Version 9

AuthenticationPluginLdap

Created by: Lester Caine, Last modification: 19 Apr 2009 (10:49 UTC) by Lester Caine
LDAP is the Lightweight Directory Access Protocol, and provides user authentication via an LDAP server. Use of the plugin requires that both PEAR:Auth and the php ldap module are installed in your web server setup. In addition, obviously, an operational LDAP server is also required.

Ubuntu/Debian Example:
apt-get install php-auth php-ldap
Note for v2.6:
You must also uncomment ./users/auth/ldap/auth.php line 15. This allows the PEAR::Auth module to be found on your system. Oops; LDAP support is broke in 2.6, working on it now...


The OpenLDAP Project is a useful starting point for setting up a working LDAP system although alternatives are also available. Most of the Linux distributions will have an LDAP server setup that can be enabled if required.

Configuring access

Once correctly enabled, an LDAP tab will be provided on the Login Settings page, and this needs to be populated with the access information for your LDAP server.

The attachment id given is not valid.

Now to work out what it all means

Bitweaver requires a number of fields available in it's USERS_USERS table in order to correctly identify and work with it's internal user_id. The three that must be available are login, email and real_name, although real_name can probably be defaulted to login if not available. The password fields provided in the USERS_USERS table can be ignored if LDAP is being used to provide those checks, although at present we have no details on how things like password time-out are handled at the ldap end. At some point we may be able to link user avatars stored in ldap with the local attachments, but having all files stored via ldap may be a little further off. This just leaves the 'default_group_id', but at this stage it will be assumed that this is only managed locally, although the role/group overlap does come into play.

Schemaloginemailreal_name
LDAP User AttributeLDAP User E-Mail AddressLDAP User Display Name
inetOrgPersoncnmaildisplayName
Active DirectorycnmaildisplayName

Not having an AD server to test against it is a little difficult to confirm things, but it does seem that modern AD schemas will accept the international strandard fields and return the same results.

Other useful links

PHP LDAP Package
PEAR Auth Module
phpLDAPAdmin administration package
Useful schema tree - use links at bottom Need something a little tidier, but this is a useful start
Very nice comparison document for Active Directory This also outlines a number of more advanced fatures.
Page History
Date/CommentUserIPVersion
23 Apr 2009 (18:19 UTC)
Derek Simkowiak71.231.59.10516
Current • Source
Derek Simkowiak71.231.59.10515
View • Compare • Difference • Source
Lester Caine81.138.11.13614
View • Compare • Difference • Source
Lester Caine81.138.11.13613
View • Compare • Difference • Source
Lester Caine81.138.11.13612
View • Compare • Difference • Source
Lester Caine81.138.11.13611
View • Compare • Difference • Source
Lester Caine81.138.11.1369
View • Compare • Difference • Source
Lester Caine81.138.11.1367
View • Compare • Difference • Source
Lester Caine81.138.11.1366
View • Compare • Difference • Source
Derek Simkowiak71.231.59.1055
View • Compare • Difference • Source
Derek Simkowiak71.231.59.1054
View • Compare • Difference • Source
Lester Caine81.138.11.1363
View • Compare • Difference • Source
Lester Caine81.138.11.1362
View • Compare • Difference • Source
Lester Caine81.138.11.1361
View • Compare • Difference • Source