LDAP Authentication

We will take it for granted that you already know how to install and set up an LDAP server and a client, so we will skip this process.

The extensions you will need are:

  • php5-ldap
  • authnz_ldap

Remember to restart or reload your Apache settings after installing them.

You have to edit the FENG_ROOT/config/ldap.config.example.php file so that it has the following configuration:

  // The configuration array:
  $config_ldap = array (
      'binddn'    => '', //anonymous binding, but you may change it if you wish to
      'bindpw'    => '', //anonymous binding, but you may change it if you wish to
      'basedn'    => 'ou=people,dc=my,dc=domain,dc=com',
      'host'      => 'ldap://[my domain IP]:[LdapPort]',
      'port'      => [LdapPort],
      //'password_encoding' => 'MD5', //in case the passwords are encrypted
      'uid' => 'uid', //unique id to match with the LDAP and the username
  ); 

Example for my.domain.com with 192.168.1.5 as IP and 389 as LDAP port:

 
  $config_ldap = array (
      'binddn'    => '',
      'bindpw'    => '',
      'basedn'    => 'ou=people,dc=my,dc=domain,dc=com',
      'host'      => 'ldap://192.168.1.5:389',
      'port'      => 389,    
      'uid' => 'uid', //unique id to match with the LDAP and the username
  );

After performing these changes, you will have to edit the FENG_ROOT/config/ldap.config.example.php so that it is called FENG_ROOT/config/ldap.config.php

Once everything is set up, you will be able to access Feng Office either with the authentication that Feng Office provides, or through the LDAP one.

In order to use the LDAP authentication, you must make sure that the usernames they have in Feng Office match the uid for the LDAP users, so you must bear this in mind upon creation, or otherwise edit them.

When you create them, enable the checkbox of Specify username as shown below, and type in the uid (i.e.: johnsmith2):

In case you wish to edit the username of an existing user, you must be a SuperAdministrator, and:

  1. Go to the Administration Panel
  2. Access Users
  3. Click on Update Profile of the user in question
  4. Change the username and save the changes

In order to turn off the authentication through LDAP, you ought to do one of the following actions:

  1. Rename the FENG_ROOT/config/config.ldap.php file to a different name (i.e.: old_config.ldap.php)
  2. Delete the FENG_ROOT/config/config.ldap.php file (not the best way to do it though)