The LDAP plugin provides authentication by querying one or more LDAP servers.
When b2evolution’s login form is submitted, the plugin will intercept the login request to query the LDAP servers instead of querying b2evolution’s internal user table.
The plugin can do the following:
- Verify the password
- Create the user in the internal user table, with first name and last name.
- Download and assign the user profile picture
- Create and/or assign the main group for the user
- Create and/or assign secondary groups for the user
- Create and/or assign organization memberships for the user
|Author||b2evolution Group (v1 by blueyed)|
|Last tested in version||6.7.0|
If you have problems with setting up the plugin, enable Debugging and see what gets output in the Debuglog category for the plugin (at the bottom of the page).
See also: LDAP Integration
- Default Primary Group will be used when creating a new user in b2evolution after having found it in LDAP (but no group info is found in LDAP, see Assign primary group by: below)
Multiple LDAP servers can be queried in order. The first one that matches the login/password will be queried for account details and a user account will be created/updated in b2evolution.
- LDAP Server, Protocol version, Data encoding: allow to connect the server
- RDN for binding/authenticating : this is what will be used ti check if the username exists and verify password
After successful authentication:
- User Details - Base DN & Search filter: these will be used to query user details such as firstanme & lastname from the LDAP server.
- Expand profile pictures to a square: use this if the LDAP profile pictures don’t work well when imported in to b2evolution
- Assign primary group by: This key, from the DLAP user data will be used a Primary group name in b2evolution. If not found the Default Primary Group (above) will be used.
- Template for new primary groups: If the group name found above doesn’t match an existing Group inside b2evolution, then a new group with that name can be created. This group would be a duplicate (with the new name) of the group selected here. This is critical for setting default permissions.
- Secondary Groups - *: Use these fiels to assign secondary groups in b2evolution. This is similar to what happens for the primary group. NOTE: if a user gets secondary groups revoked in LDAP, they will also be unlinked from the user in b2evolution, the next time the user logs in. This works well if users sessions expire quickly enough to make users re-authenticate at least once per day.
The LDAP plugin originally shipped with b2evolution until 1.9.1 and then has been moved out to the Plugins Repository.
Comment from: Member
We updated the plugin to make it work with b2evolution v6 (which has enhanced encryption for passwords).
The latest version (for b2evolution v6) is available at: https://github.com/b2evolution/ldap_plugin