You can use an LDAP server to authenticate and autocreate Group-Office users and e-mail accounts.
- Install the ldapauthenticator module at Start menu -> Modules
- Reload Group-Office
Go to System Settings -> Authentication
There’s a new section for LDAP server profiles. Click on the add button to add a profile. Enter the LDAP server details and domains. The domains are important because users need to login with <LDAPUSER>@<DOMAIN> to trigger the LDAP authenticator.
If you’re using Microsoft ActiveDirectory then you should use “samaccountname” as the username attribute. The users DN is typically CN=Users,DC=example,DC=com
Now check if you can login with the LDAP domain:
It should autocreate the LDAP user. In the user settings it won’t be possible to change the password as that’s not supported yet:
It’s also possible to synchronize users and groups from the LDAP server. Simply enable the checkboxes and optionally adjust the queries to fetch the correct users and groups.
When you enable the sync, it will schedule the sync to run the next minute. After that it will sync daily at midnight.
When a user or group is synchronized. It fires an event. So it’s possible to build a module that can customize the LDAP synchronization.
If you want to test the sync on the terminal lookup the ID from your configuration in table ‘ldapauth_server’ and run:
php cli.php community/ldapauthenticator/Sync/users --id=<ID FROM DATABASE> --dryRun=1 --delete=1 --maxDeletePercentage=50