Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
technical:ldap-integration [2025/02/15 07:16] – system | technical:ldap-integration [2025/02/15 21:00] (current) – system | ||
---|---|---|---|
Line 13: | Line 13: | ||
----------------- | ----------------- | ||
+ | |||
====== Required Packages ====== | ====== Required Packages ====== | ||
* We use the Authentication **Plugin** available with CakePHP v4 and CakePHP v5 as the foundation for the LDAP integration. | * We use the Authentication **Plugin** available with CakePHP v4 and CakePHP v5 as the foundation for the LDAP integration. | ||
Line 20: | Line 21: | ||
<code bash> | <code bash> | ||
sudo apt-get install php-ldap | sudo apt-get install php-ldap | ||
- | </ | + | </ |
+ | |||
+ | ----------------- | ||
+ | ====== LDAP Authentication Process ====== | ||
+ | |||
+ | ===== Bind (Initial Connection) ===== | ||
+ | - **Client connects:** The LDAP client (e.g., a user authentication script) connects to the LDAP server. | ||
+ | - **Bind request:** The client sends a bind request to the server, which includes the username (or DN) and password. | ||
+ | - **Server authenticates: | ||
+ | - **Bind response:** If the credentials are valid, the server responds with a bind response, indicating a successful connection. | ||
+ | |||
+ | ===== Search ===== | ||
+ | - **Search request:** The client sends a search request to the server, specifying the search base, scope, filter, and attributes to retrieve. | ||
+ | - **Server searches:** The server searches its directory based on the client' | ||
+ | - **Search response:** The server responds with a search response, containing the matching entries and their attributes. | ||
+ | |||
+ | ===== Bind on Search Result with Password ===== | ||
+ | - **Client selects entry:** The client selects an entry from the search results. | ||
+ | - **Client extracts DN:** The client extracts the DN (distinguished name) from the selected entry. | ||
+ | - **Bind request with DN and password:** The client sends a new bind request to the server, using the extracted DN and the user-provided password. | ||
+ | - **Server authenticates: | ||
+ | - **Bind response:** If the credentials are valid, the server responds with a bind response, indicating a successful authentication. | ||
---------- | ---------- | ||
- | ===== Users ===== | + | ---------- |
+ | ====== | ||
+ | * LDAP Integration is configured under the settings tab. | ||
+ | * One item that needs a bit more explanation is Filter. | ||
+ | * The filter contains a special character (**%s**) which will be substituted with the username that the user provide to log in. | ||
+ | * For active directory it will typically be **(& | ||
+ | * This filter will be applied when searching to find the DN of the user who needs to be authenticated. | ||
+ | <panel type=" | ||
+ | {{: | ||
+ | </ | ||
+ | |||
+ | --------- | ||
+ | |||
+ | ====== Test LDAP Settings ====== | ||
+ | * There is also a **Test LDAP Settings** Button that helps you to test the LDAP settings to ensure they work as intended. | ||
+ | * The tests that will be done will be matching the **LDAP Authentication Process** described earlier on this page. | ||
+ | <panel type=" | ||
+ | {{: | ||
+ | </ | ||
+ |