vTiger CRM 6 + LDAP身份验证

Question

我利用了最后的日子，但我无法找到一个真正有用的教程来将LDAP身份验证集成到vTiger CRM 6（在Linux CentOS 6.5发行版上运行）。

任何一个经验丰富的人或可能会分享一些有用的手册的人？

Answer 1

创建目录到你的CRM目标：

在/ var/www/html等/ CRM /模块/用户/使用authTypes/

然后，从下载LDAP文件：

http://downloads.sourceforge.net/project/adldap/adLDAP/adLDAP_4.0.4/adLDAP_4.0

只需打开并自定义您的需求设置。以下设置与2012R2 Active Directory所需的设置相匹配。

... 
class adLDAP { 

    /** 
    * Define the different types of account in AD 
    */ 
    const ADLDAP_NORMAL_ACCOUNT = 805306368; 
    const ADLDAP_WORKSTATION_TRUST = 805306369; 
    const ADLDAP_INTERDOMAIN_TRUST = 805306370; 
    const ADLDAP_SECURITY_GLOBAL_GROUP = 268435456; 
    const ADLDAP_DISTRIBUTION_GROUP = 268435457; 
    const ADLDAP_SECURITY_LOCAL_GROUP = 536870912; 
    const ADLDAP_DISTRIBUTION_LOCAL_GROUP = 536870913; 
    const ADLDAP_FOLDER = 'OU'; 
    const ADLDAP_CONTAINER = 'CN'; 

    /** 
    * The default port for LDAP non-SSL connections 
    */ 
    const ADLDAP_LDAP_PORT = '389'; 
    /** 
    * The default port for LDAPS SSL connections 
    */ 
    const ADLDAP_LDAPS_PORT = '636'; 

    /** 
    * The account suffix for your domain, can be set when the class is invoked 
    * 
    * @var string 
    */ 
     protected $accountSuffix = "@cortoso.com"; 

    /** 
    * The base dn for your domain 
    * 
    * If this is set to null then adLDAP will attempt to obtain this automatically from the rootDSE 
    * 
    * @var string 
    */ 
     protected $baseDn = ""; 

    /** 
    * Port used to talk to the domain controllers. 
    * 
    * @var int 
    */ 
    protected $adPort = self::ADLDAP_LDAP_PORT; 
    /** 
    * Array of domain controllers. Specifiy multiple controllers if you 
    * would like the class to balance the LDAP queries amongst multiple servers 
    * 
    * @var array 
    */ 
    protected $domainControllers = array("dc01.cortoso.com", "dc02.cortoso.com"); 

    /** 
    * Optional account with higher privileges for searching 
    * This should be set to a domain admin account 
    * 
    * @var string 
    * @var string 
    */ 
    protected $adminUsername = "ldap-binduser"; 
    protected $adminPassword = "super-password"; 

    /** 
    * AD does not return the primary group. http://support.microsoft.com/?kbid=321360 
    * This tweak will resolve the real primary group. 
    * Setting to false will fudge "Domain Users" and is much faster. Keep in mind though that if 
    * someone's primary group is NOT domain users, this is obviously going to mess up the results 
    * 
    * @var bool 
    */ 
     protected $realPrimaryGroup = false; 

    /** 
    * Use SSL (LDAPS), your server needs to be setup, please see 
    * http://adldap.sourceforge.net/wiki/doku.php?id=ldap_over_ssl 
    * 
    * @var bool 
    */ 
     protected $useSSL = false; 

    /** 
    * Use TLS 
    * If you wish to use TLS you should ensure that $useSSL is set to false and vice-versa 
    * 
    * @var bool 
    */ 
    protected $useTLS = true; 

    /** 
    * Use SSO 
    * To indicate to adLDAP to reuse password set by the brower through NTLM or Kerberos 
    * 
    * @var bool 
    */ 
    protected $useSSO = false; 

    /** 
    * When querying group memberships, do it recursively 
    * eg. User Fred is a member of Group A, which is a member of Group B, which is a member of Group C 
    * user_ingroup("Fred","C") will returns true with this option turned on, false if turned off 
    * 
    * @var bool 
    */ 
     protected $recursiveGroups = true; 

    ... 
?> 

为了能够测试adLDAP，这是很容易写一个PHP小sniplet不是直接与vtigerCRM的做这件事。只需在adLDAP.php所在的同一目录下创建一个小型adldap_test.php文件，内容如下：

<?php 

require_once(dirname(FILE) . '/adLDAP.php'); 

try { 
    $adldap = new adLDAP(); 
} 

catch (adLDAPException $e) { 
    echo $e; 
    exit(); 
} 
$authUser = $adldap->authenticate('user-to-authenticate', 'users-password'); 
if ($authUser == true) { 
    echo "User authenticated successfully"; 
} 
else { 
    // getLastError is not needed, but may be helpful for finding out why: 
    echo "\n"; 
    echo $adldap->getLastError(); 
    echo "\n"; 

    echo "User authentication unsuccessful"; 
} 

echo "\n"; 
$result=$adldap->user()->infoCollection('ldap', array("*")); 
echo "User:\n"; 
echo $result->displayName; 
echo "Mail:\n"; 
echo $result->mail; 

?>