Active Directory / LDAP for Clients

Overview


Active Directory / LDAP for clients is additional authentication plugin you can add to your HostBill. It allows your customers & contacts to authenticate in HostBill using their Active Directory / LDAP credentials. 

Activating the module


  1. If the plugin is included in your HostBill edition you can download it from your client portal.
  2. If the plugin is not included in your HostBill edition you can purchase it from our marketplace and then download it from the client area.
  3. Once you download the plugin extract it in the main HostBill directory.
  4. Go to Settings → Modules, find and activate Client_Auth_LDAP plugin & client_auth_ldap_server hosting module.


This extension consist of two modules:
1. Hosting: client_auth_ldap_server
Responsible for keeping login credentials to AD/LDAP server in Settings->Apps connections.

2. Plugin: client_auth_ldap
Responsible for handling login/sync logic between HostBill↔AD/LDAP

Module configuration - client_auth_ldap_server


  1. Proceed to Settings → Apps → Add new App
  2. From Applications list select AD / LDAP Provisioning
  3. Enter:
    • Name - Name of this connection
    • AD / LDAP Server IP
    • Administrator username
    • Administrator password
    • Base DN
    • Tick checkboxes for:
      • SSL if SSL should be used for connections
      • TLS if TLS should be used for connections
      • Do not verify certificate - if your AD/LDAP server uses self-signed SSL certificate
    • Account prefix

      4. Verify entered credentials by clicking Test Connection to check if HostBill can connect
      5. Save Changes

Module configuration - client_auth_ldap


Proceed to Settings→ Modules→ Plugins→LDAP Client Auth→ Edit Configuration

Module provides following configuration options:

  • Signup behaviour:
    • No provisioning -> New signup of customer/contact in HostBill will NOT create related entry in AD/LDAP
    • Provision on clients -> New/updated client & contact data will be published on to related AD/LDAP server.
  • Default LDAP App
    If Signup behaviour is set to Provision on clients - this app will be used to create client data on LDAP
  • Login behaviour - Select source of for authentication data for customer logging into HostBill. Options:
    • AD/LDAP only
    • AD/LDAP + HostBill failback
    • HostBill only
  • Import missing contacts
    When enabled, contacts of client that exists in LDAP but not in HostBill will be auto-imported into HostBill. Checks for new contact data in LDAP will occur once per hour with cron.


When module is activated, it also adds 3 (admin only) client fields (Clients → Registration fields):

  • LDAP Server - allowing to pick which LDAP server stores client details
  • LDAP Group - specifies which group in LDAP customer belongs to (useful when one LDAP connection is shared between multiple customers)
  • LDAP Auth - overrides "Login behaviour" option per customer


Under Extras->Plugins->LDAP Client Auth module adds additional configuration + quick access to HB<->LDAP synchronization log.
Additional configuration allows you to set mapping between HostBill registration fields & LDAP Attributes