Currently, we support basic scheme using posixAccount.
Here is simple schema:
- Import agents from LDAP directory structure
- Login agents using authentication against LDAP service (using agent email and password from LDAP)
- If LDAP service is not available, LiveAgent will use its own default auth method.
Note: Only agents with filled email field can be imported into LiveAgent.
- Every imported user must have valid email address in his LDAP record
- PHP LDAP extension is needed to enable LDAP feature in LiveAgent.
How to import agents?
First, you need to activate LDAP extension inside LiveAgent. Go to menu->Configuration->Features and activate feature named "Ldap".
Application will restart its self and you will see new options menu->configuration->Ldap. Configuration window will look like this:
Now you must fill all fields (except 'LDAP server port' which is optional):
- LDAP server url: this is your LDAP service url.
- LDAP server port: optional, determine LDAP service custom port
- Base DN: your base directory. Example: dc=example,dc=com
- User ID field: name of the field that uniquely identify every user in LDAP structure. Usually this can be cn or uid.
- User email field: this is name of the field which contains email for user in LDAP structure. Example: mail
Note: mail field must contains valid email, otherwise users can not be imported into LiveAgent as agents. If user has more than one email, only first email is used as identifier in LiveAgent.
Now save your settings. New options will appear just under save button:
Press Import agents... New window will appear.
Now LiveAgent wants to know some "admin" access - user that can see whole LDAP structure (people and groups). Fill user DN and password.
Optionally you can fill group name to limit results only for some specific group.
(For example, if you have thousands of people in 'people'. Create one small group for LiveAgent and put trusted users inside this group. Import will then take just second)
When done, hit 'Fetch list' to obtain possible users list to import.
Now you can import users from populated table. To do that, just hit 'Import'. New agent will be created for each imported user.
Login process specification
We use PHP Ldap extension to process login against LDAP service.
Login authentication name always looks like this:
user_id_field_name is the name filled in User ID field in LDAP settings dialog
ID is user identifier saved to LiveAgent to identify user in LDAP structure
base_db is base DN filled into 'Base DN' field in LDAP settings dialog
Presence in group
We use group parameter memberuid for getting all users in some group. Here is example of group configuration from phpLDAPadmin with just two users (identified by their UIDs)