-
Notifications
You must be signed in to change notification settings - Fork 247
LDAP Configuration
LibreBooking supports many different authentication sources, including direct LDAP. PHP Setup
Before we can begin setting up LibreBooking, ensure LDAP support for PHP has been installed and configured.
https://www.php.net/manual/en/ldap.installation.php
If connecting to LDAP over LDAPS, ensure that SSL support for PHP has been installed and configured.
https://www.php.net/manual/en/openssl.installation.php LibreBooking Configuration
First, log into LibreBooking as an administrator. Then open Application Configuration and choose Authentication-Ldap from the drop down at the top. We’ll go through each setting here.
After updating your LDAP settings, return to Application Configuration, choose config.php from the drop down at the top, and change your authentication plugin option to Ldap.
LibreBooking uses Net_LDAP2 for LDAP connectivity, which has a much more detailed explanation of each setting.
host is your LDAP server’s name or IP. You can provide a comma separated list if you have fallback servers.
port is the port to connect to the LDAP sever over. The default is 389, but 636 is often used for ldaps connections.
version is version of LDAP being used. You’ll probably never have to change this from the default of 3.
starttls tells LibreBooking to start tls when connecting to LDAP. If using SSL the port should likely be set to 636 and the host should be prefixed with ldaps://
binddn is the fully qualified DN to bind to LDAP as, if your LDAP server does not allow anonymous binding.
bindpw is the password for your binddn user.
basedn is the LDAP base name to use when authenticating users.
filter is the default search filter for users. This can often be left blank.
scope is the default search scope for users. This can often be left blank.
required.group is the comma separated list of LDAP groups that a user must be part of in order to gain access to LibreBooking.
database.auth.when.ldap.user.not.found tells LibreBooking to store the user’s password to be used for authentication in the event that LDAP is not accessible.
attribute.mapping is the list of name value pairs to use to map LDAP values to LibreBooking. The left side of the equals sign is the name of the attribute in LibreBooking and cannot change. The right side is the name of your LDAP attribute.
user.id.attribute is the name of the LDAP attribute to use to identify the user.
sync.groups tells LibreBooking whether or not to synchronize group membership. It’s important to note that groups themselves will never be created or removed from LibreBooking . For any group membership that you want to sync, you must create a group in LibreBooking with the exact name as it appears in LDAP. For example, if the user is part of the students group in LDAP, there must be a students group in LibreBooking.
prevent.clean.username if you require users to provide the domain name when logging in, this setting controls whether or not to strip that off when authenticating.