Skip to main content

Using LDAP

IceHrm supports LDAP (Lightweight Directory Access Protocol) integration, allowing users to authenticate using their corporate directory credentials.

Prerequisites

PHP LDAP Extension

Before enabling LDAP in IceHrm, you must install the PHP LDAP extension on your server.

Installation commands by PHP version:

# PHP 5.3
sudo apt-get install php5-ldap

# PHP 7.0
sudo apt-get install php-ldap

# PHP 7.3
sudo apt-get install php7.3-ldap

The extension must be installed and the LDAP host must be reachable via the configured port.

Enabling LDAP

  1. Log in to IceHrm as an administrator
  2. Navigate to System -> Settings -> LDAP
  3. Configure all LDAP parameters
  4. Set LDAP: Enabled to Yes
warning

Ensure all parameters are correctly configured before enabling LDAP.

Creating LDAP Users

IceHrm cannot automatically extract users from LDAP directories. You must manually create users in IceHrm:

  1. Go to System -> Users
  2. Create a new user with the same username as the LDAP entry
  3. Leave the password field empty
  4. Save the user

Users will then authenticate using their LDAP credentials at login.

Example: If you have an LDAP user "user1" with password "pass123", create an IceHrm user with username "user1" and leave the password empty. The user can then log in with their LDAP credentials.

Admin User Exception

The "admin" account always authenticates against the local IceHrm database, regardless of whether LDAP is enabled. This ensures you can always access the system even if LDAP is misconfigured.

Testing LDAP Configuration

You can test your LDAP configuration using the public test server at ldap.forumsys.com:

Test Server Settings:

  • LDAP: Enabled: Yes
  • LDAP: Server: ldap.forumsys.com
  • LDAP: Port: 389
  • LDAP: Root DN: dc=example,dc=com
  • LDAP: Manager DN: cn=read-only-admin,dc=example,dc=com
  • LDAP: Manager Password: password
  • LDAP: Version 3: Yes
  • LDAP: User Filter: uid=

Testing Steps:

  1. Configure the settings above in IceHrm
  2. Create a user with username "riemann" (leave password empty)
  3. Log out of IceHrm
  4. Log in with username "riemann" and password "password"

If login succeeds, LDAP is working correctly.

Troubleshooting

If you experience login problems after enabling LDAP:

  1. Log in as "admin" using your local admin password
  2. Navigate to System -> Settings -> LDAP
  3. Set LDAP: Enabled to No
  4. Save the settings

This will restore normal authentication and allow you to fix the LDAP configuration.