LDAP and ActiveDirectory

Discussion forum about Anuko Time Tracker

LDAP and ActiveDirectory

Postby vreesie » Wed Apr 12, 2017 2:31 pm

Where do I leave the user name and password in the config for a connection to my ldap server ??

Thanks!

regards,
André
vreesie
 
Posts: 3
Joined: Wed Apr 12, 2017 2:26 pm

Re: LDAP and ActiveDirectory

Postby Nik » Wed Apr 12, 2017 6:51 pm

vreesie wrote:Where do I leave the user name and password in the config for a connection to my ldap server ??

Thanks!

regards,
André


You don't need to. Authentication is checked by using an ldap_bind call to the server with login and password that user provides.
Nik
 
Posts: 343
Joined: Wed May 26, 2010 5:55 pm

Re: LDAP and ActiveDirectory

Postby vreesie » Thu Apr 13, 2017 7:27 am

Cool, it works now, thanks. The only thing is that I hoped I would log users in automatically based on ldap (single sign on). Now still users have to enter their AD credentials. Any hint on that one ?
vreesie
 
Posts: 3
Joined: Wed Apr 12, 2017 2:26 pm

Re: LDAP and ActiveDirectory

Postby wrc » Thu Apr 13, 2017 5:17 pm

vreesie wrote:Cool, it works now, thanks. The only thing is that I hoped I would log users in automatically based on ldap (single sign on). Now still users have to enter their AD credentials. Any hint on that one ?


Time Tracker is a web application that runs PHP code on the server. With an exception of some small JavaScript executed by browser, nothing runs on the client. Therefore, and in order to keep things simple, user must provide credentials to the server for authentication. Fortunately, users don't have to do it often, as authentication status is remembered in a browser cookie for a while.
wrc
 
Posts: 204
Joined: Tue May 25, 2010 8:30 pm

Re: LDAP and ActiveDirectory

Postby vreesie » Thu Apr 13, 2017 6:28 pm

I understand, thanks for your reply!!
vreesie
 
Posts: 3
Joined: Wed Apr 12, 2017 2:26 pm

Re: LDAP and ActiveDirectory

Postby dalescott » Fri Apr 21, 2017 4:01 pm

Hi, I came across TimeTracker yesterday and am starting to investigate (self-hosted on FreeBSD). So far it's hands-down better than anything else I've seen recently for use by a high-tech hardware/software embedded-product development and manufacturing organization. Fantastic! I had read in a forum post (not here) that LDAP authentication was a paid-for module (like Global Clock), but I was very pleased to see support in the base system. IMHO though single-sign is very important to enterprise-type users who are accessing multiple apps (e.g. SuiteCRM, X2CRM, Tryton, a WordPress-based CMS, etc.).

I am not an LDAP expert, but have setup OpenLDAP before and configured MantisBT and Tryton ERP to authenticate using it. There were differences in how MantisBT and Tryton authenticated, and I would have to refresh my memory with exactly how they worked, but it seems from the experience there must be a way. What if the "admin" had to create a user in both TimeTracker and OpenLDAP, and TimeTracker used the "TimeTracker" username/password to authenticate in OpenLDAP? It's a bit more work for the admin, and TimeTracker and OpenLDAP have to be kept in sync, but it would be simpler for the user. Is this an option?

In the future, if a user changed their password from TimeTracker, TimeTracker could update OpenLDAP, and if OpenLDAP didn't authenticate the TimeTracker username/password, the user could be prompted for the new password, and after OpenLDAP authenticates the TimeTracker password is updated. I think this is how Tryton works (or it could be MantisBT).

Thanks again for TimeTracker!

Dale
dalescott
 
Posts: 22
Joined: Fri Apr 21, 2017 2:53 pm
Location: Calgary, Alberta, Canada

Re: LDAP and ActiveDirectory

Postby admin » Sat Apr 22, 2017 5:44 pm

dalescott wrote:What if the "admin" had to create a user in both TimeTracker and OpenLDAP, and TimeTracker used the "TimeTracker" username/password to authenticate in OpenLDAP? It's a bit more work for the admin, and TimeTracker and OpenLDAP have to be kept in sync, but it would be simpler for the user. Is this an option?


You need to have a user created in Time Tracker database anyway. As for authentication: it is either Time Tracker database or LDAP server.

dalescott wrote:In the future, if a user changed their password from TimeTracker, TimeTracker could update OpenLDAP, and if OpenLDAP didn't authenticate the TimeTracker username/password, the user could be prompted for the new password, and after OpenLDAP authenticates the TimeTracker password is updated. I think this is how Tryton works (or it could be MantisBT).


At this time password changes with LDAP are not supported in Time Tracker. Authenticatipon is checked by attempting to bind a user to LDAP server with username and password that they provide. If you need to change user passwords you need to do it in LDAP server or with a client application that supports password changes.

Hope it helps.
admin
 
Posts: 540
Joined: Fri Oct 08, 2004 9:46 pm
Location: Vancouver, Canada


Return to Time Tracker

Who is online

Users browsing this forum: No registered users and 0 guests