LDAP Authentication Plugin

Before use, the LDAP Authentication plugin must first be configured.

Prerequisites

The following information must be ready before configuration:

  • The base domain LDAP path.
    • Windows users can run:
      dsquery ou
  • The LDAP port if it's something other than the default (389)
  • Full LDAP paths for the groups which are to be mapped to users, managers and administrators.
    • Windows users can run:
      dsquery group -name [group name]

Configuration

The LDAP Authentication plugin is configured by updating the the /conf/authentication/LDAPAuth.conf file with the correct values.

active_directory

Is the LDAP server an Windows Active Directory domain? True or False.

host

The address of the LDAP server.

port

The LDAP server port.

Active Directory uses 389 by default.

user

The user who has the appropriate permissions to query LDAP.

cred

The password of the user who will be querying LDAP.

base

The base domain for search requests.

name

The LDAP attribute user to store the users username.

Active Directory uses the attribute 'name'.

firstname

The LDAP attribute user to store the users first name.

Active Directory uses the attribute 'givenName'.

lastname

The LDAP attribute user to store the users last name.

Active Directory uses the attribute 'sn'.

email

The LDAP attribute user to store the users email address.

Active Directory uses the attribute 'email'.

user

The LDAP group which is mapped to the Zegami users group.

manager

The LDAP group which is mapped to the Zegami managers group.

admin

The LDAP group which is mapped to the Zegami administrators group.

attribute

Membership attribute to match when searching groups for user association. Posix groups use 'memberUid'. OpenLDAP use only.