LDAP authentication

Hello folks,

Is there a way to authenticate ldap’s users without define('LDAP_USER_CREATION', true) in config.php ?
I just wanted to only authorize users i put into groups i defined in my openldap.

Or maybe i didn’t understand how ldap authentication works…

Thank you in advance.

Hi mrwormo,
I just did some testing on one of the Kanboard-Instances I run with “ActiveDirectory-Integration” via LDAP … and found out this:

If LDAP_USER_CREATION is set to TRUE, then Kanboard will create a new user-account if an LDAP-authentification is valid, but that user does not yet exist in the Kanboard-user-table!

If LDAP_USER_CREATION is set to FALSE, then logging in with valid LDAP-credentials will only succeed, if that user is already present in the Kanboard-user-table!

That means:

  • If you want all your LDAP users to be able to login to Kanboard, set this to TRUE
    • It just means, that Kanboard will automatically create non-existing Kanboard users on their first login
  • If you want to control, which of your LDAP users are allowed to login to Kanboard do this:
    • Create all your LDAP users manually in Kanboard by checking the option “Remote user” in the Authentication-area and leaving the password-fields blank.
    • These users can then login to Kanboard with their LDAP-credentials

When I said “all your LDAP users” I should more precisely say:
All the LDAP-users that can be found beneath the LDAP_USER_BASE_DN !

Hope this helps,
Manfred

Hey Manfred,

So Kanboard’s LDAP authentication works like i though…

Thx for your answer !