You can assign user's group or Space memberships automatically using LDAP.
Mapping Options:
Note: If the option 'Fetch/Update Users Automatically' is activated, the mappings are updated automatically every hour and each time a user logs in.
If the Advanced LDAP module is enabled and configured, the Space mapping can be configured in the respective Space under Space > Space Settings Dropdown > Members > LDAP
.
Note: This LDAP mapping can only be configured by HumHub administrators. A Space Administrator does not have access to this setting for security reasons.
A mapping based on user groups can be defined under Administration > Users > Groups > Select a group > LDAP
.
You can also synchronize profile image from LDAP.
Modify your configuration files protected/config/common.php
and add following section:
<?php
return [
'components' => [
'authClientCollection' => [
'clients' => [
'ldap' => [
'class' => 'humhub\modules\advancedLdap\authclient\LdapAuth',
'profileImageAttribute' => 'thumbnailphoto'
]
]
]
]
];
In this example, it is assumed that the image is stored in the LDAP attribute thumbnailphoto. If a different attribute is used, the configuration must be adjusted accordingly.
Note: The attribute must be defined in lowercase, as any other naming convention will result in errors.
If several different LDAP servers are used, the complete LDAP configuration must be organised via the configuration files.
Note: With the LDAP CLI tools, a clientId
can always be passed as an additional parameter to define the desired LDAP connection.
When a user logs in, an authentication with the specified LDAP sources is attempted one after the other.
return [
'components' => [
'authClientCollection' => [
'clients' => [
'ldapServer1' => [
'class' => 'humhub\modules\advancedLdap\authclient\LdapAuth',
'clientId' => 'ldapServer1',
'hostname' => 'ldap1.example.com',
'port' => 636,
#'useStartTls' => true,
'useSsl' => true,
'baseDn' => 'dc=company1,dc=com',
'bindUsername' => 'cn=admin,dc=company1,dc=com',
'bindPassword' => 'XXX',
'loginFilter' => '(uid=%s)',
'userFilter' => '(objectClass=posixAccount)',
'idAttribute' => 'uid',
'usernameAttribute' => 'uid',
'autoRefreshUsers' => true
],
'ldapServer2' => [
'class' => \humhub\modules\ldap\authclient\LdapAuth::class,
'clientId' => 'ldapServer2',
'hostname' => 'ldap2.example.com',
'port' => 636,
'useSsl' => true,
'baseDn' => 'dc=company2,dc=com',
'bindUsername' => 'cn=admin,dc=company2,dc=com',
'bindPassword' => 'XXX',
'loginFilter' => '(uid=%s)',
'userFilter' => '(objectClass=posixAccount)',
'idAttribute' => 'uid',
'usernameAttribute' => 'uid',
'autoRefreshUsers' => true
],
]
]
]
];