我正在尝试设置 bhLDAPAuthPlugin 以通过 Active Directory 进行身份验证。我在配置身份验证设置时遇到问题。
在 adLDAP.php 文件中,这里是默认设置:
class adLDAP {
// BEFORE YOU ASK A QUESTION, PLEASE READ THE DOCUMENTATION AND THE FAQ
// http://adldap.sourceforge.net/documentation.php
// http://adldap.sourceforge.net/faq.php
// You can set your default variables here, or when you invoke the class
var $_account_suffix="@mydomain.local";
var $_base_dn = "DC=mydomain,DC=local";
// An array of domain controllers. Specify multiple controllers if you
// would like the class to balance the LDAP queries amongst multiple servers
var $_domain_controllers = array ("dc01.mydomain.local");
// optional account with higher privileges for searching
// not really that optional because you can't query much as a user
var $_ad_username=NULL;
var $_ad_password=NULL;
// AD does not return the primary group. http://support.microsoft.com/?kbid=321360
// This tweak will resolve the real primary group, but may be resource intensive.
// Setting to false will fudge "Domain Users" and is much faster. Keep in mind though that if
// someone's primary group is NOT domain users, this is obviously going to bollocks the results
var $_real_primarygroup=true;
// Use SSL, your server needs to be setup, please see - http://adldap.sourceforge.net/ldap_ssl.php
var $_use_ssl=false;
// When querying group memberships, do it recursively
// eg. User Fred is a member of Group A, which is a member of Group B, which is a member of Group C
// user_ingroup("Fred","C") will returns true with this option turned on, false if turned off
var $_recursive_groups=false;
// You should not need to edit anything below this line
//******************************************************************************************
这个问题可能看起来很抽象,但是我如何确定这个信息呢?
在插件的文档中,它说 account_suffix 应该是我要连接的域,但我发现其他文档列出了特定参数,例如组织,例如:
account_suffix = "ou=People, o=domain.edu";
我如何找到要使用的?