'theme' => 'gotheme' 'language' => 'golanguage'
If this works you can configure the imapauth module as described below. It's not necessary to install the imapauth module but it is necessary to create the imapauth.config.inc.php file to autocreate e-mail accounts.
For the ldapauth module there is one extra parameter called "ldap_use_email_as_imap_username". Set it to true if you want to use the e-mail address to use as username for the imap server instead of the username.
IMAP authentication
Group-Office supports IMAP This means it will check an IMAP server for a valid account and will add/update the corresponding Group-Office account. To set this up you must install the "imapauth" module and rename "imapauth.config.php.example" to "imapauth.config.php" and put that file in the same directory as where your config.php file is.
When a user logs in it must login with the full e-mail address. When Group-Office finds a configuration it will attempt IMAP authentication. If it fails it will fall back on Group-Office authentication.
Then you must edit the values in the file. Below is a list of parameters.
Parameters
proto
The protocol. Can be IMAP or POP-3. IMAP is highly recommended. POP-3 is slow and doesn't offer the use of multiple e-mail folders.
domains
The domains this mail server configuration is valid for. It can be a comma separated list of domains (eg. "intermesh.nl,group-office.com"). You can also use * to match all domains.
host
The hostname of the machine where the mailserver runs.
port
The port. For IMAP usually 143 and for POP-3 usually 110.
ssl
SSL mode on or off
novalidate_cert
Validate the SSL certificate yes or no. with some mailservers you must enable this feature always even if you don't use SSL.
mbroot
The mailbox root. In most cases you can leave this value empty. It could be that you must enter “INBOX” or “mail” here.
smtp_host
The SMTP host to configure for new accounts
smtp_port
The SMTP port to configure for new accounts
smtp_encryption
Empty, tls or ssl
smtp_username
The username for SMTP authentication
smtp_password
The password for SMTP authentication
remove_domain_from_username
Enable this option if you want to remove the domain to the e-mail address. When you enable a user with e-mail john@example.com will login with "john@example.com" but GO will send "john" to the IMAP server.
create_email_account
If you want to create an e-mail account in Group-Office automatically when a user logs in the first time enable this option.
groups
Add the new users to these user groups automatically.
visible_groups
Make new users automatically visible to these user groups.
modules_read
Grant new users read permissions to these modules.
modules_write
Grant new users administrator permissions to these modules.
ldap_use_email_as_imap_username
Used in conjunction with "ldapauth" only. Set it to true if you want to use the e-mail address to use as username for the imap server instead of the username.
