Add example on configuring Meet with ActiveDirectory (or other ldap servers)
Closed this issue · 1 comments
fbartels commented
Add example on configuring Meet with ActiveDirectory (or other ldap servers)
ronnybremer commented
For Microsoft Active Directory the following settings could be helpful.
For kopano_grapi:
- LDAP_FILTER=(&(objectClass=organizationalPerson)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
- LDAP_LOGIN_ATTRIBUTE=sAMAccountName
- LDAP_EMAIL_ATTRIBUTE=mail
- LDAP_NAME_ATTRIBUTE=displayName
- LDAP_FAMILY_NAME_ATTRIBUTE=sn
- LDAP_GIVEN_NAME_ATTRIBUTE=givenName
- LDAP_JOB_TITLE_ATTRIBUTE=title
- LDAP_OFFICE_LOCATION_ATTRIBUTE=L
- LDAP_BUSINESS_PHONE_ATTRIBUTE=telephoneNumber
- LDAP_MOBILE_PHONE_ATTRIBUTE=mobile
- USERID_SEARCH_FILTER_TEMPLATE=({loginAttribute}=%(userid)s)
- SEARCH_SEARCH_FILTER_TEMPLATE=(&(objectClass=organizationalPerson)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(|({emailAttribute}=*%(search)s*)({givenNameAttribute}=*%(search)s*)({familyNameAttribute}=*%(search)s*)))
For kopano_kconnect:
- LDAP_LOGIN_ATTRIBUTE=sAMAccountName
- LDAP_NAME_ATTRIBUTE=displayName
- LDAP_UUID_ATTRIBUTE_TYPE=binary
- LDAP_UUID_ATTRIBUTE=objectGUID
Some of them seem to be set by default in the code, but it doesn't hurt to specify them explicitly.
The UserAccountControl setting filters out disabled users.