Hi to all,
I'm new to Elgg (1.6) and my boss asked me to make it authenticate with the LDAP server. I looked for help on the web but have found ony unclear matierial.
I have installed the auth_ldap plugin and enabled it. Then I wrote the data on the "settings"" of the plugin but I have absolutely no idea of where to look to check if the authentication works or not. Is there a log somewhere? A debugging tool? Furthermore I don't know how set Elgg so that it uses LDAP authentication instead of its own one.
Is there anybody that can turn me in the right direction?
Thank you!
Adriano
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- Codebrane@codebrane
Codebrane - 0 likes
- Alex Tanchoco@al.t
Alex Tanchoco - 0 likes
You must log in to post replies.It just works. Fill in the settings and off you go. If you have an LDAP user, login as them. If the auth fails Elgg tries the next auth handler.
If you have an LDAP user that doesn't have an Elgg account, set the plugin to auto create users. If you can login as that user then the LDAP plugin works.
Adriano,
When I first looked at this problem (about a year ago), I had challenges getting the downloadable LDAP plugin to work. I was a real elgg newbie at the time and couldn't find info, so instead of trying to get that fixed, I simply went to the login.php and messed with it (I didn't know how to write plugins at the time).
Our AD/LDAP environment is a bit unusual - I don't what to describe it here for security reasons.
What I can do is share snippets of where I changed code to allow for LDAP authentication while still allowing authorized Elgg users (such as test accounts and special accounts that are not in LDAP) access. I then removed the registration code and links so the only way to create users through elgg would be for the site-admin to add users. There is also no longer a need for password reset/change and disabling of accounts are all done through the AD/LDAP. Also, to prevent the local Elgg accounts that matches the LDAP account from being used if the original login.php got reenabled for some reason (such as after an upgrade), I reset the elgg password to a new random hashed key everytime the LDAP user logs in.
I'll be really tied up today but maybe I can post the snippets next week if you are interested. If you can get the LDAP plugin to work for your environment, that will be preferred.