Extension:LDAPProvider

As a successor of LDAP Authentication a stack of LDAP related extensions has been created. They all need to interact with a remote LDAP resource. To ease and unify configuration and maintenance, this extension was created. It provides classes and configuration to query data from LDAP resources.

"Extension config" versus "Domain config"
This extensions features two kinds of configuration. On the one side there is the classic "extension configuration". It can be set up by using global variables within the. Be aware that those variables do not have a  prefix. Those settings affect the extension as a whole.

On the other side there is a configuration that is specific to a remote LDAP resource, like connection settings, group membership query mechanism or base DNs. Multiple domains can be configured independently. These settings only affect the communication to the LDAP resource, based on the domain that this resource serves.

Domain config providers
By default the domain specific configuration is held in a static JSON file. But one can also use a PHP based (dynamic) configuration. The relevant extension configuration is. It needs to be a callback that returns an object of type.

Static JSON file
This is the default way. Just set up the extension configuration  to point to a valid JSON file (should be outside of web root). $LDAPProviderDomainConfigs = "$IP/../ldapprovider.json";

Example:

Dynamic PHP array
As an alternative to the JSON file one can use a PHP array to configure the domains. In this case, just have the  callback return an instance of InlinePHPArray.

Example

Exception: "No configuration available for domain 'XYZ'!"
Please make sure, that the values in the database field  match with the values set in the first level of the domain-configuration (e.g. in  ). If they don't, you can either change the entries in the database using  or adapt the configuration. Attention: In the current version, the domain name is case sensitive.

Exception: "No section 'authorization' found in configuration for domain 'LDAP'"
If you enabled the LDAPAuthorization extension (as recommended in the PluggableAuth documentation), you need to add the authorization configuration in the LdapProvider config (more info here)