Back to overview

Advanced LDAP

Add it on-the-fly to your HumHub by activating it in the Modules menu! ("Administration -> Modules")


Advanced LDAP

With this module, the basic LDAP functionality is extended with advanced functions.

Overview:

  • Automatic mapping of LDAP users to Spaces
  • Automatic linking of LDAP users to predefined groups (e.g. administrators)
  • Synchronize LDAP profile images to HumHub user profiles
  • Support for multiple LDAP servers/connections

User Mapping

You can assign user's group or Space memberships automatically using LDAP.

Mapping Options:

  • User LDAP group memberships (memberOf field, e.g. CN=xyz_space_access,OU=Groups,DC=example,DC=com)
  • The part of the users base DN (e.g. OU=People,DC=example,DC=com)
  • Attribute values (e.g. street==Some Street or street=~Street)
  • LDAP Query

Note: If the option 'Fetch/Update Users Automatically' is activated, the mappings are automatically updated every hour. Also, the mappings are updated each time a user logs in.

Space Mapping

If the Advanced LDAP module is enabled, the space mapping can be configured in the respective space under Space Settings Menu -> Members -> LDAP.

Note: This LDAP mapping can only be set by HumHub administrators. A Space Administrator does not have access to this setting for security reasons.

Configuration page: Open Space -> Members -> LDAP

Space LDAP Mapping

Group Mapping

A mapping based on user groups can be defined under Administration -> Users -> Groups -> Select a group -> LDAP.

Group LDAP Mapping

Group Mapping

Profile Images

You can also synchronize profile image from LDAP.

Modify your configuration files protected/config/common.php and add following section:

<?php

return [
    'components' => [
        'authClientCollection' => [
            'clients' => [
                'ldap' => [
                    'class' => 'humhub\modules\advancedLdap\authclient\LdapAuth',
                    'profileImageAttribute' => 'thumbnailphoto'
                ]
            ]
        ]
    ]
];

In this example, it is assumed that the image is stored in the LDAP attribute 'thumbnailphoto'. If another attribute is used, the configuration must be changed accordingly.

Multiple LDAP servers

If several different LDAP servers are used, the complete LDAP configuration must be organised via the configuration files.

Note: With the LDAP CLI tools, a clientId can always be passed as an additional parameter to define the desired LDAP connection.

When a user logs in, an authentication with the specified LDAP sources is attempted one after the other.

return [
    'components' => [
        'authClientCollection' => [
            'clients' => [
                'ldapServer1' => [
                    'class' => 'humhub\modules\advancedLdap\authclient\LdapAuth',
                    'clientId' => 'ldapServer1',
                    'hostname' => 'ldap1.example.com',
                    'port' => 636,
                     #'useStartTls' => true,
                    'useSsl' => true,
                    'baseDn' => 'dc=company1,dc=com',
                    'bindUsername' => 'cn=admin,dc=company1,dc=com',
                    'bindPassword' => 'XXX',
                    'loginFilter' => '(uid=%s)',
                    'userFilter' => '(objectClass=posixAccount)',
                    'idAttribute' => 'uid',
                    'usernameAttribute' => 'uid',
                    'autoRefreshUsers' => true
                ],
                'ldapServer2' => [
                    'class' => \humhub\modules\ldap\authclient\LdapAuth::class,
                    'clientId' => 'ldapServer2',
                    'hostname' => 'ldap2.example.com',
                    'port' => 636,
                    'useSsl' => true,
                    'baseDn' => 'dc=company2,dc=com',
                    'bindUsername' => 'cn=admin,dc=company2,dc=com',
                    'bindPassword' => 'XXX',
                    'loginFilter' => '(uid=%s)',
                    'userFilter' => '(objectClass=posixAccount)',
                    'idAttribute' => 'uid',
                    'usernameAttribute' => 'uid',
                    'autoRefreshUsers' => true
                ],

            ]
        ]
    ]
];

1.2.2 (September 27, 2021)

  • Enh: Added optional mapping description

1.2.1 (August 30, 2021)

  • Enh: Mapping detection for DN broken

1.2.0 (August 30, 2021)

  • Enh: Allow Space/Group mappings using LDAP queries
  • Enh: Improved support for Oracle Directory Server Enterprise Edition 11g
  • Enh: Updated translations
  • Enh: Removed odl Zend LDAP dependencies

1.1.0 (June 10, 2021)

  • Enh: Documentation updates
  • Enh: Moved to git repository to GitHub
  • Enh: Raised min HumHub version to 1.8+

1.0.2 (July 31 2020)

  • Fix: Migration Path for older HumHub installations (1.2) broken
  • Fix: Remove 'count' value in 'memberOf' list provided by some LDAP servers

1.0.1 (July 30, 2020)

  • Fix: Compatiblity issue with HumHub 1.6+

1.0.0 (November 11, 2019)

  • Enh: Initial release of standalone version
Version:
1.2.2 (released vor 2 Monaten)

Publisher:
HumHub GmbH & Co. KG

Website:
https://github.com/humhub/advanced-ldap-issues

Compatibility:
HumHub 1.8 - Latest





Professional Edition

This module is part of the Professional Edition.