Home Contact Buy Now
Home Download Video Buy Now Resellers Contact

Forum

encourage other developers

FEATURE REQUEST: Enable "on behalf of" in charts page

LDAP auth module - now works with Sun DS

Issues with time format and description field in CSV export

Virtual Appliance Upgrade

Fresh install to new version - everything is blank

Can change the popup text size?

Custom Fields on My Time

News

27 May 2011
Anuko Time Tracker relocated
25 Aug 2010
Anuko World Clock 5.4.4 released
29 May 2010
Anuko World Clock 5.4.3 released!
12 Feb 2010
Anuko World Clock 5.4.2 released!
3 Oct 2009
Anuko Time Tracker 1.2.12 released!
27 Jul 2009
Anuko Time Tracker 2.0 to be developed
29 Jun 2009
Anuko Time Tracker 1.2.8 released!
15 Jun 2009
Anuko World Clock 5.3.1 released!

How to Configure LDAP Authentication Module for Windows Active Directory

This document describes how to configure LDAP Authentication Module for Windows Active Directory. You may also read instructions how to configure LDAP Authentication for OpenLDAP server.

Change Authentication Parameters in config.php

To enable LDAP authentication you need to set AUTH_MODULE value in Anuko Time Tracker config.php file as so:
define('AUTH_MODULE', 'ldap');

You also need to define the following authentication parameters in the same file.
$GLOBALS['AUTH_MODULE_PARAMS'] = array(
  'server' => '127.0.0.1',
  'type' => 'ad',
  'base_dn' => 'DC=example,DC=com',
  'default_domain' => 'example.com',
  'member_of' => array());
The parameters here are:

server - IP address or name of your domain controller. If you installed Time Tracker on the domain controller it could be localhost, or 127.0.0.1.

type - type of LDAP server. Set it to ad for Active Directory.

base_dn - base distinguished name in LDAP catalog. For example, if your domain is example.com you can specify DC=example,DC=com.

default_domain - default domain name Time Tracker will use to append to logins when they are specified without domain part. Do not underestimate the importance of this parameter. For example, you may login to Windows as johndoe but your identifier for LDAP is really johndoe@example.com. Specify domain name taken from your domain controller here.

member_of - comma-separated list of Windows groups, membership in which is required for user to be authenticated. It can be empty.

Enable php_ldap Extension

You need to enable php_ldap extension in your php.ini. Usually, it is just a matter of un-commenting one line in php.ini so that it becomes:
extension=php_ldap.dll

Do not forget to restart your web server after changing php.ini.

How to Set Users with LDAP Authentication

It is very important to set Time Tracker users correctly for LDAP authentication.

IMPORTANT NOTE: logins for managers, co-managers, and users MUST be in the form username@domain.com in Anuko Time Tracker (not in Windows), otherwise users will not be able to login to Anuko Time Tracker. The only exception is for admin. Admin's login is always just admin. If you already have a database of Time Tracker users you need to change their logins accordingly.

  1. Create a domain account admin. Login to your Time Tracker as admin. When LDAP Authentication Module is used only admin can create teams.
  2. If you need to create a new team go to the Teams page in admin's interface and create a new team. Use username@domain.com format for manager login. Additionally, create a Windows domain account for team manager if it does not exist. Without Windows domain accounts users are not able to login to Anuko Time Tracker.
  3. Log out admin and login as team manager to Time Tracker. Create co-managers and regular users in similar manner (in format username@domain.com). Remember, that all Time Tracker users must have their domain accounts in Active Directory.

If you don't want to mess with the admin account configure Time Tracker with db autentication first. Make sure that user logins are in the windowslogin@domain.com format. Once this is working change authentication parameters in Time Tracker config.php and test.

How to Debug

If you see a problem with LDAP Authentication Module enable authentication debug output in config.php file as so:
define('AUTH_DEBUG', 1);
This will allow you to see some values being passed to domain controller and hopefully troubleshoot the problem.

LDAP Configuration Example for Active Directory

Here is an example of configurations parameters and user names for Windows Active Directory:
define('AUTH_MODULE', 'ldap');
$GLOBALS['AUTH_MODULE_PARAMS'] = array(
  'server' => 'localhost',
  'type' => 'ad',
  'base_dn' => 'DC=mydomain,DC=com',
  'default_domain' => 'mydomain.com',
  'member_of' => array());

Windows Logins (Configured with Active Directory Users and Computers)

admin
manager
comanager
user1

Corresponding Time Tracker Logins (Configured in Time Tracker)

admin
manager@mydomain.com
comanager@mydomain.com
user1@mydomain.com

Home Download Video Buy Now Resellers Legal Contact
Login
Hosting and content management by Anuko