Setting up LDAP Integration & Authorization in PHPKB Software
This article describes how to setup LDAP integration in PHPKB Knowledge Management Software.
LDAP integration allows you to use your existing LDAP server (such as Microsoft Active Directory, OpenLDAP, etc) for user authentication and grouping in PHPKB Knowledge Management Software. If you run LDAP on your network then you can take benefit of this facility to allow your users to login to the knowledge base using their LDAP login credentials. Your administrator won’t need to create account for each user. Just connect to LDAP server, map LDAP directory groups with PHPKB User Groups, and retrieve users with full account information in one click. As well as integration, user account details can be synched and LDAP groups can be mapped with PHPKB User Groups for group-based permissions.
Note: LDAP Integration & Authentication facilty is available only in the Enterprise Editions of PHPKB software. The currently supported LDAP platforms are Microsoft Active Directory, Novell eDirectory, OpenLDAP, SAMBA, Posix etc.
Here’s the LDAP settings page in the admin control panel:
You can use existing LDAP server to manage user integration and authentication with following options:
- Group Mapping
- Synchronization of User Details
- Synchronization of Groups
- User Group Assignment
- LDAP version 3 support
- TLS cryptographic protocol is also supported and provides security and data integrity for communications with LDAP directory server
- Go to the "LDAP Settings" tab in "Manage Settings" page of admin control panel.
- First of all tick the "Enable LDAP Authentication" checkbox to start and select the LDAP platform as shown below.
- Specify correct LDAP Host and Port.
- Specify additional LDAP connection settings:
- Enable "Use LDAP Version 3" option if you would like to use LDAP v3 protocol.
- If your LDAP server hold references to other servers you may want to enable "Allow Follow Referrals" option.
- The "Negotiate TLS" option allows establishment of Transport Layer Security on the connection.
- If you would like to get users by certain parameters, you can modify the "Search String" value. Otherwise, use the default value.
- Usually "Base DN" consists of two parts: OU (Organizational Unit) and dc (Domain Component, "mydomain" and "local" in our example; if your LDAP server name includes more domain levels, there will be more dc’s). You may not specify OU to get full tree of directory groups.
- Specify username and password for connection on the LDAP server. This user must have permission to see LDAP entries.
- Specify the mapping attributes under "LDAP Synchronization Settings". Remember that LDAP users that you want to import must have all these required attributes: account name, first name, last name, email. Otherwise they won’t be imported. Make sure that attributes here in PHPKB settings match the user attributes on LDAP server.
- If you would like to synchronize LDAP user details each time a LDAP user log in, set the checkbox accordingly. If this checkbox is not checked, account and group information will be synchronized only upon the first successful login.
- Check "Group Mapping Settings".
- A user that belongs to a ’LDAP Group’ that is not mapped to any ’PHPKB User Group’ will be assigned to the group set in "Default Group Mapping".
- Check the "LDAP Group Member Attribute" to match the group entry that stores a list of group members.
- Check all LDAP settings, click "Save" and mark the "Enable LDAP Group Mapping" to start mapping.
- Once the LDAP connection is successfully established, you will see the list of LDAP Groups on the left and PHPKB User Groups on the right. Now you need to map some groups from the LDAP server with user-groups in PHPKB. Mapping of ’LDAP Group X’ to ’PHPKB User Group Y’ means that users from ’LDAP Group X’ will be assigned to the ’PHPKB Group Y’.
From now onward, whenever someone tries to login to PHPKB and PHPKB doesn’t have this user account in its database, it asks the LDAP server and if a user with the specified username and password exists on the LDAP server, the account in PHPKB will be created automatically. You can confirm it by trying to login as one of the users from mapped LDAP groups. If all settings are correct, you’ll be able to login with username and password of this user from the LDAP server. An account will be created in PHPKB users database automatically upon successful login.
If you have any issues with LDAP integration or If you’re unable to configure it properly then you can ask for assistance and we’ll fully assist you. You can also refer to the Video Tutorial given below to see demonstration of steps above.
LDAP Integration Video Tutorial
- Applicable To: Enterprise Edition (MySQL), Enterprise Multi-Language Edition (MySQL), Enterprise Edition (SQL Server), Enterprise Multi-Language Edition (SQL Server)