Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
technical:ldap-integration [2025/02/15 07:16] systemtechnical:ldap-integration [2025/02/15 21:00] (current) system
Line 13: Line 13:
  
 ----------------- -----------------
 +
 ====== Required Packages ====== ====== Required Packages ======
   * We use the Authentication **Plugin** available with CakePHP v4 and CakePHP v5 as the foundation for the LDAP integration.   * We use the Authentication **Plugin** available with CakePHP v4 and CakePHP v5 as the foundation for the LDAP integration.
Line 20: Line 21:
 <code bash> <code bash>
 sudo apt-get install php-ldap sudo apt-get install php-ldap
-</code> +</code> 
 + 
 +----------------- 
 +====== LDAP Authentication Process ====== 
 + 
 +===== Bind (Initial Connection) ===== 
 +  - **Client connects:** The LDAP client (e.g., a user authentication script) connects to the LDAP server. 
 +  - **Bind request:** The client sends a bind request to the server, which includes the username (or DN) and password. 
 +  - **Server authenticates:** The server checks the username and password against its stored credentials. 
 +  - **Bind response:** If the credentials are valid, the server responds with a bind response, indicating a successful connection. 
 + 
 +===== Search ===== 
 +  - **Search request:** The client sends a search request to the server, specifying the search base, scope, filter, and attributes to retrieve. 
 +  - **Server searches:** The server searches its directory based on the client's request. 
 +  - **Search response:** The server responds with a search response, containing the matching entries and their attributes. 
 + 
 +===== Bind on Search Result with Password ===== 
 +  - **Client selects entry:** The client selects an entry from the search results. 
 +  - **Client extracts DN:** The client extracts the DN (distinguished name) from the selected entry. 
 +  - **Bind request with DN and password:** The client sends a new bind request to the server, using the extracted DN and the user-provided password. 
 +  - **Server authenticates:** The server checks the DN and password against its stored credentials. 
 +  - **Bind response:** If the credentials are valid, the server responds with a bind response, indicating a successful authentication.
  
 ---------- ----------
-===== Users =====+----------  
 +====== Configure LDAP ====== 
 +  * LDAP Integration is configured under the settings tab. 
 +  * One item that needs a bit more explanation is Filter. 
 +  * The filter contains a special character (**%s**) which will be substituted with the username that the user provide to log in. 
 +  * For active directory it will typically be **(&(objectClass=user)(samaccountname=%s))**. 
 +  * This filter will be applied when searching to find the DN of the user who needs to be authenticated.
    
 +<panel type="primary">
 +{{:technical:ldap:ldap_settings.png|}}
 +</panel>
 +
 +---------
 +
 +====== Test LDAP Settings ======
 +  * There is also a **Test LDAP Settings** Button that helps you to test the LDAP settings to ensure they work as intended.
 +  * The tests that will be done will be matching the **LDAP Authentication Process** described earlier on this page.
 +<panel type="primary">
 +{{:technical:ldap:ldap_settings_test.png|}}
 +</panel>
 +
  • technical/ldap-integration.1739596564.txt.gz
  • Last modified: 2025/02/15 07:16
  • by system