Configuring LDAP

Common problems
Here you can find solutions for common problems with LDAP and LiveAgent.
 
Supported scheme
Currently, we support basic scheme using posixAccount. You can find more info about it here.
 
Here is simple schema:
 
 
Supported features
  • Import agents from LDAP directory structure
  • Login agents using authentication against LDAP service (using agent email and password from LDAP)
  • If LDAP service is not available, LiveAgent will use its own default auth method.
Note: Only agents with filled email field can be imported into LiveAgent.
 
Requirements:
  • Every imported user must have valid email address in his LDAP record
  • PHP LDAP extension is needed to enable LDAP feature in LiveAgent.
 
How to import agents?
First, you need to activate LDAP extension inside LiveAgent. Go to Menu > Configuration > Plugins and activate feature named "Ldap".
 
 
An application will restart its self and you will see new options menu > Configuration > System > Ldap. The configuration window will look like this:
 
 
Now you must fill all fields (except 'LDAP server port' which is optional):
  • LDAP server URL: this is your LDAP service URL. 
  • LDAP server port: optional, determine LDAP service custom port
  • Base DN: your base directory. Example: dc=example,dc=com
  • User ID field: name of the field that uniquely identifies every user in LDAP structure. Usually, this can be cn or uid.
  • User email field: this is the name of the field which contains email for the user in LDAP structure. Example: mail
Note: mail field must contain valid email, otherwise users cannot be imported into LiveAgent as agents. If the user has more than one email, only first email is used as an identifier in LiveAgent.
 
Now save your settings. New options will appear just under save button:
 
 
Press Import agents... The new window will appear.
 
 
Now LiveAgent wants to know some "admin" access - user that can see whole LDAP structure (people and groups). Fill user DN and password.
Optionally you can fill group name to limit results only for some specific group.
(For example, if you have thousands of people in 'people'. Create one small group for LiveAgent and put trusted users inside this group. Import will then take just second)
When done, hit 'Fetch list' to obtain possible users list to import.
 
 
Now you can import users from the populated table. To do that, just hit 'Import'. The new agent will be created for each imported user.
 
Login process specification
We use PHP LDAP extension to process login against LDAP service.
 
Login authentication name always looks like this:
 
user_id_field_name=ID,ou=people,base_dn
 
user_id_field_name is the name filled in User ID field in LDAP settings dialog
ID is user identifier saved to LiveAgent to identify user in LDAP structure
base_db is base DN filled into 'Base DN' field in LDAP settings dialog
 
Presence in group
We use group parameter memberuid for getting all users in some group. Here is example of group configuration from phpLDAPadmin with just two users (identified by their UIDs)
 
 
 
 
 
 
 

Other Articles

×