News:
Forum:
Read News Read Forum

LDAP Authentication Module for Anuko Time Tracker

Anuko Time Tracker is a simple, easy to use, open source, web-based time tracking system. Anuko Time Tracker allows you to track the time that employees, colleagues, or teammates spend working on any project or activity that you need to keep tabs on, and is suitable for teams and companies both large and small with any number of users.



LDAP Authentication Module is a handy enhancement for Anuko Time Tracker that allows users to authenticate directly against a Windows Domain Controller with Active Directory. If you use Windows domains in your organization users do not have to remember 2 different logins and passwords, one for Windows and another one for time tracker. The same login and password can be used for both. Internally, authentication is done over LDAP protocol (Lightweight Directory Access Protocol) with a domain controller. Demo version of this module is included in time tracker distribution. The demo version on LDAP Authentication Module is fully functional with one limitation: authenticated sessions last for only 2 minutes.

How to Configure LDAP Authentication in Anuko Time Tracker

To enable LDAP authentication you need to set AUTH_MODULE value in Anuko Time Tracker config.php file as so:
define('AUTH_MODULE', 'ldap');

Additionally, you need to define some authentication parameters in the same file. They are:
$GLOBALS['AUTH_MODULE_PARAMS'] = array(
  'dc' => '127.0.0.1',
  'base_dn' => 'DC=example,DC=com',
  'default_domain' => 'example.com',
  'member_of' => array());
The parameters here are:

dc - IP address or name of your domain controller. If you installed Anuko Time Tracker on the domain controller it could be localhost, or 127.0.0.1.

base_dn - base distinguished name in LDAP catalog. For example, if your domain is example.com you can specify DC=example,DC=com.

default_domain - default domain name Anuko Time Tracker will use to append to logins when they are specified without domain part. Do not underestimate the importance of this parameter. For example, you may login to Windows as johndoe but your identifier for LDAP is really johndoe@example.com. Specify domain name taken from your domain controller here.

member_of - comma-separated list of Windows groups, membership in which is required for user to be authenticated. It can be empty.

Finally, you need to enable php_ldap extension in your php.ini and restart your web server to notice it. Usually, it is just a matter of un-commenting one line in php.ini so that it becomes:
extension=php_ldap.dll

How to Set Up Users with LDAP Authentication

It is very important to set users correctly for LDAP authentication.

IMPORTANT NOTE: logins for managers, co-managers, and users MUST be in form username@domain.com in Anuko Time Tracker (not in Windows), otherwise users will not be able to login to Anuko Time Tracker. The only exception is for admin. Admin's login is always just admin. If you already have a database of users you need to change their logins accordingly.

  1. Create a domain account admin. Login to your Anuko Time Tracker as admin. When LDAP Authentication Module is used only admin can create teams.
  2. If you need to create a new team go to the teams page in admin's interface and create a new manager account in format username@domain.com. Additionally, create a Windows domain account for team manager if it does not exist. Without Windows domain accounts users are not able to login to Anuko Time Tracker.
  3. Log out admin and login as team manager to Anuko Time Tracker. Create co-managers and regular users in similar manner (in format username@domain.com). Remember, that all users must have domain accounts.

If you experience problems with LDAP Authentication Module configuration consider enabling authentication debug output in config.php file as so:
define('AUTH_DEBUG', 1);
Here is a little example of configurations parameters and user names:
define('AUTH_MODULE', 'ldap');
$GLOBALS['AUTH_MODULE_PARAMS'] = array(
  'dc' => 'localhost',
  'base_dn' => 'DC=mydomain,DC=com',
  'default_domain' => 'mydomain.com',
  'member_of' => array());

Windows logins (configured with Active Directory Users and Computers)
admin
manager
comanager
user1

Corresponding Time Tracker logins (configured in Anuko Time Tracker)
admin
manager@mydomain.com
comanager@mydomain.com
user1@mydomain.com

How to Buy LDAP Authentication Module for Anuko Time Tracker

If you'd like to buy the full version of LDAP Authentication Module you can do so here:
http://www.anuko.com/content/buy2.htm?product=7&lic=94

Buy LDAP Authentication Module for Anuko Time Tracker


How to Install the Full Version of LDAP Authentication Module

After purchase you will receive a link to download the full version of the module. Download and unpack the archive. The instructions will be inside. Installation process is a simple replacement of one file /WEB-INF/lib/auth/Auth.ldap.class.php.
Hosting and Content Management by Anuko (sponsored by City Photos)