Project

General

Profile

Feature #758

Updated by Daniel Curtis over 4 years ago

This is a guide on how to setup LDAP authentication for users on Piwik. The LDAP server is OpenLDAP on FreeBSD 9, but should work on any LDAP server.

h2. Prepare the Environment

* Make sure php56-ldap is installed:
<pre>
pkg install php56-ldap
</pre>

* And restart php-fpm to load the PHP LDAP extension:
<pre>
service php-fpm restart
</pre>

h2. Populate the LDAP Server

* Create the People Organizational Unit ldif file:
<pre>
vi ~/people-ou.ldif
</pre>
#* And add the following:
<pre>
dn: ou=People,dc=example,dc=com
objectclass: organizationalUnit
ou: People
</pre>

* Import the People OU file into the server:
<pre>
ldapadd -D "cn=Manager,dc=example,dc=com" -W -f ~/people-ou.ldif
</pre>

* Create the bob user ldif file:
<pre>
vi ~/bob.ldif
</pre>
#* And add the following:
<pre>
dn: cn=Bob Guy,ou=People,dc=example,dc=com Guy,ou=People,dc=gnetsolutions,dc=net
cn: Bob Guy
givenname: Bob
initials: BG
mail: bob@example.com
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
sn: Guy
uid: bob
userpassword: {MD5}X03MO1qnZdYdgyfeuILPmQ==
</pre>
#* *NOTE*: The password for bob is *password*.

h2. Setup LDAP Authentication

* Open a web browser and log into as the piwik administrator at http://piwik.example.com

* Next click on +Administration -> Marketplace+.

* Search for *LoginLdap* and +Install+ the plugin.

* Then click on +Administration -> LDAP+.

* Scroll down to the *LDAP Servers* section and enter the LDAP server information:
#* Server URL: *ldap.example.com*
#* Server Port: *389*
#* Base DN: *dc=example,dc=com*
#* LDAP Bind Username: *cn=Manager,dc=example,dc=com*
#* LDAP Password: *SuperSecretPassword*

h2. Resources

* https://plugins.piwik.org/LoginLdap
* https://github.com/piwik/plugin-LoginLdap/

Back