======= LDAP Authentication =======

===== Requirements =====

We will take it for granted that you already know how to install and set up an LDAP server and a client, so we will skip this process.

The extensions you will need are:
  * php5-ldap 
  * authnz_ldap
 
Remember to restart or reload your Apache settings after installing them.
 
 
===== Feng Office Settings =====

You have to edit the **FENG_ROOT/config/ldap.config.example.php** file so that it has the following configuration:
 
<code>
  // The configuration array:
  $config_ldap = array (
      'binddn'    => '', //anonymous binding, but you may change it if you wish to
      'bindpw'    => '', //anonymous binding, but you may change it if you wish to
      'basedn'    => 'ou=people,dc=my,dc=domain,dc=com',
      'host'      => 'ldap://[my domain IP]:[LdapPort]',
      'port'      => [LdapPort],
      //'password_encoding' => 'MD5', //in case the passwords are encrypted
      'uid' => 'uid', //unique id to match with the LDAP and the username
  ); 
</code>
 
Example for **my.domain.com** with **192.168.1.5** as IP and **389** as LDAP port:
 
<code> 
  $config_ldap = array (
      'binddn'    => '',
      'bindpw'    => '',
      'basedn'    => 'ou=people,dc=my,dc=domain,dc=com',
      'host'      => 'ldap://192.168.1.5:389',
      'port'      => 389,    
      'uid' => 'uid', //unique id to match with the LDAP and the username
  );
</code>
 
After performing these changes, you will have to edit the ** FENG_ROOT/config/ldap.config.example.php ** so that it is called ** FENG_ROOT/config/ldap.config.php **

===== Users authentication =====

Once everything is set up, you will be able to access Feng Office either with the authentication that Feng Office provides, or through the LDAP one.
 
In order to use the LDAP authentication, you must make sure that the **usernames** they have in Feng Office match the uid for the LDAP users, so you must bear this in mind upon creation, or otherwise edit them.

When you create them, enable the checkbox of **Specify username** as shown below, and type in the uid (i.e.: johnsmith2):

{{:Username.png?800}}

In case you wish to edit the username of an existing user, you must be a SuperAdministrator, and:
  - Go to the Administration Panel
  - Access **Users**
  - Click on **Update Profile** of the user in question
  - Change the **username** and save the changes

===== Turning Off the LDAP authentication =====

In order to turn off the authentication through LDAP, you ought to do one of the following actions:
  - Rename the FENG_ROOT/config/config.ldap.php file to a different name (i.e.: old_config.ldap.php)
  - Delete the FENG_ROOT/config/config.ldap.php file (not the best way to do it though)