Configuring Active Directory Bundle is really easy. Let's get started.
Install using composer:
composer config repositories.repo-name vcs ssh://[email protected]:22/xrow-shared/activedirectory-bundle.git
composer require xrow/activedirectory-bundleAdd to $bundles array in app/AppKernel.php:
new Xrow\ActiveDirectoryBundle\XrowActiveDirectoryBundle(),You can configure Active Directory Bundle by supplying an array of settings. Keep in mind not all of these are required. This will be discussed below.
Here is an example configuration (for example in app/config.yml) with all possible configuration options:
xrow_active_directory:
account_suffix: xrow.lan
domain_controllers: [ "dc01.xrow.lan","192.168.0.220"]
base_dn: "dc=XROW,dc=LAN"Once the a new active directory did try to authenticate against ezplatform. All of the user groups are available from the cms backend. You can now assign (Admin Panel->Roles) the eZ Platform security policy Administrator to the Active Directory group Administrators (Admin Panel->Users->Administators). Beware the only difference between eZ Platform user groups and Active Directory user groups is a special remote_id that is not visible from the cms backend. Deleted Active Directory items will appear again once a user authenticates again with the platform.
The account suffix option is the suffix of your user accounts in AD. For example, if your domain DN is DC=corp,DC=acme,DC=org,
then your account suffix would be corp.acme.org. This is then appended to the end of your user accounts on authentication.
For example, if you're binding as a user, and your username is jdoe, then Adldap would try to authenticate with
your server as [email protected].
The domain controllers option is an array of servers located on your network that serve Active Directory. You insert as many servers or as few as you'd like depending on your forest (with the minimum of one of course).
For example, if the server name that hosts AD on my network is named ACME-DC01, then I would insert ['ACME-DC01.corp.acme.org']
inside the domain controllers option array.
The base distinguished name is the base distinguished name you'd like to perform operations on. An example base DN would be DC=corp,DC=acme,DC=org.
If one is not defined, you will not retrieve any search results.
Certain Active Directory users might be not able to authenticate against the Active Directory Server. In those cases the message "Invalid directory user" will appear. This means that the user [email protected] with the given password can`t authenticate against teh server. Please consult the domain adminsitrator to help. You can replicate the issue using a LDAP browser like LDAP Admin.
In case you need to add a second active directory structure we recommend you to build a forest.