LDAP is available in Symbiose as an authentication provider.

Installation

You'll have to install the LDAP library for PHP (php5-ldap for Debian/Ubuntu, https://www.archlinux.org/packages/extra/x86_64/php-ldap/ for Arch).

Then, uncomment this line in your php.ini:

extension=ldap.so

Configuration

It's quite easy to setup LDAP authentication in Symbiose.

Before setting up LDAP

It is recommended to login with an admin account before setting up LDAP in order to grant admin privileges to your LDAP account with this opened session. In fact, LDAP users logging in in the webos don't have any permission by default.

Setup LDAP

Edit the file /etc/daos.json and add/edit the ldap entry :

{
    "ldap": {
        "callback": [
            "\\lib\\dao\\LDAPFactory",
            "getConnexion"
        ],
        "config": {
            "host":"localhost",
            "port":389,
            "baseDn":"dc=example,dc=org",
            "bindRdn":"cn=Manager,dc=example,dc=org",
            "bindPassword":"secret"
        }
    }
}

Change host and port to your server settings. You can also specify an URI in host (port will be ignored). If you do that, you can specify multiple LDAP servers by separating them with a space. In that case, if the first server is not available, the webos will use the second.

You also have to set baseDn to your base DN, bindRdn to a manager's RDN, bindPassword to his password.

Set LDAP as default authentication mode

Edit the file /etc/managers.json and add this attribute.

{
	"user":"ldap"
}

Don't try to login for the moment, otherwise the active session will be overwritten.

Granting permissions to your LDAP account

You can now grant admin privileges to your LDAP account with your opened session (with the System settings app). If you forgot that, don't worry, just remove the line you've added in /etc/managers.json, login as admin and re-add the line.

You should be able now to login in Symbiose using your LDAP server.