如何配置LimeSurvey的LDAP?

Linux基础

1 前言

LDAP无疑是企业化的利器,本章将实践如何配置LimeSurver的LDAP环境。

2 最佳实践

2.1 环境配置

本章的实践以LimeSurvey的部署就绪为前提条件,如果你尚未部署环境,请参阅以下链接部署,
https://www.cmdschool.org/archives/5120
本章所使用的LDAP为389 DS服务,如果你需要此环境,请参阅以下链接部署,
https://www.cmdschool.org/archives/5307

2.2 配置LDAP

2.2.1 开启LDAP

cp /var/www/limesurvey/application/config/config.php /var/www/limesurvey/application/config/config.php.default
vim /var/www/limesurvey/application/config/config.php

启用如下参数,

'config'=>array(
		'debug'=>0,
		'debugsql'=>0,
		'enableLdap'=>true,
	)

2.2.2 定义LDAP连接

cp /var/www/limesurvey/application/config/ldap.php /var/www/limesurvey/application/config/ldap.php.default
vim /var/www/limesurvey/application/config/ldap.php

启用如下参数,

<?php
$serverId = 0;
$ldap_server[$serverId]['server'] = "10.168.0.155";
$ldap_server[$serverId]['port'] = "389";
$ldap_server[$serverId]['protoversion'] = "ldapv3";
$ldap_server[$serverId]['encrypt'] = "none";
$ldap_server[$serverId]['referrals'] = false;
$ldap_server[$serverId]['binddn'] = "cn=directory manager";
$ldap_server[$serverId]['bindpw'] = "directory manager passsword";
$query_id = 0;
$ldap_queries[$query_id]['ldapServerId'] = 0;
$ldap_queries[$query_id]['name'] = 'All Account Of Staff';
$ldap_queries[$query_id]['userbase'] = 'ou=people,dc=cmdschool,dc=org';
$ldap_queries[$query_id]['userfilter'] = '(objectClass=inetOrgPerson)';
$ldap_queries[$query_id]['userscope'] = 'sub';
$ldap_queries[$query_id]['firstname_attr'] = 'givenname';
$ldap_queries[$query_id]['lastname_attr'] = 'sn';
$ldap_queries[$query_id]['email_attr'] = 'mail';
$ldap_queries[$query_id]['token_attr'] = ''; // Leave empty for Auto Token generation bu phpsv
$ldap_queries[$query_id]['language'] = '';
$ldap_queries[$query_id]['attr1'] = '';
$ldap_queries[$query_id]['attr2'] = '';
return array('ldap_server' => $ldap_server, 'ldap_queries' => $ldap_queries);

注:以上主要使用“userfilter”参数进行用户筛选,你可以按照如下范例测试你的表达式,

ldapsearch -x -h 10.168.0.155 -p 389 -W -b "dc=cmdschool,dc=org" "(objectClass=inetOrgPerson)"

另外,关于更加复杂的查询,请参阅如下链接,
https://www.cmdschool.org/archives/1294

2.3 测试LDAP

2.3.1 创建调查

单击【Surveys】->【Create a new survey】创建一个调查问卷(由于只用于测试LDAP,详细步骤省略)

2.3.2 测试LdAP

假设你上一个步骤创建了一个“Title”为“www.cmdschool.org”的调查问卷
单击【Surveys】->【www.cmdschool.org】->【Survey Participants】

如上图所示:
单击【Create】->【LDAP query】
窗口显示如下,

如上图所示:
单击【Upload】
窗口显示如下则成功,

参阅文档
========================

https://github.com/LimeSurvey/LimeSurvey

https://manual.limesurvey.org/Authentication_plugins#LDAP

https://manual.limesurvey.org/LDAP_settings

https://www.limesurvey.org/forum/plugins/115183-ldap-authentication-plugin-test

https://www.limesurvey.org/forum/plugins/95966-settings-for-plugin-authldap-help-me?start=0

没有评论

发表评论

Linux基础
如何二进制部署Metabase?

1 基础知识 1.1 Metabase的简介 – Metabase是一款简单、开源商业智 …

Linux基础
如何熟悉跨站点攻击CSRF?

1 CSRF的概念 – CSRF是英文“Cross-site request forge …

Linux基础
如何安装配置Oracle客户端?

1 前言 一个问题,一篇文章,一出故事。 笔者生产环境有一台服务器需要连接Oracle数据库,于是整 …