How to Configure LDAP Authentication
Time Tracker provides two methods of user authentication:
- Internal database. Password hashes are stored in the same database Time Tracker uses for everything else.
- LDAP server. To determine whether to allow access or not, Time Tracker does an API call to an LDAP server.
The default authentication method is the internal database, or db
. It is set in the AUTH_MODULE
value in config.php
To change to LDAP modify it as so:
In addition to that, define $GLOBALS['AUTH_MODULE_PARAMS']
array in config.php and also create users in both
Time Tracker and in LDAP directory.
Configuration depends on which LDAP server you authenticate against. There are 2 major configuration variations: a more generic for OpenLDAP, and a more specific for Windows Active Directory. LDAP authetication can work with Oracle Directory Server and is likely to work with other LDAP servers. If you are configuring it for a non-Windows LDAP server try OpenLDAP configuration first. Full details are available at the following documents.
Time Tracker Install Guide