I have a working kanboard with local authorization. Thank you for the quality product!
I decided to attach the possibility of domain authorization of users from MS AD. Adjusted:
define(‘LDAP_AUTH’, true);
define(‘LDAP_SERVER’, ‘ldap.ad.org’);
define(‘LDAP_PORT’, 389);
define(‘LDAP_SSL_VERIFY’, false); - not use
define(‘LDAP_START_TLS’, false); - not use
define(‘LDAP_USERNAME_CASE_SENSITIVE’, false);
define(‘LDAP_BIND_TYPE’, ‘proxy’);
define(‘LDAP_USERNAME’, ‘ProxyUser@AD.org’);
define(‘LDAP_PASSWORD’, ‘ProxyUserPassword’);
define(‘LDAP_USER_BASE_DN’, ‘OU=basis,OU=Users,OU=Central,OU=Main,DC=ad,DC=org’);
define(‘LDAP_USER_FILTER’, ‘(&(objectClass=user)(sAMAccountName=%s))’);
define(‘LDAP_USER_ATTRIBUTE_USERNAME’, ‘sAMAccountName’);
define(‘LDAP_USER_ATTRIBUTE_FULLNAME’, ‘displayName’);
define(‘LDAP_USER_ATTRIBUTE_EMAIL’, ‘mail’);
define(‘LDAP_USER_ATTRIBUTE_GROUPS’, ‘’);
define(‘LDAP_USER_ATTRIBUTE_PHOTO’, ‘’);
define(‘LDAP_USER_ATTRIBUTE_LANGUAGE’, ‘’);
define(‘LDAP_USER_CREATION’, true);
define(‘LDAP_GROUP_ADMIN_DN’, ‘’);
define(‘LDAP_GROUP_MANAGER_DN’, ‘’);
define(‘LDAP_GROUP_PROVIDER’, false);
define(‘LDAP_GROUP_MANAGER_DN’, ‘’);
define(‘LDAP_GROUP_PROVIDER’, false);
define(‘LDAP_GROUP_BASE_DN’, ‘’);
define(‘LDAP_GROUP_FILTER’, ‘’);
define(‘LDAP_GROUP_USER_FILTER’, ‘’);
define(‘LDAP_GROUP_ATTRIBUTE_NAME’, ‘cn’);
define(‘REVERSE_PROXY_AUTH’, false);
When logging in to the kanboard site I have an error message and a log entry:
[debug] BaseDN=CN=Users,DC=ad,DC=org
[debug] Filter=(&(objectClass=user)(sAMAccountName=ad.user))
[debug] Attributes=samaccountname, displayname, mail, memberof
[info] User (ad.user) not found in LDAP server
The credentials are uniquely correct and successfully used on a daily basis.
Other Linux systems are successfully authenticated through LDAP.
Why is the kanboard looking in “BaseDN=CN=Users” if I put the AD folder “OU=basis,OU=Users,OU=Central,OU=Main”?