Configuring Active Directory Bundle is really easy. Let's get started.
Install using composer:
composer config repositories.repo-name vcs ssh://git@gitlab.com:22/xrow-shared/activedirectory-bundle.git
composer require xrow/activedirectory-bundleAdd to $bundles array in app/AppKernel.php:
new Xrow\ActiveDirectoryBundle\XrowActiveDirectoryBundle(),You can configure Active Directory Bundle by supplying an array of settings. Keep in mind not all of these are required. This will be discussed below.
Here is an example configuration (for example in app/config.yml) with all possible configuration options:
xrow_active_directory:
account_suffix: xrow.lan
domain_controllers: [ "dc01.xrow.lan","192.168.0.220"]
base_dn: "dc=XROW,dc=LAN"Once the a new active directory did try to authenticate against ezplatform. All of the user groups are available from the cms backend. You can now assign (Admin Panel->Roles) the eZ Platform security policy Administrator to the Active Directory group Administrators (Admin Panel->Users->Administators). Beware the only difference between eZ Platform user groups and Active Directory user groups is a special remote_id that is not visible from the cms backend. Deleted Active Directory items will appear again once a user authenticates again with the platform.
The account suffix option is the suffix of your user accounts in AD. For example, if your domain DN is DC=corp,DC=acme,DC=org,
then your account suffix would be corp.acme.org. This is then appended to then end of your user accounts on authentication.
For example, if you're binding as a user, and your username is jdoe, then Adldap would try to authenticate with
your server as jdoe@corp.acme.org.
The domain controllers option is an array of servers located on your network that serve Active Directory. You insert as many servers or as little as you'd like depending on your forest (with the minimum of one of course).
For example, if the server name that hosts AD on my network is named ACME-DC01, then I would insert ['ACME-DC01.corp.acme.org']
inside the domain controllers option array.
The base distinguished name is the base distinguished name you'd like to perform operations on. An example base DN would be DC=corp,DC=acme,DC=org.
If one is not defined, you will not retrieve any search results.
Certain Active Directory users might be not able to authticate against the Active Directory Server. In those cases the the message "Invalid directory user" will appear. This means that the user username@account.suffix with the given password can`t authticate against teh server. Please consult the domain adminsitrator to help. You can replicate the issue using a LDAP Brwoser like http://www.ldapadmin.org/.
In case you need to add a second active directory struture we recommend you to build a forest(https://en.wikipedia.org/wiki/Active_Directory#Forests,_trees_and_domains).