egroupware_official/setup/doc
petere78 7d720dc5ea Set HTML document type to XHTML 1.0 Transitional everywhere (almost).
Correct various misspellings and other oddities in the document type
declarations.  Convert HTML tags to lower case in the affected files.
2005-07-07 20:09:52 +00:00
..
copyright.gpl
README.inc changes from phpgw to egw dev group 2004-01-27 20:49:25 +00:00
README.lang
README.ldap add one more case 2004-01-31 14:23:40 +00:00
setup3-1.html Update strings 2003-12-28 16:45:19 +00:00
setup3-2.html Update strings 2003-12-28 16:45:19 +00:00
setup3-3.html Update strings 2003-12-28 16:45:19 +00:00
setup3-4.html Update strings 2003-12-28 16:45:19 +00:00
setup3.dvi replace the bad word 2004-08-31 18:15:53 +00:00
setup3.html Update strings 2003-12-28 16:45:19 +00:00
setup3.lyx changes from phpgw to egw dev group 2004-01-27 20:49:25 +00:00
setup3.pdf
setup3.ps
setup3.rtf replace the crap 2004-08-09 16:17:36 +00:00
setup3.sgml Set HTML document type to XHTML 1.0 Transitional everywhere (almost). 2005-07-07 20:09:52 +00:00
setup3.txt changes from phpgw to egw dev group 2004-01-27 20:49:25 +00:00

  /**************************************************************************\
  * eGroupWare - LDAP usage                                                  *
  * http://www.egroupware.org                                                *
  * --------------------------------------------                             *
  *  This program is free software; you can redistribute it and/or modify it *
  *  under the terms of the GNU General Public License as published by the   *
  *  Free Software Foundation; either version 2 of the License, or (at your  *
  *  option) any later version.                                              *
  \**************************************************************************/

  /* $Id$ */

To use LDAP authentication and/or accounts for egroupware, perform the following
in setup:

1. If you want to store the account information in SQL:
  a. Configure eGroupWare to use LDAP authentication and SQL accounts (Step 2)
  b. Configure a valid LDAP host, LDAP accounts context, and LDAP groups context,
     LDAP rootdn, and LDAP root password.  The rootdn/rootpw can match what is setup
	 as the rootdn/rootpw in, e.g., slapd.conf.  Or it could be a user who is granted
	 LDAP acl rights to READ data from any entry in the accounts and groups contexts.  By
	 context, we mean the ou in which this information is stored, e.g. ou=People,dc=domain,dc=com
	 and ou=Group,dc=domain,dc=com.
  c. Be sure to also configure a valid LDAP encryption type.  This will depend on your system.
  d. follow the link:
 'Import accounts from LDAP to the eGroupWare accounts table (for a new install using SQL accounts)'

  This is on the page after submitting the configuration in step 2.  This runs
  setup/ldapimport.php, which lets you select which accounts and groups you
  wish to copy from ldap into sql.  You can then authenticate using LDAP, and
  the account usernames and other data will be copied to our SQL accounts table.

2. If you want to store account information in an existing LDAP tree:
  a. Install the LDAP schema per directions in phpgwapi/doc/ldap/README.
  b. Configure eGroupWare to use LDAP auth and LDAP accounts (Step 2)
  c. Configure a valid LDAP host, LDAP accounts context, and LDAP groups context,
     LDAP rootdn, and LDAP root password.  The rootdn/rootpw can match what is setup
	 as the rootdn/rootpw in, e.g., slapd.conf.  Or it could be a user who is granted
	 LDAP acl rights to WRITE data to any entry in the accounts and groups contexts.  By
	 context, we mean the ou in which this information is stored, e.g. ou=People,dc=domain,dc=com
	 and ou=Group,dc=domain,dc=com.
  d. Be sure to also configure a valid LDAP encryption type.  This will depend on your system.
  e. follow the link in setup:
     'Modify an existing LDAP account store for use with eGroupWare (for a new install using LDAP accounts)'

	 This is on the page after submitting the configuration in step 2.  This runs
	 setup/ldapmodify.php, which lets you select which accounts and groups you
	 wish to modify in LDAP for use with eGroupWare.  It will add the necessary objectclass
	 and attributes to existing LDAP entries.

3. If you want to store account information in a new LDAP tree only for eGroupWare:
  a. Install the LDAP schema per directions in phpgwapi/doc/ldap/README.
  b. Configure eGroupWare to use LDAP auth and LDAP accounts (Step 2)
  c. Configure a valid LDAP host, LDAP accounts context, and LDAP groups context,
     LDAP rootdn, and LDAP root password.  The rootdn/rootpw can match what is setup
	 as the rootdn/rootpw in, e.g., slapd.conf.  Or it could be a user who is granted
	 LDAP acl rights to WRITE data to any entry in the accounts and groups contexts.  By
	 context, we mean the ou in which this information is stored, e.g. ou=People,dc=domain,dc=com
	 and ou=Group,dc=domain,dc=com.
  d. Be sure to also configure a valid LDAP encryption type.  This will depend on your system.
  e. follow the link in setup: 'Setup demo accounts in LDAP'
     
	 This is on the page after submitting the configuration in step 2.  This runs
	 setup/setup_demo.php, which creates an admin account you specify, and optionally
	 the demo, demo2, and demo3 user accounts.  The admin account password is configurable
	 here, and the demo accounts will have their passwords set to 'guest'

NOTES:
	1. Copying data from LDAP to SQL currently does not transfer the userPassword attr.
	  You would need to create those values manually in SQL if you want to migrate from
	  LDAP to SQL auth.  However, using LDAP and auth and SQL accounts, this is not a concern.