I am trying to configure Kanboard to authenticate to my FreeIPA server but I am unable to log in to the web interface. I have installed the FreeIPA client on the kanboard server and can log in to the server via ssh using a FreeIPA account. I have set the service HTTP/kanboard.my.domain on the FreeIPA server and added the necessary HBAC rules, and added the accounts as remote user accounts in Kanboard.
I have configured the config.php file as per this guide: https://linoxide.com/ubuntu-how-to/setup-kanboard-ubuntu-16/ and installed the ReverseProxyLdap plugin. There must be something else I am missing but can’t see what it could be. Has anyone successfully configured Kanboard to authenticate to FreeIPA?
Kanboard version: 1.2.13
Database type and version: MariaDB 10.12
PHP version: 7.2.24
OS: Ubuntu 18.04 (FreeIPA CentOS 7)
Browser: Mozilla 5.0
FreeIPA Version: 4.6.5
config.php
// Enable LDAP authentication (false by default)
define(‘LDAP_AUTH’, true);
// LDAP server hostname
define(‘LDAP_SERVER’, ‘IPA_Server.my.domain’);
// LDAP server port (389 by default)
define(‘LDAP_PORT’, 389);
// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification
define(‘LDAP_SSL_VERIFY’, false);
// Enable LDAP START_TLS
define(‘LDAP_START_TLS’, false);
// Set to true if you want to preserve the case
define(‘LDAP_USERNAME_CASE_SENSITIVE’, false);
// LDAP bind type: “anonymous”, “user” or “proxy”
define(‘LDAP_BIND_TYPE’, ‘user’);
// LDAP username to use with proxy mode
// LDAP username pattern to use with user mode
define(‘LDAP_USERNAME’, ‘uid=%s,ou=ipausers,dc=my,dc=domain’);
// LDAP password to use for proxy mode
define(‘LDAP_PASSWORD’, ‘’);
// LDAP DN for users
// Example for ActiveDirectory: CN=Users,DC=kanboard,DC=local
// Example for OpenLDAP: ou=People,dc=example,dc=com
define(‘LDAP_USER_BASE_DN’, ‘ou=ipausers,dc=my,dc=domain’);
// LDAP pattern to use when searching for a user account
// Example for ActiveDirectory: ‘(&(objectClass=user)(sAMAccountName=%s))’
// Example for OpenLDAP: ‘uid=%s’
define(‘LDAP_USER_FILTER’, ‘uid=%s’);
// LDAP attribute for username
// Example for ActiveDirectory: ‘samaccountname’
// Example for OpenLDAP: ‘uid’
define(‘LDAP_USER_ATTRIBUTE_USERNAME’, ‘uid’);
// LDAP attribute for user full name
// Example for ActiveDirectory: ‘displayname’
// Example for OpenLDAP: ‘cn’
define(‘LDAP_USER_ATTRIBUTE_FULLNAME’, ‘cn’);
// LDAP attribute for user email
define(‘LDAP_USER_ATTRIBUTE_EMAIL’, ‘mail’);
// LDAP attribute to find groups in user profile
define(‘LDAP_USER_ATTRIBUTE_GROUPS’, ‘gid’);
// LDAP attribute for user avatar image: thumbnailPhoto or jpegPhoto
define(‘LDAP_USER_ATTRIBUTE_PHOTO’, ‘’);
// LDAP attribute for user language, example: ‘preferredlanguage’
// Put an empty string to disable language sync
define(‘LDAP_USER_ATTRIBUTE_LANGUAGE’, ‘’);
// Allow automatic LDAP user creation
define(‘LDAP_USER_CREATION’, false);
// LDAP DN for administrators
// Example: CN=Kanboard-Admins,CN=Users,DC=kanboard,DC=local
define(‘LDAP_GROUP_ADMIN_DN’, ‘ou=admins,dc=my,dc=domain’);
// LDAP DN for managers
// Example: CN=Kanboard Managers,CN=Users,DC=kanboard,DC=local
define(‘LDAP_GROUP_MANAGER_DN’, ‘’);
// Enable LDAP group provider for project permissions
// The end-user will be able to browse LDAP groups from the user interface and allow access to specified projects
define(‘LDAP_GROUP_PROVIDER’, false);
// LDAP Base DN for groups
define(‘LDAP_GROUP_BASE_DN’, ‘ou=groups,dc=my,dc=domain’);
// LDAP group filter
// Example for ActiveDirectory: (&(objectClass=group)(sAMAccountName=%s*))
define(‘LDAP_GROUP_FILTER’, ‘’);
// LDAP user group filter
// If this filter is configured, it will search user groups in LDAP_GROUP_BASE_DN with this filter
// Example for OpenLDAP: (&(objectClass=posixGroup)(memberUid=%s))
define(‘LDAP_GROUP_USER_FILTER’, ‘(&(objectClass=posixGroup)(memberUid=%s))’);
// LDAP attribute for the group name
define(‘LDAP_GROUP_ATTRIBUTE_NAME’, ‘cn’);
// Enable/disable the reverse proxy authentication
define(‘REVERSE_PROXY_AUTH’, false);
// Header name to use for the username
define(‘REVERSE_PROXY_USER_HEADER’, ‘REMOTE_USER’);
// Username of the admin, by default blank
define(‘REVERSE_PROXY_DEFAULT_ADMIN’, ‘’);
// Default domain to use for setting the email address
define(‘REVERSE_PROXY_DEFAULT_DOMAIN’, ‘’);