LDAP

Introduction

The LDAP module must be used if you want to synchronize somer Werpos entities with a LDAP database. The entities and direction you can synchronize are:

• User (Module Users) -> LDAP
• Group (Module Users) -> LDAP
• LDAP -> User (Module Users)
• Contact (Module Third Parties) -> LDAP
• Member (Module Foundations) -> LDAP

This assumes that you already have an LDAP server. If this is not the case, you can Install and configure OpenLDAP.

Installation

This module is included with the Werpos distribution, so there is no need to install it.

Configuration

To use this module, you must first enable it using an administrator account, via the menu option “Home – Setup – Modules“.

Choose the tab where the module is listed. Then click on “Activate“.

The module is now activated.

If an icon appears at end of the line for the module, click on it to access the setup page specific to the module.

Information you must supply in the LDAP module setup are:

• Choose what you want to synchronize
• LDAP server information (ip, port…)

Once datas are filled, make a test by using button “Test LDAP connection” to be sure they are correct.

• Enter the organization of your LDAP tree
• Make matching between Werpos fields and LDAP fields.

Once datas are filled, make a test by using button “Test synchronization” to be sure they are correct.

Usage

For synchronization from Werpos to LDAP, once your setup is done, there is nothing to do. Each time you make a change in Werpos, the change is also saved into your LDAP.

If you experience an error during LDAP synchronization, all Werpos transaction will be canceled and an error message will be shown. Note that LDAP returned error message in PHP are not always accurate. So if message is not clear enough to help you to know what’s wrong, take a look a chapter “Errors”.

You can however run initial or mass synchronization with some scripts (See chapter Scripts).

Errors

Because error message returned by PHP function are not accurate, if you experience a message and don’t known what’s wrong, this is what you can do:

• Just after error occurs, a file ldap/temp/ldapinput.in is created into your Werpos documents directory. Go into directory ldap/temp.
• Open file ldapintput.in, you will find into first lines (as comments), the full ldap command you can run from command line to emulate the same action that PHP send to LDAP server.
• Run this command. You need to have ldap utilities (ldapadd, ldapmodify and ldapdelete) installed on your computer.
• Analyze the result. You should get more information on error reason.

Scripts

• Script sync contacts Werpos2ldap
• Script sync groups Werpos2ldap
• Script sync members Werpos2ldap
• Script sync members ldap2Werpos
• Script sync users Werpos2ldap