diff --git a/README.markdown b/README.markdown index 2d88cda4d..3858c1e67 100644 --- a/README.markdown +++ b/README.markdown @@ -72,6 +72,7 @@ Documentation - [Upgrade Kanboard to a new version](docs/update.markdown) - [Sqlite database management](docs/sqlite-database.markdown) - [How to use Mysql instead of Sqlite](docs/mysql-configuration.markdown) +- [LDAP authentication](docs/ldap-authentication.markdown) - [How to use Kanboard with Vagrant](docs/vagrant.markdown) - [Webhooks](docs/webhooks.markdown) diff --git a/docs/ldap-authentication.markdown b/docs/ldap-authentication.markdown new file mode 100644 index 000000000..65abbbb3d --- /dev/null +++ b/docs/ldap-authentication.markdown @@ -0,0 +1,73 @@ +LDAP authentication +=================== + +Requirements +------------ + +- LDAP extension for PHP +- LDAP server (By example: OpenLDAP or Microsoft Active Directory) + +Workflow +-------- + +When the LDAP authentication is activated, the login process work like that: + +1. Try to authenticate the user by using the database +2. If the user is not found inside the database, a LDAP authentication is performed +3. If the LDAP authentication is successful, a local user is created automatically with no password and marked as LDAP user. + +Differences between a local user and a LDAP user are the following: + +- LDAP users have no local passwords +- LDAP users can't modify their password with the user interface +- By default, all LDAP users have no admin privileges +- To become administrator, a LDAP user must be promoted by another administrator + +Configuration +------------- + +The first step is to create a custom config file named `config.php`. +This file must be stored in the root directory. + +To do that, you can create an empty PHP file or copy/rename the sample file `config.default.php`. + +### Example for Microsoft Active Directory + +Let's say we have a domain `MYDOMAIN` (mydomain.local) and the primary controller is `myserver.mydomain.local`. + +```php +