Using Lemonldap::NG with Active-Directory

To use Active-Directory as LDAP backend, you must change few things in the manager :

• Use “LDAP” as authentication and userDB backends,
• Configure authentication filter and mail filter (“General Parameters » Authentication modules » LDAP parameters » Filters”) with:

(&(sAMAccountName=$user)(objectClass=person))
(&(mail=$mail)(objectClass=person))

• Export sAMAccountName in a variable declared in exported variables
• Change the user attribute to store in Apache logs (“General Parameters » Logs » REMOTE_USER”): use the variable declared above
• Enable password modify extended operation if you want to change password in AD

Two steps here:

• Choose “Apache” as authentication module (“General Parameters » Authentication modules » Authentication module”)
• Configure the Apache server that host the portal