LDAP Configuration

Enterprise Support

Professional support direct from the authors starting at just $100 per year.

Booked supports many different authentication sources, including direct LDAP.

PHP Setup

Before we can begin setting up Booked, ensure LDAP support for PHP has been installed and configured.

https://www.php.net/manual/en/ldap.installation.php

If connecting to LDAP over LDAPS, ensure that SSL support for PHP has been installed and configured.

https://www.php.net/manual/en/openssl.installation.php

Booked Configuration

First, log into Booked as an administrator. Then open Application Configuration and choose Authentication-Ldap from the drop down at the top. We’ll go through each setting here.

After updating your LDAP settings, return to Application Configuration, choose config.php from the drop down at the top, and change your authentication plugin option to Ldap.

Booked uses Net_LDAP2 for LDAP connectivity, which has a much more detailed explanation of each setting.

host is your LDAP server’s name or IP. You can provide a comma separated list if you have fallback servers.

port is the port to connect to the LDAP sever over. The default is 389, but 636 is often used for ldaps connections.

version is version of LDAP being used. You’ll probably never have to change this from the default of 3.

starttls tells Booked to start tls when connecting to LDAP. If using SSL the port should likely be set to 636 and the host should be prefixed with ldaps://

binddn is the fully qualified DN to bind to LDAP as, if your LDAP server does not allow anonymous binding.

bindpw is the password for your binddn user.

basedn is the LDAP base name to use when authenticating users.

filter is the default search filter for users. This can often be left blank.

scope is the default search scope for users. This can often be left blank.

required.group is the comma separated list of LDAP groups that a user must be part of in order to gain access to Booked.

database.auth.when.ldap.user.not.found tells Booked to store the user’s password to be used for authentication in the event that LDAP is not accessible.

attribute.mapping is the list of name value pairs to use to map LDAP values to Booked. The left side of the equals sign is the name of the attribute in Booked and cannot change. The right side is the name of your LDAP attribute.

user.id.attribute is the name of the LDAP attribute to use to identify the user.

sync.groups tells Booked whether or not to synchronize group membership. It’s important to note that groups themselves will never be created or removed from Booked. For any group membership that you want to sync, you must create a group in Booked with the exact name as it appears in LDAP. For example, if the user is part of the students group in LDAP, there must be a students group in Booked.

prevent.clean.username if you require users to provide the domain name when logging in, this setting controls whether or not to strip that off when authenticating.