LDAP parameters

Server address

Use an LDAP URI to configure the location of your LDAP server in $ldap_url:

$ldap_url = "ldap://localhost:389";

You can set several URI, so that next server will be tried if the previous is down:

$ldap_url = "ldap://server1 ldap://server2";

To use SSL, set ldaps in the URI:

$ldap_url = "ldaps://localhost";

To use StartTLS, set true in $ldap_starttls:

$ldap_starttls = true;


LDAP certificate management in PHP relies on LDAP system libraries. Under Linux, you can configure /etc/ldap.conf (or /etc/ldap/ldap.conf on Debian/Ubuntu, or C:\OpenLDAP\sysconf\ldap.conf for Windows). Provide the certificate from the certificate authority that issued your LDAP server’s certificate.


Configure DN and password in $ldap_bindn and $ldap_bindpw:

$ldap_binddn = "cn=manager,dc=example,dc=com";
$ldap_bindpw = "secret";


You can leave these parameters empty to bind anonymously.


You can set global base in $ldap_base:

$ldap_base = "dc=example,dc=com";

User search parameters

You can set base of the search in $ldap_user_base:

$ldap_user_base = "ou=users,".$ldap_base;

The filter can be set in $ldap_user_filter:

$ldap_user_filter = "(objectClass=inetOrgPerson)";

When an entry is displayed, to help the software to determine if this is a user, you can configure a regular expression:

$ldap_user_regex = "/,ou=users,/i";


If you don’t set this value, the software will use the LDAP filters: if the entry can be found with the user filter, it is a user object, if it can be found with the group filter, it is a group.

Group search parameters

You can set the base of the search in $ldap_group_base :

$ldap_group_base = "ou=groups,".$ldap_base;

The filter can be set in $ldap_group_filter :

$ldap_group_filter = "(|(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))";

Size limit

It is advised to set a search limit on client side if no limit is set by the server:

$ldap_size_limit = 100;


This limit will also restrict the number of entries shown in the gallery menu.