LDAP Connection

#1

Hello,

I have problem with connection between LDAP and Kanboard. I’ve made my own LDAP structure. How should I change the config to make this thing work?
Thank you very much.

image

#2

it matches what i have. mine works.

is your config correct?

#3

Here is my LDAP part of config.

// Enable LDAP authentication (false by default)
define(‘LDAP_AUTH’,true);

// LDAP server hostname
define(‘LDAP_SERVER’,‘ldap://XXXX.XXX.XX’);

// LDAP server port (389 by default)
define(‘LDAP_PORT’, 389);

// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification
define(‘LDAP_SSL_VERIFY’, false);

// Enable LDAP START_TLS
define(‘LDAP_START_TLS’, false);

// By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive)
// Set to true if you want to preserve the case
define(‘LDAP_USERNAME_CASE_SENSITIVE’, false);

// LDAP bind type: “anonymous”, “user” or “proxy”
define(‘LDAP_BIND_TYPE’, ‘user’);

// LDAP username to use with proxy mode
// LDAP username pattern to use with user mode
define(‘LDAP_USERNAME’, ‘uid=$s,cn=user,ou=uzivatele,dc=vse,dc=cz’);

// LDAP password to use for proxy mode
define(‘LDAP_PASSWORD’, ‘’);

// LDAP DN for users
// Example for ActiveDirectory: CN=Users,DC=kanboard,DC=local
// Example for OpenLDAP: ou=People,dc=example,dc=com
define(‘LDAP_USER_BASE_DN’, ‘cn=user,ou=uzivatele,dc=vse,dc=cz’);

// LDAP pattern to use when searching for a user account
// Example for ActiveDirectory: ‘(&(objectClass=user)(sAMAccountName=%s))’
// Example for OpenLDAP: ‘uid=%s’
define(‘LDAP_USER_FILTER’, ‘uid=%s’);

// LDAP attribute for username
// Example for ActiveDirectory: ‘samaccountname’
// Example for OpenLDAP: ‘uid’
define(‘LDAP_USER_ATTRIBUTE_USERNAME’, ‘cn’);

// LDAP attribute for user full name
// Example for ActiveDirectory: ‘displayname’
// Example for OpenLDAP: ‘cn’
define(‘LDAP_USER_ATTRIBUTE_FULLNAME’, ‘cn’);

// LDAP attribute for user email
define(‘LDAP_USER_ATTRIBUTE_EMAIL’, ‘mail’);

// LDAP attribute to find groups in user profile
define(‘LDAP_USER_ATTRIBUTE_GROUPS’, ‘gid’);

// LDAP attribute for user avatar image: thumbnailPhoto or jpegPhoto
define(‘LDAP_USER_ATTRIBUTE_PHOTO’, ‘’);

// LDAP attribute for user language, example: ‘preferredlanguage’
// Put an empty string to disable language sync
define(‘LDAP_USER_ATTRIBUTE_LANGUAGE’, ‘’);

// Allow automatic LDAP user creation
define(‘LDAP_USER_CREATION’, true);

// LDAP DN for administrators
// Example: CN=Kanboard-Admins,CN=Users,DC=kanboard,DC=local
define(‘LDAP_GROUP_ADMIN_DN’, ‘dc=vse,dc=cz’);

// LDAP DN for managers
// Example: CN=Kanboard Managers,CN=Users,DC=kanboard,DC=local
define(‘LDAP_GROUP_MANAGER_DN’, ‘’);

// Enable LDAP group provider for project permissions
// The end-user will be able to browse LDAP groups from the user interface and allow access to specified projects
define(‘LDAP_GROUP_PROVIDER’, false);

// LDAP Base DN for groups
define(‘LDAP_GROUP_BASE_DN’, ‘cn=user,ou=uzivatele,dc=vse,dc=cz’);

// LDAP group filter
// Example for ActiveDirectory: (&(objectClass=group)(sAMAccountName=%s*))
define(‘LDAP_GROUP_FILTER’, ‘’);

// LDAP user group filter
// If this filter is configured, Kanboard will search user groups in LDAP_GROUP_BASE_DN with this filter
// Example for OpenLDAP: (&(objectClass=posixGroup)(memberUid=%s))
define(‘LDAP_GROUP_USER_FILTER’, ‘(&(objectClass=posixGroup)(memberUid=%s))’);

// LDAP attribute for the group name
define(‘LDAP_GROUP_ATTRIBUTE_NAME’, ‘cn’);

Can you spot the mistake somewhere?
Thank you

#4

I can’t confirm your settings for username, pw, etc…but I do not have ldap:// in my setting:

// LDAP server hostname
define('LDAP_SERVER', '192.168.1.19');

These are also different:

// LDAP bind type: "anonymous", "user" or "proxy"
define('LDAP_BIND_TYPE', 'proxy');

// LDAP username to use with proxy mode
// LDAP username pattern to use with user mode
define('LDAP_USERNAME', 'cn=admin,dc=domain,dc=com');
#5

Unluckilly, I’ve changed these three lines of config and nothing happend :frowning:

Is there any chance to send me your config? Or just LDAP lines? (Of course without any credentials or names)
Thank you once again.

#6

Ya, next chance I get.

Did you add the LDAP administration password to your config, since you changed to proxy?