• RADIUSdesk has become a popular choice for enterprise deployments due to its flexibility and a user-friendly and versatile interface.
• We now also offer our enterprise customers the option of LDAP integration for managing administrators within the RADIUSdesk system.
• In this document, we will cover the configuration and testing of LDAP integration in RADIUSdesk.

• We use the Authentication Plugin available with CakePHP v4 and CakePHP v5 as the foundation for the LDAP integration.
• In the past we used the Auth Component which is now being replaced by the Authentication and Authorization Plugins in more recent versions of CakePHP.
• The rdcore git code from 15 February onward will have the Authentication plugin included and active.
• To add LDAP capability you also need to install the LDAP php library on the system hosting RADIUSdesk.

sudo apt-get install php-ldap

1. Client connects: The LDAP client (e.g., a user authentication script) connects to the LDAP server.
2. Bind request: The client sends a bind request to the server, which includes the username (or DN) and password.
3. Server authenticates: The server checks the username and password against its stored credentials.
4. Bind response: If the credentials are valid, the server responds with a bind response, indicating a successful connection.

1. Search request: The client sends a search request to the server, specifying the search base, scope, filter, and attributes to retrieve.
2. Server searches: The server searches its directory based on the client's request.
3. Search response: The server responds with a search response, containing the matching entries and their attributes.

1. Client selects entry: The client selects an entry from the search results.
2. Client extracts DN: The client extracts the DN (distinguished name) from the selected entry.
3. Bind request with DN and password: The client sends a new bind request to the server, using the extracted DN and the user-provided password.
4. Server authenticates: The server checks the DN and password against its stored credentials.
5. Bind response: If the credentials are valid, the server responds with a bind response, indicating a successful authentication.

• LDAP Integration is configured under the settings tab.
• One item that needs a bit more explanation is Filter.
• The filter contains a special character (%s) which will be substituted with the username that the user provide to log in.
• For active directory it will typically be (&(objectClass=user)(samaccountname=%s)).
• This filter will be applied when searching to find the DN of the user who needs to be authenticated.

• There is also a Test LDAP Settings Button that helps you to test the LDAP settings to ensure they work as intended.
• The tests that will be done will be matching the LDAP Authentication Process described earlier on this page.