; ; Password reset. ; [reset_password] ; To enable password reset, change reset_password to 1. Don't ; forget to change the value back to O, after the password ; has been reset. reset_password = "0" ; ; Error message level. ; [error_messages] ; Set to "debug", for more information. IMPORTANT! Debug should be used ; exclusively during development, and never in production, as it reveals ; sensitive information. level = "" ; ; Override php.ini session settings. ; [session] ; If a TLS certificate is set up, set to "1" for increased security. cookie_secure = "0" ; ; LDAP. ; ; Enter your LDAP server settings below. There are example settings for ; a free dummy LDAP server at: ; ; www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server ; ; Use einstein:password, euclid:password to test its functionality. ; ; LDAP access does not work from behind a proxy server. ; [ldap] ; Activate login via LDAP. Caution: Disables local login. ldap_active = "0" ; LDAP server protocol, hostname, and port, e.g. ldap(s)://hostname:port. ;ldap_server = "ldap://ldap.forumsys.com:389" ldap_server = "ldap://ldap.example.com:389" ; If the protocol is ldap, a TLS-encrypted connection should be used. Set to 0, ; only if no TLS certificate is configured on your LDAP server. ldap_use_tls = "0" ; Base distinguished name (DN). ;ldap_basedn = "dc=example,dc=com" ldap_basedn = "dc=example,dc=com" ; Fully qualified bind user DN. ;ldap_binduser_dn = "cn=read-only-admin,dc=example,dc=com" ldap_binduser_dn = "cn=ldapsearch,ou=users,dc=example,dc=com" ; Bind user password. ;ldap_binduser_pw = "password" ldap_binduser_pw = "password" ; Attribute to use for username lookups. ldap_username_attr = "cn" ; Attribute which is used to verify login/password pair. ;ldap_userlogin_attr = "sAMAccountName" ldap_userlogin_attr = "cn" ; Custom LDAP Filter to additionally restrict the user search, and with (ldap_userlogin_attr = user) ; ldap_user_filter = "(|(objectClass=user)(objectClass=iNetOrgPerson))" ldap_user_filter = "(objectClass=user)" ; ; Authorization. If the below options are provided, a group affiliation ; is checked (admins vs. users) and permissions are set accordingly. ; Otherwise, all LDAP users are given admin permissions. ; ; Group relative search base without basedn. ;ldap_group_rdn = "ou=groups" ldap_group_rdn = "ou=groups" ; Admin group common name. ;ldap_admingroup_cn = "cn=admins" ldap_admingroup_cn = "cn=ilib_admins" ; Admin group DN, if building CN with group_rdn and basedn is not possible. ldap_admingroup_dn = "" ; User group common name. If only a specific user group can access I, Librarian. ;ldap_usergroup_cn = "cn=users" ldap_usergroup_cn = "" ; Use user group DN, if building CN with group_rdn and basedn is not possible. ldap_usergroup_dn = "" ; Optional admin users, comma separated list ldap_admin_users = "" ; Group filter prefix. ; If you want to do recursive searches with LDAP servers that support it ; (e.g., MS Active Directory), use the correct matching rule. ;ldap_filter = 'member:1.2.840.113556.1.4.1941' ldap_filter = "member" ; Change to match your ldap protocol version. ldap_version = "3" ; Enable REFERRALS. ldap_opt_referrals = "0" ; Enable and set debug level for LDAP authentication. ; Messages are logged into Apache Global Error Log. ldap_debug_enabled = "0" ldap_opt_debug_level = "7"