Skip to main content
Sign in

LDAP Connection

  • Updated

Contents

The LDAP connection can be used to connect the company's internal LDAP client to xentral in order to be able to identify the employees via LDAP when logging into xentral.

Note: The following instructions assume knowledge of how to use LDAP. Our support cannot help you with the configuration - here you would have to ask your system administrator.

Post-install package for LDAP

First you have to install the php7.x-ldap package on the server (e.g. php7.0-ldap if the server runs with PHP 7.0).

Settings in company data

Under Administration → Settings → System → Basic Settings → System there are the following setting options:

  • LDAP URI → The URI to reach your LDAP client
  • LDAP RDN → Main group of users that can log in
  • LDAP Base DN → Defines where in the directory tree downwards the search for specific objects should be started
  • LDAP Filter → Within the directories can be filtered by stored data. E.g. you can check if the user belongs to the appropriate group and if it is a person at all. (The specification of the LDAP filter is mandatory otherwise the authentication does not work)

Note: You can pass the corresponding user name in xentral in 2 ways:

  • %user%
  • {USER}

Example An example of the settings on an Active Directory would be the following:

Settings in user

Under Administration → Settings → Users you can then select the "LDAP directory" login method within a user.

The user name must match the name of the user in the LDAP directory. The password can be left blank.

User login

In order for the user to log in now, they need their LDAP username and password of the user in the LDAP directory.

Internal process (for administration)

For a better understanding, the internal process is described below.

// Connect to the LDAP Server
$ds = ldap_connect($this->app->erp->Firmendaten("ldap_host"));

$search = $this->app->erp->Firmendaten("ldap_searchbase");
$filter = $this->app->erp->Firmendaten("ldap_filter");

$bind_name = str_replace('{USER}',$username,$this->app->erp->Firmendaten("ldap_bindname"));

// Bind LDAP server
$ldapbind = ldap_bind($ds, $bind_name, $password);

// Search on LDAP server
$sr=ldap_search($ds,$search, $filter);

// if find then bind

if(ldap_count_entries($ds,$sr) > 0)
if($ldapbind)