Setting up LDAP Integration & Authorization in PHPKB Software


This article describes how to setup LDAP integration in PHPKB Knowledge Management Software.

LDAP stands for Lightweight Directory Access Protocol, and allows usage of single user account directory to log in to various applications.

LDAP Integration with Knowledge Base

LDAP integration allows you to use your existing LDAP server (such as Microsoft Active Directory, OpenLDAP, etc) for user authentication and grouping in PHPKB Knowledge Management Software. If you run LDAP on your network then you can take benefit of this facility to allow your users to login to the knowledge base using their LDAP login credentials. Your administrator won’t need to create account for each user. Just connect to LDAP server, map LDAP directory groups with PHPKB User Groups, and retrieve users with full account information in one click. As well as integration, user account details can be synched and LDAP groups can be mapped with PHPKB User Groups for group-based permissions.

Note : LDAP Integration & Authentication facility is available only in the Enterprise Editions of PHPKB software. The currently supported LDAP platforms are Microsoft Active Directory, Novell eDirectory, OpenLDAP, SAMBA, Posix etc.

Here’s the LDAP settings page in the admin control panel:

LDAP Settings

You can use existing LDAP server to manage user integration and authentication with following options:

Setup Instructions

  1. Go to the LDAP Settings tab in Manage Settings page of admin control panel.
  2. First of all tick the Enable LDAP Authentication checkbox to start and select the LDAP platform as shown below. If you get an error "LDAP Support Unavailable", please scroll down to "How to enable LDAP extension in PHP?" section of this article. 
  3. Specify correct LDAP Host and Port.
  4. Specify additional LDAP connection settings:
  5. If you would like to get users by certain parameters, you can modify the Search String value. Otherwise, use the default value.
  6. Usually Base DN consists of two parts: OU (Organizational Unit) and dc (Domain Component, "mydomain" and "local" in our example; if your LDAP server name includes more domain levels, there will be more dc's). You may not specify OU to get full tree of directory groups.
  7. Specify username and password for connection on the LDAP server. This user must have permission to see LDAP entries.
  8. Specify the mapping attributes under "LDAP Synchronization Settings". Remember that LDAP users that you want to import must have all these required attributes: account name, first name, last name, email. Otherwise they won't be imported. Make sure that attributes here in PHPKB settings match the user attributes on LDAP server.
  9. If you would like to synchronize LDAP user details each time a LDAP user log in, set the checkbox accordingly. If this checkbox is not checked, account and group information will be synchronized only upon the first successful login.
  10. Check "Group Mapping Settings".
  11. Check all LDAP settings, click Save and mark the Enable LDAP Group Mapping to start mapping.
  12. Once the LDAP connection is successfully established, you will see the list of LDAP Groups on the left and PHPKB User Groups on the right. Now you need to map some groups from the LDAP server with user-groups in PHPKB. Mapping of 'LDAP Group X' to 'PHPKB User Group Y' means that users from 'LDAP Group X' will be assigned to the 'PHPKB Group Y'.
LDAP User Login & Authentication

From now onward, whenever someone tries to login to PHPKB and PHPKB doesn't have this user account in its database, it asks the LDAP server and if a user with the specified username and password exists on the LDAP server, the account in PHPKB will be created automatically. You can confirm it by trying to login as one of the users from mapped LDAP groups. If all settings are correct, you'll be able to login with username and password of this user from the LDAP server. An account will be created in PHPKB users database automatically upon successful login.

How to enable LDAP extension in PHP?

To enable LDAP extension in your PHP installation, please follow the instructions below.

For Windows Server (Running IIS or Apache)

  1. If you are on a Windows Server, you will need to open the php.ini configuration file (generally located at C:\php\php.ini) in any text editor such as notepad.
  2. Search for extension=php_ldap.dll in php.ini file. Uncomment this line, if not present then add this line in the file and save the php.ini file.
  3. Restart your web server. After that refresh the LDAP plugin configuration page in "Manage Settings" section of admin control panel.

For Linux Server

  1. Install php ldap extension (If not installed yet)
    1. For Debian, the installation command would be apt-get install php-ldap
    2. For RHEL based systems, the command would be yum install php-ldap
  2. Search for extension=php_ldap.so in php.ini file. Uncomment this line, if not present then add this line in the file and save the file.
  3. Restart your web server. After that refresh the LDAP plugin configuration page in "Manage Settings" section of admin control panel.

If you have any issues with LDAP integration or If you’re unable to configure it properly then you can ask for assistance and we’ll fully assist you. You can also refer to the Video Tutorial given below to see demonstration of steps above.

LDAP Integration Video Tutorial


Custom Fields

Article ID: 34
Created: Wed, May 2, 2012
Last Updated: Thu, Apr 9, 2020
Author: Ajay Chadha

Online URL: https://www.phpkb.com/kb/article/setting-up-ldap-integration-authorization-in-phpkb-software-34.html