This repository has been archived by the owner on Nov 25, 2020. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
10 changed files
with
44 additions
and
66 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,10 @@ | ||
<p>If you are already managing your user in a central directory (LDAP), you'll find this plugin very useful, as you won't have to recreate existing user in Pydio. It's for the moment in already distributed in the core distribution, no need to download.</p> | ||
<p>There are constant discussions on the forum concerning the right configuration of the plugin depending on the LDAP or AD server used, please search the forum before posting.</p> | ||
<p> | ||
This features-rich plugin is a connector to LDAP/AD user directories. | ||
</p> | ||
<p> | ||
It is higly parametrizable : define filters for users and groups, map LDAP attributes to Pydio internal properties, map LDAP groups to pydio roles or groups. | ||
Check each parameters documentation for more info. | ||
</p> | ||
<p> | ||
Please note: there are constant discussions on the forum concerning the right configuration of the plugin depending on the LDAP or AD server used, please search the forum before posting. | ||
</p> |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,50 +1,12 @@ | ||
<p>Encapsulate the usage of other auth.* drivers, to allow multiple sources of users. Users can choose at login time with wich method to authenticate themselves.</p> | ||
<p>Here is a sample code that would allow the choice between the standard login (for example for admin user) and a predefined auth.ftp config that queries an FTP server to check if the user credential is recognized or not : | ||
<pre> | ||
"AUTH_DRIVER" => array( | ||
"NAME" => "multi", | ||
"OPTIONS" => array( | ||
"MASTER_DRIVER" => "serial", | ||
"TRANSMIT_CLEAR_PASS" => true, | ||
"USER_ID_SEPARATOR" => "_-_", | ||
"DRIVERS" => array( | ||
"serial" => array( | ||
"LABEL" => "Local", | ||
"NAME" => "serial", | ||
"OPTIONS" => array( | ||
"LOGIN_REDIRECT" => false, | ||
"USERS_FILEPATH" => "AJXP_DATA_PATH/plugins/auth.serial/users.ser", | ||
"AUTOCREATE_AJXPUSER" => false, | ||
"TRANSMIT_CLEAR_PASS" => false ) | ||
), | ||
"ftp" => array( | ||
"LABEL" => "Remote FTP", | ||
"NAME" => "ftp", | ||
"OPTIONS" => array( | ||
"LOGIN_REDIRECT" => false, | ||
"REPOSITORY_ID" => "dynamic_ftp", | ||
"ADMIN_USER" => "admin", | ||
"FTP_LOGIN_SCREEN" => false, | ||
"AUTOCREATE_AJXPUSER" => true, | ||
"TRANSMIT_CLEAR_PASS" => true, | ||
) | ||
) | ||
) | ||
) | ||
), | ||
</pre> | ||
<p> | ||
Encapsulate the usage of other auth.* drivers, to allow multiple sources of users. It can work either in Master/Slave mode (master is read-only, slave is read-write for shared users), | ||
or in "User-choice" mode where users can choose at login time wich method to use for authentication. | ||
</p> | ||
<p>Note the unusual <b>LABEL</b> option added in the sub-drivers definition, that will be used as a display label in the gui login chooser. If it's not set, the selector would simply display the driver name (serial / ftp here). Note also that some options cannot be mixed : <bTRANSMIT_CLEAR_PASS</b> is set as a global option and is overriden for both subdrivers. | ||
<p> | ||
<b>Master/Slave Mode</b>: this is useful to connect Pydio to an external user directory that is not writeable. Typical example would be an LDAP / AD directory. | ||
To still be able to share resources with external users, setting a "local" sql-based driver as Slave will allow pydio to create shared users in the local DB. | ||
</p> | ||
<p align="center"><img src="MultiAuthScreenshot.png"></p> | ||
<p>The <b>USER_ID_SEPARATOR</b> is important, as it is used to store locally the users data with a discrimination on where they come from. Here, once logged, an FTP user "mylogin" would in fact be handled by the system as "ftp_-_mylogin". Thus if the serial driver already has a "mylogin" user, they are not mixed. Be aware that some folders can be created with this complex user name (for example if you use the AJXP_USER keyword for some repositories), and for this reason the separator must be compliant with folder names! The first implementation of this plugin led to a bug because the separator used (::) was making any directory creation fail. | ||
|
||
</p> | ||
<p><b>New in 4.2.0</b>: the MASTER_SLAVE mode allows you to configure auth.multi in an explicit Master(read only) / Slave (writeable) mode, which is a very common case. Generally, this will be an LDAP + Serial config, allowing to load users from an LDAP/AD directory, and allowing the users to share folders and create temporary users that will be stored locally in the Pydio install. | ||
<br>The new options are described below : | ||
<ul> | ||
<li><b>MODE</b> : Set as MASTER_SLAVE or USER_CHOICE</li> | ||
<li><b>MASTER_DRIVER</b> : If mode is MASTER_SLAVE, will consider this as the first driver to test</li> | ||
<li><b>USER_BASE_DRIVER</b> : Not mandatory, but if set, will use this driver when listing the users in the administration console. That way, for example if your LDAP has thousands of users and you don't want to list them, you can put the USER_BASE_DRIVER to the "serial" driver and only see the local users.</li> | ||
</ul> | ||
</p> | ||
<p> | ||
<b>Users'choice</b>: configure two authentication drivers and let your user choose which method to use at login time. This can for example let user declare themselves | ||
as internal or external. | ||
</p> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,2 @@ | ||
<p>Use a RADIUS server for user authentication. You need php radius extension for this to work. If you get an php segfault your php-radius is too old (see https://bugs.php.net/bug.php?id=60885).</p> | ||
<p>WARNING: this has not been tested on Pydio 7. Please contact us if you want to contribute on this.</p> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,16 @@ | ||
<p>Stores the users data inside a database instead of a file. It is database generic, the connexion to the database must be described in an array, see http://dibiphp.com/cs/ for more info on databases supported and configurations. A create.sql file is included to generated the necessary table for storing users data.</p> | ||
<p>Stores the users data inside a database. It is database generic, the connexion to the database must be described in an array, see http://dibiphp.com/cs/ for more info on databases supported and configurations. A create.sql file is included to generated the necessary table for storing users data.</p> | ||
|
||
<p>This plugin can be useful as working base if your users are already stored in a database : digg the code and change it to the right table/columns. By default, the table is name "ajxp_users" with columns login and password.</p> | ||
<p>This is the default user's store for Pydio.</p> | ||
|
||
<p> | ||
The SQL_DRIVER option defined in the bootstrap_plugins.php file must be set with a "dibi" configuration that is PHP array like this : | ||
The driver options are defined at install, internally it is an array like this. | ||
<pre> | ||
"SQL_DRIVER" => array( | ||
"driver" => "mysql", | ||
"host" => "localhost", | ||
"database" => "ajxp", | ||
"user" => "user", | ||
"password" => "pass", | ||
), | ||
"driver" => "mysql", | ||
"host" => "localhost", | ||
"database" => "ajxp", | ||
"user" => "user", | ||
"password" => "pass", | ||
); | ||
</pre> | ||
</p> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
<p> | ||
Sends a Basic-Authentication HTTP header to get users credentials or API tokens. By default, this authfront is only active | ||
on REST calls (API). | ||
</p> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
<p> | ||
Provides an auth_hash/auth_token mechanism that to authenticate a user.<br/> | ||
These tokens are computed by SDK clients at send time and are specific for each request. They are using the Api keys secret/tokens | ||
provided by this plugin actions (generate_auth_token). | ||
</p> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
<p> | ||
Simple Web UI component to provide a selector for authentication method on login page. Activated automatically by the auth.multi mode "User Choice". | ||
</p> |