HOWTO: LDAP + ActiveDirectory instructions (with authentication) for Dolibarr 12

This took awhile to figure out, so I’ll document it here.

OS: Ubuntu 20.04
Dolibarr Version: 12.0.3

Steps:

first you need to make sure you have php-ldap installed at your OS level:

sudo apt-get install php-ldap`
probably the easiest way for that.

Now…

  • Enable the “LDAP” module

On LDAP module settings panel “Global Parameters”…

  • Users and groups synchronization = LDAP -> Dolibarr
    (this is important – or your “Users” and “Groups” tabs will not appear!)
  • Contacts sync = No
  • Type = Actiuve Directory
  • Version = 3
  • Primary Server = ldap://your-ldap-server.com
  • Secondary Server =
  • Server Port = 389
  • Server DN = dc=your,dc=example,dc=com
  • Use TLS = No
  • Administrator DN = cn=SVC_ACCOUNTLDAP,cn=Users, dc=your,dc=example,dc=com
    (we have a dedicated SVC_ACCOUNTLDAP used for LDAP read-only access)
  • Administrator password = password for above user.

Click “modify” to save, then
Click [TEST LDAP CONNECTION]
If it worked, move to next step. If not, resolve your issues.

Next step… still in LDAP Setup… for the module:

“Users” tab:

  • Users’ DN = dc=Users,dc=your,dc=example,dc=com
    (I have my users in their own OU different path than above)
  • List of objectClass = person
  • Search filter = &(objectclass=person)
    for mapping section I ONLY map…
  • Full name = cn
  • Login (samba, activedirectory) = samaccountname
    (CaSe MaTTers for above!)
  • Email address = mail

click “MODIFY” to save an then click “TEST A LDAP SEARCH”
If it worked and you see output with # of your users ending like…

useridentifier: samaccountname
required_fields: samaccountname,cn,mail
=> 62 records

Then great!

Now… when you have conifgured any other application in the world you may think you’re done here and start trying to log in to Dolibarr with LDAP because you think it should be working, right? Wrong. What you’ve actually done with the configuration so far, is allow yourself to “ADD USERS TO DOLIBARR” using LDAP search to find them and import them.

THAT should be working now… you can test it by…clicking “Users & Groups”
Then click “New user” button and on this new user screen, you should see drop down box…
"Users in LDAP database"

So here you should see your users now, right? Yes? Great.

Note: I have not use configured the “Groups” tab of LDAP module which may (or may not) allow automatic creation of LDAP-authenticated users in Dolibarr database. I know it will allow you to map Dolibarr roles/permissions based on membership of group. I am not planning to use “Groups” tab for now.

So here you SHOULD actually add new user from the LDAP drop down. Add the user you plan to test LDAP authentication with. Done? Ok great.

So now let’s deal with LDAP AUTHENTICATION , because that’s what we really wanted out of all of this.

Now you must go to server teminal prompt and:

sudo nano -w /path/to/dolibarr/htdocs/conf/conf.php

comment out the line for
; $dolibarr_main_authentication=‘dolibarr’;

and add the following to bottom of file… (with your own values)

$dolibarr_main_authentication=‘ldap,dolibarr’;
$dolibarr_main_auth_ldap_host=‘ldap://your-ldap-server.com’;
$dolibarr_main_auth_ldap_port=‘389’;
$dolibarr_main_auth_ldap_version=‘3’;
$dolibarr_main_auth_ldap_servertype=‘activedirectory’;
$dolibarr_main_auth_ldap_login_attribute=‘samaccountname’;
$dolibarr_main_auth_ldap_dn=‘dc=Users,dc=your,dc=example,dc=com’;
$dolibarr_main_auth_ldap_debug=‘false’;
$dolibarr_main_auth_ldap_admin_login=‘cn=SVC_ACCOUNTLDAP,cn=Users, dc=your,dc=example,dc=com’;
$dolibarr_main_auth_ldap_admin_pass=‘passwordfor-SVC_ACCOUNTLDAP’;

Save it and browse to dolibarr.

Try to log in with the LDAP user you added.

Now it works right? Good!