// LDAP parameters
///////////////////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////////////////////
// enable LDAP authentication (0|1), if 1, an "LDAP authentication" checkbox will be displayed below the log-in form; you can avoid setting the other LDAP parameters if LDAP authentication is disabled; please note that in a DaDaBIK application usernames must be unique, you can't have two users having the same username, even if one is a regular DaDaBK user and the other an LDAP user; please also note that DaDaBIK WON'T WORK properly if you use both LDAP authentication and your own custom users/groups table (not the default one), if you decide to use your own custom users/groups table, $enable_ldap_authentication must be 0
$enable_ldap_authentication = 0;
// if set_ldap_authentication_as_default is 1 (and ldap authentation is enbaled), the "LDAP authentication" checkbox is checked by default
$set_ldap_authentication_as_default = 0;
// LDAP host URI, e.g. 'ldap://ldap.yourdomain.net' or 'ldaps://ldap.yourdomain.net'
$ldap_host = '';
// LDAP port, 389 is the default one
$ldap_port = '389';
// $ldap_binding_type can be 'classic' (default option) or 'ad' (which stands for Active Directory).
// 'classic' means that the binding will be done using the base dn specified later in $ldap_base_dn_ar, together with the $ldap_username_field and the username specified in the login form, for example something like cn=paul,ou=Users,DC=example,DC=com
// 'ad' is an alternative syntax, the binding will be done using just the username (e.g. "paul") or the username preceded by a prefix and a backslash (e.g. "mysubtree\paul"). You can set the prefix with $ldap_binding_prexif. Please note that DaDaBIK ASSUMES that USERNAMES ARE UNIQUE
$ldap_binding_type = 'classic';
$ldap_binding_prefix = ''; // e.g. if you set this parameter to 'mysubtree\\', $ldap_binding_type to 'ad' and the user fills the username field in the login form with 'paul', the binding will be done with: mysubtree\paul (and the password specified by the user); if $ldap_binding_type is 'classic', this parameter is not cosindered. If any character contained in $ldap_binding_prefix needs to be escaped, you have to provide the string already escaped
// enable the use of ldap_escape for DN (username of the user when used for ldap_bind, attribute values in $ldap_base_dn_ar )
// the details of the escaped function used are in ldap_apply_escape_if_enabled_dn() (file /include/general_functions.php)
// if $enable_ldap_escape_dn is 0, you should provide values correctly escaped
$enable_ldap_escape_dn = 1;
// enable the use of ldap_escape for filter (username of the user when usedas a filter for ldap_search)
// the details of the escaped function used are in ldap_apply_escape_if_enabled_filter() (file /include/general_functions.php)
// if $enable_ldap_escape_filter is 0, you should provide values correctly escaped
$enable_ldap_escape_filter = 1;
// LDAP base dn, e.g. if your base dn is 'ou=Users,dc=yourdomain,dc=net', your settings for this parameter must be
// $ldap_base_dn_ar[0]['attribute_name'] = 'ou';
// $ldap_base_dn_ar[0]['attribute_value'] = 'Users';
// $ldap_base_dn_ar[1]['attribute_name'] = 'dc';
// $ldap_base_dn_ar[1]['attribute_value'] = 'yourdomain';
// $ldap_base_dn_ar[2]['attribute_name'] = 'dc';
// $ldap_base_dn_ar[2]['attribute_value'] = 'net';
// add as many element as you need
// Please note that under the branch defined by base dn (and also by ldap_binding_prefix, if you use 'ad' binding type) DaDaBIK ASSUMES that USERNAMES (values of $ldap_username_field, see later) ARE UNIQUE, please also note that DaDaBIK doesn't work properly if usernames or base dn attribute values contain forward slashes ("/")
$ldap_base_dn_ar[0]['attribute_name'] = '';
$ldap_base_dn_ar[0]['attribute_value'] = '';
// LDAP default group: after LDAP authentication, the authenticated user is also inserted into the dadabik users table, here you can choose in which group you want to add them by default
$ldap_default_id_group = '2';
// LDAP attribute's name for username, e.g. 'cn' or 'uid'
$ldap_username_field = '';
// enable the local copy of LDAP users data (0|1), if 1, after LDAP authentication, not only the username but also name and email of the user, retrieved from the LDAP server, are copied into the local dadabik users list
$ldap_copy_users_data = 1;
// next three parameters are needed only if $ldap_copy_users_data = 1
// LDAP attribute's name for first name
$ldap_first_name_field = '';
// LDAP attribute's name for last name
$ldap_last_name_field = '';
// LDAP attribute's name for email
$ldap_email_field = '';
// enable LDAP debug mode: in case the login/bind process doesn't work as expected, you can set this parameter to 1 to see some debug information. Don't set it to 1 in a production application because it can reveal security-related information
$enable_ldap_debug_mode = 0;
