-
Notifications
You must be signed in to change notification settings - Fork 244
Active Directory Configuration
LibreBooking supports many different authentication sources, including direct Active Directory.
Before we can begin setting up LibreBooking, ensure LDAP support for PHP has been installed and configured.
https://www.php.net/manual/en/ldap.installation.php
If connecting to Active Directory over LDAPS, ensure that SSL support for PHP has been installed and configured.
https://www.php.net/manual/en/openssl.installation.php
First, log into LibreBooking as an administrator. Then open Application Configuration and choose Authentication-ActiveDirectory from the drop down at the top: We’ll go through each setting here.
After updating your Active Directory settings, return to Application Configuration, choose config.php from the drop down at the top, and change your authentication plugin option to Active Directory.
LibreBooking uses adLDAP for Active Directory connectivity, which has a much more detailed explanation of each setting.
domain.controllers is your Active Directory domain controller name or IP. You can provide a comma separated list if you have fallback servers.
port is the port to connect to the LDAP sever over. The default is 389, but 636 is often used for ldaps connections.
username if your Active Directory does not allow anonymous binding, this is the username to bind with.
password if your Active Directory does not allow anonymous binding, this is the password to bind with.
basedn is simply the base dn for your domain. It is often the same as your account suffix, but broken up and prefixed with DC=
version is version of LDAP being used. You’ll probably never have to change this from the default of 3.
use.ssl is whether or not to use SSL for connections. This requires changing your port and often prefixing domain controllers with ldaps://
account.suffix is the full account suffix for your domain, for example @mydomain.local.
database.auth.when.ldap.user.not.found tells LibreBooking to store the user’s password to be used for authentication in the event that LDAP is not accessible.
attribute.mapping is the list of name value pairs to use to map LDAP values to LibreBooking. The left side of the equals sign is the name of the attribute in LibreBooking and cannot change. The right side is the name of your LDAP attribute.
use.sso is whether or not to attempt to authenticate the user without prompting them. This typically only works within the network.
required.groups is the comma separated list of Active Directory groups that a user must be part of in order to gain access to LibreBooking.
sync.groups tells LibreBooking whether or not to synchronize group membership. It’s important to note that groups themselves will never be created or removed from LibreBooking. For any group membership that you want to sync, you must create a group in LibreBooking with the exact name as it appears in Active Directory. For example, if the user is part of the students group in LDAP, there must be a students group in LibreBooking.
prevent.clean.username if you require users to provide the domain name when logging in, this setting controls whether or not to strip that off when authenticating.