1 前言

LDAP无疑是企业化的利器，本章将实践如何配置LimeSurver的LDAP环境。

2 最佳实践

2.1 环境配置

本章的实践以LimeSurvey的部署就绪为前提条件，如果你尚未部署环境，请参阅以下链接部署，
https://www.cmdschool.org/archives/5120
本章所使用的LDAP为389 DS服务，如果你需要此环境，请参阅以下链接部署，
https://www.cmdschool.org/archives/5307

2.2 配置LDAP

2.2.1 开启LDAP

cp /var/www/limesurvey/application/config/config.php /var/www/limesurvey/application/config/config.php.default
vim /var/www/limesurvey/application/config/config.php

启用如下参数，

'config'=>array(
		'debug'=>0,
		'debugsql'=>0,
		'enableLdap'=>true,
	)

2.2.2 定义LDAP连接

cp /var/www/limesurvey/application/config/ldap.php /var/www/limesurvey/application/config/ldap.php.default
vim /var/www/limesurvey/application/config/ldap.php

启用如下参数，

<?php
$serverId = 0;
$ldap_server[$serverId]['server'] = "10.168.0.155";
$ldap_server[$serverId]['port'] = "389";
$ldap_server[$serverId]['protoversion'] = "ldapv3";
$ldap_server[$serverId]['encrypt'] = "none";
$ldap_server[$serverId]['referrals'] = false;
$ldap_server[$serverId]['binddn'] = "cn=directory manager";
$ldap_server[$serverId]['bindpw'] = "directory manager passsword";
$query_id = 0;
$ldap_queries[$query_id]['ldapServerId'] = 0;
$ldap_queries[$query_id]['name'] = 'All Account Of Staff';
$ldap_queries[$query_id]['userbase'] = 'ou=people,dc=cmdschool,dc=org';
$ldap_queries[$query_id]['userfilter'] = '(objectClass=inetOrgPerson)';
$ldap_queries[$query_id]['userscope'] = 'sub';
$ldap_queries[$query_id]['firstname_attr'] = 'givenname';
$ldap_queries[$query_id]['lastname_attr'] = 'sn';
$ldap_queries[$query_id]['email_attr'] = 'mail';
$ldap_queries[$query_id]['token_attr'] = ''; // Leave empty for Auto Token generation bu phpsv
$ldap_queries[$query_id]['language'] = '';
$ldap_queries[$query_id]['attr1'] = '';
$ldap_queries[$query_id]['attr2'] = '';
return array('ldap_server' => $ldap_server, 'ldap_queries' => $ldap_queries);

注：以上主要使用“userfilter”参数进行用户筛选，你可以按照如下范例测试你的表达式，

ldapsearch -x -h 10.168.0.155 -p 389 -W -b "dc=cmdschool,dc=org" "(objectClass=inetOrgPerson)"

另外，关于更加复杂的查询，请参阅如下链接，
https://www.cmdschool.org/archives/1294

2.3 测试LDAP

2.3.1 创建调查

单击【Surveys】->【Create a new survey】创建一个调查问卷（由于只用于测试LDAP，详细步骤省略）

2.3.2 测试LdAP

假设你上一个步骤创建了一个“Title”为“www.cmdschool.org”的调查问卷
单击【Surveys】->【www.cmdschool.org】->【Survey Participants】

如上图所示：
单击【Create】->【LDAP query】
窗口显示如下，

如上图所示：
单击【Upload】
窗口显示如下则成功，

参阅文档
========================

https://github.com/LimeSurvey/LimeSurvey

https://manual.limesurvey.org/Authentication_plugins#LDAP

https://manual.limesurvey.org/LDAP_settings

https://www.limesurvey.org/forum/plugins/115183-ldap-authentication-plugin-test

https://www.limesurvey.org/forum/plugins/95966-settings-for-plugin-authldap-help-me?start=0