Authenticate to Multiple LDAP servers

The ability for a single installation of FileCloud to authenticate against multiple LDAP servers is available in FileCloud Server version 18.2 and later.

You can use an LDAP directory server as a general-purpose data store in a wide variety of applications. 

  • As a directory server (more technically referred to as a Directory Server Agent, a Directory System Agent, or a DSA) LDAP is a type of network database that stores information represented as trees of entries
  • An LDAP server database is different from a relational database, which uses tables comprised of rows and columns
  • LDAP is designed to provide extremely fast read/query performance for a large scale of dataset
  • Typically you want to store only a small piece of information for each entry
  • The add/delete/update performance for LDAP is relatively slower compared with read/query because the assumption is that you don’t want to update the data too often


Strictly speaking, LDAP is a protocol - the Lightweight Directory Access Protocol. It is not a database or even a directory.

  • LDAP, the Lightweight Directory Access Protocol, is a well-supported standards-based mechanism for interacting with directory servers
  • It’s often used for authentication and storing information about users, groups, and applications 
  • As a global directory service, LDAP was expected to hold hundreds of millions of entries and be managed by thousands of different organizations
  • LDAP stores information in a tree structure known as the Directory Information Tree (DIT). The nodes in the tree are directory entries, and each entry contains information in attribute-value form
  • An LDAP server is effectively a service model based on many cooperating servers known as DSAs (Directory System Agents)
  • Queries are expected to outnumber updates by a very large factor

For more information on using an LDAP infrastructure, on the LDAP Web site, Learn about LDAP.


Enable multiple LDAP server authentication

To enable multiple LDAP server authentication, you have to configure settings in the following places:

  • ldapconfig.php file
  • Admin Dashboard

 

To enable multiple AD server authentication:

  1. Open a browser and log in to the Admin Portal.

  2. On the Admin Dashboard, from the left navigation panel, click Settings.

  3. On the Manage Settings screen, click Authentication.

  4. To enable the LDAP Settings, under Authentication Settings, change the Authentication Type to LDAP.

  5. Select the LDAP sub-tab, type in the required information, and then click Save.

  6. Create a file called ldapconfig.php in one of the following locations, depending on your OS:

    Windows Location 
    c:\xampp\htdocs\config\ldapconfig.php 
    
    
    Linux Location 
    /var/www/htdocs/config/ldapconfig.php
  7. Add the information for the other LDAP servers using the following example.  (warning) Do not add the same LDAP server detail that was already configured in Admin Dashboard.

    <?php

    /*
    * Copyright(c) 2014 CodeLathe LLC. All rights Reserved.
    * This file is part of FileCloud  http://www.filecloud.com
    */

    // ... Multi-AD Server Support, set to 1 to enable additional AD servers
    define("TONIDOCLOUD_MULTI_LDAP_ENABLE", 1);
    //=============== SITE 1 ==============================
    define("TONIDOCLOUD_LDAP_HOST_1", "ldap.mycompany.com" ); // < LDAP Server Host
    define("TONIDOCLOUD_LDAP_PORT_1", 389 ); // < LDAP Server port
    define("TONIDOCLOUD_LDAP_ACCOUNTNAME_1", "cn=admin,dc=mycompany,dc=com"); // < Account name for Admin Operations
    define("TONIDOCLOUD_LDAP_ACCOUNTPASSWORD_1", "3lkjASdf9802"); // < Account Password for Admin Operations
    define("TONIDOCLOUD_LDAP_USERDNTEMPLATE_1", "cn=^NAME^,ou=MyCompnay-Support,dc=mycompany,dc=com"); // < USer DN template
    define("TONIDOCLOUD_LDAP_SEARCHDN_1", "ou=MyCompany-Support,dc=mycompany,dc=com"); // < USer DN template
    define("TONIDOCLOUD_LDAP_USERFILTERTEMPLATE_1", "(&(objectClass=inetOrgPerson)(cn=^NAME^))"); // < USer DN template
    define("TONIDOCLOUD_LDAP_MAILATTRIBUTE_1", "mail"); // < Mail Attribute

    ?>

    Now additional users from these domains can also login into FileCloud.