ReverseProxy authentication + LDAP authorization (AD)

Hi there!

For my current project I am setting up a Kanboard server to use in a AD environment, but this question also goes for LDAP environments.

I have configured the webserver (apache) to authenticate all users via Kerberos. And all users in the group we want, can log in to Kanboard just fine.

However, we also like to put project authorizations in AD. I was able to pull in the groups from AD into the permission manager. And I am able to log in with AD (when I disable reverseproxy auth). So I know all of that works.

However, I have 2 questions:

  1. All groups that come from LDAP are empty (0 members). I configured it according to the documentation, but it seems off. Did I misconfigure something, or is the documentation incomplete? It seems to me that the issue might be how AD treats group members (the member attribute contains DN’s and not uid/samaccountnames)

  2. When I log in using ReverseProxy authentication, it doesn’t seem to sync my Display Name, Email etc. to my Kanboard account. Whereas when I login using the login form (LDAP according to the logs) it does. And puts me in the same useraccount. Is there anything I can do to fix that?