Authentication
LDAP
You can enable authentication against LDAP (e.g. against Active Directory or OpenLDAP) at: Administration -> Users -> Settings-> LDAP
.
The profile field attribute mapping can be defined at Administration -> Users -> Profile -> Select profile field -> LDAP Attribute
.
SSL
If you want to use self-signed SSL certificates or disable the SSL certificate validation, the OpenLDAP configuration on the server must be modified.
For example, the configuration file under Debian is /etc/ldap/ldap.conf
.
- For self-signed certificates, append the following option to the LDAP configuration file (make sure the file point to your certificate file):
- To disable SSL certificate checking (not recommended), append the following option to the LDAP configuration file:
Important: Please restart the Websever or the PHP-FPM process after changing the LDAP configuration.
Date field synchronisation
If you're using custom date formats in our ldap backend, you can specify different formats in the configuration file.
Note: Make sure to use lower case in the field.
In order to use Facebook OAuth you must register your application at https://developers.facebook.com/apps then follow the below instructions.
- In your app settings under Basic set your Site URL.
- Under Settings > Advanced > Domain Manager add any sub-domains used by the app.
- Under Facebook Login > Client OAuth Settings > Valid OAuth Redirect URIs place your
https://domain/path-to-humhub/user/auth/external?authclient=facebook
URL.https://domain/path-to-humhub/user/auth/external?authclient=facebook (With clean urls)
http://domain/path-to-humhub/index.php?r=user%2Fauth%2Fexternal&authclient=facebook (Without clean urls)
- Make sure Client OAuth Login & Web OAuth Login are both enabled!
- Add the following block to your configuration (protected/config/common.php):
In order to use Twitter OAuth you must register your application at https://apps.twitter.com/.
Add the following block to your configuration (protected/config/common.php):
In order to use Google OAuth you must create a project at https://console.developers.google.com/project and set up its credentials at https://console.developers.google.com/project/[yourProjectId]/apiui/credential.
In order to enable using scopes for retrieving user attributes, you should also enable Google+ API at https://console.developers.google.com/project/[yourProjectId]/apiui/api/plus.
Authorization callback URLs:
Add one of the following authorization callback URLs to your googles Credentials configuration:
- http://domain/path-to-humhub/user/auth/external?authclient=google (With clean urls enabled)
- http://domain/path-to-humhub/index.php?r=user%2Fauth%2Fexternal&authclient=google (Without clean urls)
Note: Replace domain and path-to-humhub in the mentioned redirect urls.
Add following block to your configuration (protected/config/common.php):
GitHub
In order to use GitHub OAuth you must register your application at https://github.com/settings/applications/new.
Authorization callback URLs:
- http://domain/path-to-humhub/user/auth/external (With clean urls enabled)
- http://domain/path-to-humhub/index.php?r=user%2Fauth%2Fexternal (Without clean urls)
Add the following block to your configuration (protected/config/common.php):
Microsoft Live
In order to use Microsoft Live OAuth you must register your application at https://account.live.com/developers/applications.
Also, add a new Platform and allow following Redirect URI.
- https://domain/path-to-humhub/user/auth/external (With clean urls enabled)
- https://domain/path-to-humhub/index.php (Without clean urls)
Add the following block to your configuration (protected/config/common.php):
In order to use LinkedIn OAuth you must register your application at https://www.linkedin.com/developer/apps/.
Add the following block to your configuration (protected/config/common.php):
Other providers
Please see Development - Authentication for more information about custom authentication providers.