Permalink
Browse files

Update some plugin_doc files

  • Loading branch information...
1 parent efa65f9 commit 4682bc08c92dedf45c752e6b9219ff2b5e225d0a @cdujeu cdujeu committed Oct 10, 2016
@@ -1,2 +1,10 @@
-<p>If you are already managing your user in a central directory (LDAP), you'll find this plugin very useful, as you won't have to recreate existing user in Pydio. It's for the moment in already distributed in the core distribution, no need to download.</p>
-<p>There are constant discussions on the forum concerning the right configuration of the plugin depending on the LDAP or AD server used, please search the forum before posting.</p>
+<p>
+ This features-rich plugin is a connector to LDAP/AD user directories.
+</p>
+<p>
+ It is higly parametrizable : define filters for users and groups, map LDAP attributes to Pydio internal properties, map LDAP groups to pydio roles or groups.
+ Check each parameters documentation for more info.
+</p>
+<p>
+ Please note: there are constant discussions on the forum concerning the right configuration of the plugin depending on the LDAP or AD server used, please search the forum before posting.
+</p>
Deleted file not rendered
@@ -1,50 +1,12 @@
-<p>Encapsulate the usage of other auth.* drivers, to allow multiple sources of users. Users can choose at login time with wich method to authenticate themselves.</p>
-<p>Here is a sample code that would allow the choice between the standard login (for example for admin user) and a predefined auth.ftp config that queries an FTP server to check if the user credential is recognized or not :
- <pre>
- "AUTH_DRIVER" => array(
- "NAME" => "multi",
- "OPTIONS" => array(
- "MASTER_DRIVER" => "serial",
- "TRANSMIT_CLEAR_PASS" => true,
- "USER_ID_SEPARATOR" => "_-_",
- "DRIVERS" => array(
- "serial" => array(
- "LABEL" => "Local",
- "NAME" => "serial",
- "OPTIONS" => array(
- "LOGIN_REDIRECT" => false,
- "USERS_FILEPATH" => "AJXP_DATA_PATH/plugins/auth.serial/users.ser",
- "AUTOCREATE_AJXPUSER" => false,
- "TRANSMIT_CLEAR_PASS" => false )
- ),
- "ftp" => array(
- "LABEL" => "Remote FTP",
- "NAME" => "ftp",
- "OPTIONS" => array(
- "LOGIN_REDIRECT" => false,
- "REPOSITORY_ID" => "dynamic_ftp",
- "ADMIN_USER" => "admin",
- "FTP_LOGIN_SCREEN" => false,
- "AUTOCREATE_AJXPUSER" => true,
- "TRANSMIT_CLEAR_PASS" => true,
- )
- )
- )
- )
- ),
- </pre>
+<p>
+ Encapsulate the usage of other auth.* drivers, to allow multiple sources of users. It can work either in Master/Slave mode (master is read-only, slave is read-write for shared users),
+ or in "User-choice" mode where users can choose at login time wich method to use for authentication.
</p>
-<p>Note the unusual <b>LABEL</b> option added in the sub-drivers definition, that will be used as a display label in the gui login chooser. If it's not set, the selector would simply display the driver name (serial / ftp here). Note also that some options cannot be mixed : <bTRANSMIT_CLEAR_PASS</b> is set as a global option and is overriden for both subdrivers.
+<p>
+ <b>Master/Slave Mode</b>: this is useful to connect Pydio to an external user directory that is not writeable. Typical example would be an LDAP / AD directory.
+ To still be able to share resources with external users, setting a "local" sql-based driver as Slave will allow pydio to create shared users in the local DB.
</p>
-<p align="center"><img src="MultiAuthScreenshot.png"></p>
-<p>The <b>USER_ID_SEPARATOR</b> is important, as it is used to store locally the users data with a discrimination on where they come from. Here, once logged, an FTP user "mylogin" would in fact be handled by the system as "ftp_-_mylogin". Thus if the serial driver already has a "mylogin" user, they are not mixed. Be aware that some folders can be created with this complex user name (for example if you use the AJXP_USER keyword for some repositories), and for this reason the separator must be compliant with folder names! The first implementation of this plugin led to a bug because the separator used (::) was making any directory creation fail.
-
-</p>
- <p><b>New in 4.2.0</b>: the MASTER_SLAVE mode allows you to configure auth.multi in an explicit Master(read only) / Slave (writeable) mode, which is a very common case. Generally, this will be an LDAP + Serial config, allowing to load users from an LDAP/AD directory, and allowing the users to share folders and create temporary users that will be stored locally in the Pydio install.
- <br>The new options are described below :
- <ul>
- <li><b>MODE</b> : Set as MASTER_SLAVE or USER_CHOICE</li>
- <li><b>MASTER_DRIVER</b> : If mode is MASTER_SLAVE, will consider this as the first driver to test</li>
- <li><b>USER_BASE_DRIVER</b> : Not mandatory, but if set, will use this driver when listing the users in the administration console. That way, for example if your LDAP has thousands of users and you don't want to list them, you can put the USER_BASE_DRIVER to the "serial" driver and only see the local users.</li>
- </ul>
- </p>
+<p>
+ <b>Users'choice</b>: configure two authentication drivers and let your user choose which method to use at login time. This can for example let user declare themselves
+ as internal or external.
+</p>
@@ -1 +1,2 @@
<p>Use a RADIUS server for user authentication. You need php radius extension for this to work. If you get an php segfault your php-radius is too old (see https://bugs.php.net/bug.php?id=60885).</p>
+<p>WARNING: this has not been tested on Pydio 7. Please contact us if you want to contribute on this.</p>
@@ -1,16 +1,16 @@
-<p>Stores the users data inside a database instead of a file. It is database generic, the connexion to the database must be described in an array, see http://dibiphp.com/cs/ for more info on databases supported and configurations. A create.sql file is included to generated the necessary table for storing users data.</p>
+<p>Stores the users data inside a database. It is database generic, the connexion to the database must be described in an array, see http://dibiphp.com/cs/ for more info on databases supported and configurations. A create.sql file is included to generated the necessary table for storing users data.</p>
-<p>This plugin can be useful as working base if your users are already stored in a database : digg the code and change it to the right table/columns. By default, the table is name "ajxp_users" with columns login and password.</p>
+<p>This is the default user's store for Pydio.</p>
<p>
- The SQL_DRIVER option defined in the bootstrap_plugins.php file must be set with a "dibi" configuration that is PHP array like this :
+ The driver options are defined at install, internally it is an array like this.
<pre>
"SQL_DRIVER" => array(
- "driver" => "mysql",
- "host" => "localhost",
- "database" => "ajxp",
- "user" => "user",
- "password" => "pass",
- ),
+ "driver" => "mysql",
+ "host" => "localhost",
+ "database" => "ajxp",
+ "user" => "user",
+ "password" => "pass",
+ );
</pre>
</p>
@@ -1,4 +1,4 @@
-This is plugin aims at passing credentials directly through a POST to Pydio.<br>
+This plugin aims at passing credentials directly through a POST to Pydio.<br>
User ID and PWD are expected to be passed in an encrypted token using the standard Open SSL functions (openssl extension must be enabled).
A simple incremental "nonce" is used to make sure the token can never be replayed.<bR>
<br>
@@ -1,5 +1,3 @@
-<html>
-<body>
<h1>Dual-factor Authentication using DuoSecurity Service</h1>
<h2>Activating DuoSecurity integration</h2>
<p>DuoAuth SDK is embedded with a slightly modified version in the plugin, you don't have to get if from their website.</p>
@@ -15,7 +13,4 @@
<li>After a successful login/password login, user will be asked to enroll and
provide a second device (like a mobile device) to be identied.
Once enrolled, she'll be able to activate the login entirely.</li>
-</ul>
-</body>
-</html>
-
+</ul>
@@ -0,0 +1,4 @@
+<p>
+ Sends a Basic-Authentication HTTP header to get users credentials or API tokens. By default, this authfront is only active
+ on REST calls (API).
+</p>
@@ -0,0 +1,5 @@
+<p>
+ Provides an auth_hash/auth_token mechanism that to authenticate a user.<br/>
+ These tokens are computed by SDK clients at send time and are specific for each request. They are using the Api keys secret/tokens
+ provided by this plugin actions (generate_auth_token).
+</p>
@@ -0,0 +1,3 @@
+<p>
+ Simple Web UI component to provide a selector for authentication method on login page. Activated automatically by the auth.multi mode "User Choice".
+</p>

0 comments on commit 4682bc0

Please sign in to comment.