Skip to content

Configure LDAP Plugin

Jump to bottom
Daniel Neto edited this page Sep 4, 2023 · 10 revisions

Installation

Make sure you install the Lib php-ldap:

apt-get install php-ldap

Minimum Configuration

For the LDAP Plugin to function properly, you must at least configure:

Server:

The URL of your LDAP server.

RDN (Relative Distinguished Name):

The tag {$user} in the RDN will be replaced by the username input during the login. A valid RDN example could be: uid={$user},ou=Users,dc=youphptube,dc=com,dc=br, or simply {$user} or {$user}@example.com. For multiple RDN values, separate with a pipe |. Example: {$user}|{$user}@example.com.

Disable Regular Login & Sign Up:

If you wish to disable the native sign-up and login functionalities, follow these steps:

  • Navigate to the Plugin Menu.
  • Open the CustomizeUser Plugin.
  • Check the disableNativeSignUp option.
  • Check the disableNativeSignIn option.

Advanced Configuration

  • Port: Port number to communicate with the LDAP server. Default is 389.
  • Filter: An LDAP search filter applied if binding with RDN fails. Default filter is (uid={$user}).
  • LDAP_OPT_PROTOCOL_VERSION: The protocol version for LDAP. Typically, this is 3 for most modern LDAP servers.
  • DefaultProfilePhoto: URL for the default profile image of users.
  • SavePassword: Whether or not to save the user's password. Default is set to false.
  • DisableNativeSignUp: If set to true, this will disable the platform's native sign-up option.
  • DisableRecoverDatabasePassword: If set to true, this disables the function to recover a password from the database.
  • IfLdapLoginFailTryDatabase: If LDAP login fails, the system will attempt to log in using the database when this is set to true.
  • HideLdapBottomInfo: If set to true, this will hide the LDAP-related information displayed at the bottom of the page.
  • AutoAddNewUsersOnUserGroup: Automatically adds new users to a specified user group.

LDAPS Configuration (Secure LDAP)

To use LDAPS (typically over port 636), the certificate from the LDAP server should be placed on your server. Your /etc/ldap/ldap.conf should also be set to utilize this certificate.

You can use OpenSSL to retrieve the certificate:

echo -n | openssl s_client -connect buls-ad01.barrette.wan:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ~/buls-ad01.barrette.wan.cer

Replace buls-ad01.barrette.wan with your LDAPS server name.

Plugin Settings:

image

Ldap.conf Configuration:

Make sure to add the required lines as shown:

image

For more detailed information on configuring LDAP with PHP, refer to the PHP documentation here.

AVideo Platform Official Website | Twitter | Facebook | WWBN Solutions | Plugins Marketplace

Clone this wiki locally