Knowledge Base

Setting up LDAP Authentication

Article ID: 371
Last updated: 9 Oct, 2017

LDAP Authentication is accessible by administrator in Settings > Authentication Provider > Ldap tab in Admin Area.

Settings

  • Check Enable LDAP Authentication checkbox.
    (make sure that $conf['auth_remote'] in the file admin/config.inc.php is set to 1)

  • LDAP Authentication. To enable LDAP authentication check Enable LDAP Authentication
    Make sure that the config variable $conf['auth_remote'] in the file admin/config.inc.php is set to 1;
    You can disable LDAP authentication by setting $conf['auth_remote'] = 0.
  • LDAP Options. Identify host name of your LDAP server and the port for the protocols. The default port for LDAP over SSL is 636, for LDAP over TCP, UDP, or for TLS it is 389. You can specify Base DN for LDAP server and user DN and password. Leave User DN and Password fields empty for anonymous binding.

    In order to use nested groups in Active Directory, you should set the LDAP membership attribute to member:1.2.840.113556.1.4.1941: 
    This is a special rule to perform a recursive group search.

    For more information, see the following:
    https://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx
    https://blogs.technet.microsoft.com/...explore-group-membership-with-powershell/

  • Configuration. Set up the IP addresses for local authentication, specify whether to rewrite user data on login in "Rewrite user on login" field: 0 - once user created the data in KB will never been updated; 1 - on every authentication request, the user data in KB will be rewritten. You also can set up the options for updating user profiles and reseting password.
  • Group Mapping. Here you can set up LDAP group mapping behavior.  LDAP groups can be either static or dynamic. A static group entry contains a list of its users. A dynamic group is where the user entry contains a list of groups it belongs to.
  • User Mapping Fields. Define the LDAP attributes - first name, last name, email, remote user id and attributes for privileges and roles (optional). In your expression use the round bracket to identify the specific characters to parse out the records as the field. 
    For user's privilege and role mapping you can give users privileges based upon their group attributes. Click […] button to map LDAP groups to KBPublisher Privileges and/or Roles. 

    Please note, if you set mapping LDAP groups to the KBPublisher privileges, all matched users will be assigned the specified privilege. In case you do not have an  Unlimited license,  the number of allowed admin users could be exceeded and privilege will not be assigned to user.

    Important!  If you leave this field blank, roles and privileges assigned for users in KBPublisher will not be updated upon login.
  • Test / Debug Options (optional). Set up data to test / debug authentication for actual LDAP user.

     

Tip: You can disable LDAP authentication by setting $conf['auth_remote'] = 0; in file /kbp_dir/admin/config.inc.php

Article ID: 371
Last updated: 9 Oct, 2017
Revision: 7
Access: Public
Views: 8930
Comments: 0