Authentication plugins: Difference between revisions
From LimeSurvey Manual
No edit summary |
DenisChenu (talk | contribs) m (→Example settings AD2008 & 2.05+: example.intra are better than domain.com) |
||
| Line 29: | Line 29: | ||
=== Authentication with LDAP and ''userPrincipalName'' attribute === | === Authentication with LDAP and ''userPrincipalName'' attribute === | ||
'''Note''': Authentication with ''userPrincipalName'' attribute (ie: firstname.lastname@ | '''Note''': Authentication with ''userPrincipalName'' attribute (ie: firstname.lastname@example.intra). Create a LimeSurvey user with the same name as a AD(active directory) user account : | ||
''Username'': '''firstname.lastname@ | ''Username'': '''firstname.lastname@example.intra''' | ||
''Email'': '''firstname.lastname@ | ''Email'': '''firstname.lastname@example.intra''' | ||
''Full name'': '''Firstname LASTNAME''' | ''Full name'': '''Firstname LASTNAME''' | ||
| Line 39: | Line 39: | ||
Then configure the plugin : ''Plugin Manager > LDAP > Configure''. | Then configure the plugin : ''Plugin Manager > LDAP > Configure''. | ||
''Ldap server e.g. ldap://ldap. | ''Ldap server e.g. ldap://ldap.example.intra'': '''ldap://ldap.example.intra''' | ||
''Port number (default when omitted is 389)'': '''389''' | ''Port number (default when omitted is 389)'': '''389''' | ||
| Line 47: | Line 47: | ||
''Username prefix cn= or uid=: cn='': '''empty''' | ''Username prefix cn= or uid=: cn='': '''empty''' | ||
''Username suffix e.g. @ | ''Username suffix e.g. @example.intra or remaining part of ldap query'': '''empty''' | ||
Log in using the AD credentials (username: '''firstname.lastname@ | Log in using the AD credentials (username: '''firstname.lastname@example.intra''' and password). | ||
=== Authentication with LDAP and ''sAMaccountName'' attribute === | === Authentication with LDAP and ''sAMaccountName'' attribute === | ||
| Line 57: | Line 57: | ||
''Username'': '''firstname.lastname''' | ''Username'': '''firstname.lastname''' | ||
''Email'': '''firstname.lastname@ | ''Email'': '''firstname.lastname@example.intra''' | ||
''Full name'': '''Firstname LASTNAME''' | ''Full name'': '''Firstname LASTNAME''' | ||
| Line 63: | Line 63: | ||
Then configure the plugin : ''Plugin Manager > LDAP > Configure''. | Then configure the plugin : ''Plugin Manager > LDAP > Configure''. | ||
''Ldap server e.g. ldap://ldap. | ''Ldap server e.g. ldap://ldap.example.com'': '''ldap://ldap.example.intra''' | ||
''Port number (default when omitted is 389)'': '''389''' | ''Port number (default when omitted is 389)'': '''389''' | ||
| Line 71: | Line 71: | ||
''Username prefix cn= or uid=: cn='': '''empty''' | ''Username prefix cn= or uid=: cn='': '''empty''' | ||
''Username suffix e.g. @ | ''Username suffix e.g. @example.com or remaining part of ldap query'': '''@example.intra''' | ||
Log in using the AD credentials (username: '''firstname.lastname''' and password). | Log in using the AD credentials (username: '''firstname.lastname''' and password). | ||
| Line 81: | Line 81: | ||
''Username'': '''firstname.lastname''' | ''Username'': '''firstname.lastname''' | ||
''Email'': '''firstname.lastname@ | ''Email'': '''firstname.lastname@example.intra''' | ||
''Full name'': '''Firstname LASTNAME''' | ''Full name'': '''Firstname LASTNAME''' | ||
| Line 87: | Line 87: | ||
Then configure the plugin : ''Plugin Manager > LDAP > Configure''. | Then configure the plugin : ''Plugin Manager > LDAP > Configure''. | ||
''Ldap server e.g. ldap://ldap. | ''Ldap server e.g. ldap://ldap.example.com'': '''ldaps://ldap.example.intra''' | ||
''Port number (default when omitted is 389)'': '''636''' | ''Port number (default when omitted is 389)'': '''636''' | ||
| Line 95: | Line 95: | ||
''Username prefix cn= or uid=: cn='': '''empty''' | ''Username prefix cn= or uid=: cn='': '''empty''' | ||
''Username suffix e.g. @ | ''Username suffix e.g. @example.intra or remaining part of ldap query'': '''@example.intra''' | ||
Log in using the AD credentials (username: '''firstname.lastname''' and password). | Log in using the AD credentials (username: '''firstname.lastname''' and password). | ||
Revision as of 09:34, 11 January 2017
This is an overview of the authentication plugins currently shipped with LimeSurvey. If you want to extend or develop your own authentication plugin, please see Authentication_plugin development
Internal database
This plugin is the default and can not be disabled. It uses the built in LimeSurvey database. It is a fall-back mechanism to that you can always login to the installation when needed.
LDAP
By activating this plugin you can perform basic authentication against an LDAP server. Make sure your PHP configuration has LDAP support enabled.
Enabling and configuring settings for plugin AuthLDAP v2.05+
Enable LDAP in PHP.INI. Verify that phpinfo.php shows that LDAP is enabled. Go to LimeSurvey Plugin Manager. Configure LDAP plugin.
Example settings
Ldap server e.g. ldap://ldap.mydomain.com: ldap://ldap.mydomain.com Port number (default when omitted is 389): LDAP version (LDAPv2 = 2), e.g. 3: 3 Username prefix cn= or uid=: cn= Username suffix e.g. @mydomain.com or remaining part of ldap query: ,OU=people,DC=mydomain,DC=com Create a LimeSurvey administrator with the same name as a AD(active directory) user account. Log in using the AD credentials(username and password).
Example settings AD2008 & 2.05+
Settings working with Active Directory 2008 and 2.05+ (build 140520) with AuthLDAP plugin .
Authentication with LDAP and userPrincipalName attribute
Note: Authentication with userPrincipalName attribute (ie: firstname.lastname@example.intra). Create a LimeSurvey user with the same name as a AD(active directory) user account :
Username: firstname.lastname@example.intra
Email: firstname.lastname@example.intra
Full name: Firstname LASTNAME
Then configure the plugin : Plugin Manager > LDAP > Configure.
Ldap server e.g. ldap://ldap.example.intra: ldap://ldap.example.intra
Port number (default when omitted is 389): 389
LDAP version (LDAPv2 = 2), e.g. 3: LDAPv3
Username prefix cn= or uid=: cn=: empty
Username suffix e.g. @example.intra or remaining part of ldap query: empty
Log in using the AD credentials (username: firstname.lastname@example.intra and password).
Authentication with LDAP and sAMaccountName attribute
Note: Authentication with sAMaccountName attribute (ie: firstname.lastname). Create a LimeSurvey user with the same name as a AD(active directory) user account :
Username: firstname.lastname
Email: firstname.lastname@example.intra
Full name: Firstname LASTNAME
Then configure the plugin : Plugin Manager > LDAP > Configure.
Ldap server e.g. ldap://ldap.example.com: ldap://ldap.example.intra
Port number (default when omitted is 389): 389
LDAP version (LDAPv2 = 2), e.g. 3: LDAPv3
Username prefix cn= or uid=: cn=: empty
Username suffix e.g. @example.com or remaining part of ldap query: @example.intra
Log in using the AD credentials (username: firstname.lastname and password).
Authentication with LDAPS and sAMaccountName attribute
Note: Authentication with sAMaccountName attribute (ie: firstname.lastname). Create a LimeSurvey user with the same name as a AD(active directory) user account :
Username: firstname.lastname
Email: firstname.lastname@example.intra
Full name: Firstname LASTNAME
Then configure the plugin : Plugin Manager > LDAP > Configure.
Ldap server e.g. ldap://ldap.example.com: ldaps://ldap.example.intra
Port number (default when omitted is 389): 636
LDAP version (LDAPv2 = 2), e.g. 3: LDAPv3
Username prefix cn= or uid=: cn=: empty
Username suffix e.g. @example.intra or remaining part of ldap query: @example.intra
Log in using the AD credentials (username: firstname.lastname and password).
Example settings OpenLDAP & 2.05+
Settings working with OpenLDAP and 2.05+ (git version Feb. 2015) with AuthLDAP plugin .
Authentication with LDAP and uid attribute
Note: Authentication with uid attribute. Create a LimeSurvey user with the same name as a the LDAP user account.
Then configure the plugin : Plugin Manager > LDAP > Configure.
- Ldap server e.g. ldap://ldap.mydomain.com: ldap://ldap.mydomain.com
- Port number (default when omitted is 389): (389 or leave blank)
- LDAP version (LDAPv2 = 2), e.g. 3: LDAPv3
- Select true if referrals must be followed (use false for ActiveDirectory): (leave blank)
- Check to enable Start-TLS encryption When using LDAPv3: False
- Select how to perform authentication: Search and bind
- Attribute to compare to the given login can be uid, cn, mail, ...: uid
- Base DN for the user search operation: ou=people,dc=mydomain,dc=com
- Optional extra LDAP filter to be ANDed to the basic (searchuserattribute=username) filter. Don't forget the outmost enclosing parentheses: (leave blank)
- Optional DN of the LDAP account used to search for the end-user's DN. An anonymous bind is performed if empty.: cn=admin,dc=mydomain,dc=com
- Password of the LDAP account used to search for the end-user's DN if previoulsy set.: password (appears!)
- Check to make default authentication method: (as you wish)
Log in using the LDAP credentials (username: user and password).
Webserver authentication
This plugin leaves authentication to the webserver and reads the result from a configurable server setting. This method has been around for a while, and was configured from config.php. If you used this authentication, you should enable the plugin in the plugins menu and move your configuration from config.php to the plugin's settings. Feel free to contact the team via the bugtracker or irc-channel if it no longer functions the way it did before.