Setting up LDAP Integration & Authorization in PHPKB Software

Estimated Reading Time: 5 Minutes

This article describes how to setup LDAP integration in PHPKB Knowledge Management Software.

LDAP stands for Lightweight Directory Access Protocol, and allows usage of single user account directory to log in to various applications.

LDAP Integration with Knowledge Base

LDAP integration allows you to use your existing LDAP server (such as Microsoft Active Directory, OpenLDAP, etc) for user authentication and grouping in PHPKB Knowledge Management Software. If you run LDAP on your network then you can take benefit of this facility to allow your users to login to the knowledge base using their LDAP login credentials. Your administrator won’t need to create account for each user. Just connect to LDAP server, map LDAP directory groups with PHPKB User Groups, and retrieve users with full account information in one click. As well as integration, user account details can be synched and LDAP groups can be mapped with PHPKB User Groups for group-based permissions.

Note : LDAP Integration & Authentication facility is available only in the Enterprise Editions of PHPKB software. The currently supported LDAP platforms are Microsoft Active Directory, Novell eDirectory, OpenLDAP, SAMBA, Posix etc.

Here’s the LDAP settings page in the admin control panel:

LDAP Settings

You can use existing LDAP server to manage user integration and authentication with following options:

  • Authorization
  • Group Mapping
  • Synchronization of User Details
  • Synchronization of Groups
  • User Group Assignment
  • LDAP version 3 support
  • TLS cryptographic protocol is also supported and provides security and data integrity for communications with LDAP directory server

Setup Instructions

  1. Go to the LDAP Settings tab in Manage Settings page of admin control panel.
  2. First of all tick the Enable LDAP Authentication checkbox to start and select the LDAP platform as shown below. If you get an error "LDAP Support Unavailable", please scroll down to "How to enable LDAP extension in PHP?" section of this article. 
  3. Specify correct LDAP Host and Port.
  4. Specify additional LDAP connection settings:
    • Enable Use LDAP Version 3 option if you would like to use LDAP v3 protocol.
    • If your LDAP server hold references to other servers you may want to enable Allow Follow Referrals option.
    • The Negotiate TLS option allows establishment of Transport Layer Security on the connection.
  5. If you would like to get users by certain parameters, you can modify the Search String value. Otherwise, use the default value.
  6. Usually Base DN consists of two parts: OU (Organizational Unit) and dc (Domain Component, "mydomain" and "local" in our example; if your LDAP server name includes more domain levels, there will be more dc's). You may not specify OU to get full tree of directory groups.
  7. Specify username and password for connection on the LDAP server. This user must have permission to see LDAP entries.
  8. Specify the mapping attributes under "LDAP Synchronization Settings". Remember that LDAP users that you want to import must have all these required attributes: account name, first name, last name, email. Otherwise they won't be imported. Make sure that attributes here in PHPKB settings match the user attributes on LDAP server.
  9. If you would like to synchronize LDAP user details each time a LDAP user log in, set the checkbox accordingly. If this checkbox is not checked, account and group information will be synchronized only upon the first successful login.
  10. Check "Group Mapping Settings".
    • A user that belongs to a 'LDAP Group' that is not mapped to any 'PHPKB User Group' will be assigned to the group set in Default Group Mapping .
    • Check the LDAP Group Member Attribute to match the group entry that stores a list of group members.
  11. Check all LDAP settings, click Save and mark the Enable LDAP Group Mapping to start mapping.
  12. Once the LDAP connection is successfully established, you will see the list of LDAP Groups on the left and PHPKB User Groups on the right. Now you need to map some groups from the LDAP server with user-groups in PHPKB. Mapping of 'LDAP Group X' to 'PHPKB User Group Y' means that users from 'LDAP Group X' will be assigned to the 'PHPKB Group Y'.
LDAP User Login & Authentication

From now onward, whenever someone tries to login to PHPKB and PHPKB doesn't have this user account in its database, it asks the LDAP server and if a user with the specified username and password exists on the LDAP server, the account in PHPKB will be created automatically. You can confirm it by trying to login as one of the users from mapped LDAP groups. If all settings are correct, you'll be able to login with username and password of this user from the LDAP server. An account will be created in PHPKB users database automatically upon successful login.

How to enable LDAP extension in PHP?

To enable LDAP extension in your PHP installation, please follow the instructions below.

For Windows Server (Running IIS or Apache)

  1. If you are on a Windows Server, you will need to open the php.ini configuration file (generally located at C:\php\php.ini) in any text editor such as notepad.
  2. Search for extension=php_ldap.dll in php.ini file. Uncomment this line, if not present then add this line in the file and save the php.ini file.
  3. Restart your web server. After that refresh the LDAP plugin configuration page in "Manage Settings" section of admin control panel.

For Linux Server

  1. Install php ldap extension (If not installed yet)
    1. For Debian, the installation command would be apt-get install php-ldap
    2. For RHEL based systems, the command would be yum install php-ldap
  2. Search for extension=php_ldap.so in php.ini file. Uncomment this line, if not present then add this line in the file and save the file.
  3. Restart your web server. After that refresh the LDAP plugin configuration page in "Manage Settings" section of admin control panel.

If you have any issues with LDAP integration or If you’re unable to configure it properly then you can ask for assistance and we’ll fully assist you. You can also refer to the Video Tutorial given below to see demonstration of steps above.

LDAP Integration Video Tutorial

  • Applicable To: Enterprise Edition (MySQL), Enterprise Multi-Language Edition (MySQL), Enterprise Edition (SQL Server), Enterprise Multi-Language Edition (SQL Server)