# LDAP Authentication

You can configure your Pixelfed server to authenticate with an LDAP Server!

# Prerequisites

  • Enable the ext-ldap PHP extension in your servers php.ini configuration

  • Run the following command in Pixelfed root directory (the one with app, bootstrap, public, storage)

composer require directorytree/ldaprecord-laravel
1

# Step 1: Updating user model

You need to edit the app/User.php file and add the first two lines

use LdapRecord\Laravel\Auth\LdapAuthenticatable;
use LdapRecord\Laravel\Auth\AuthenticatesWithLdap;
1
2

Then change the following line to include implements LdapAuthenticatable

class User extends Authenticatable implements LdapAuthenticatable
1

And finally add AuthenticatesWithLdap after the other traits.

use Notifiable, SoftDeletes, HasApiTokens, UserRateLimit, HasFactory, AuthenticatesWithLdap;
1

Afterwards your app/User.php file should look like this:

<?php

namespace App;

use Laravel\Passport\HasApiTokens;
use Illuminate\Notifications\Notifiable;
use Illuminate\Database\Eloquent\SoftDeletes;
use Illuminate\Foundation\Auth\User as Authenticatable;
use App\Util\RateLimit\User as UserRateLimit;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use LdapRecord\Laravel\Auth\LdapAuthenticatable;
use LdapRecord\Laravel\Auth\AuthenticatesWithLdap;

class User extends Authenticatable implements LdapAuthenticatable
{
    use Notifiable, SoftDeletes, HasApiTokens, UserRateLimit, HasFactory, AuthenticatesWithLdap;

    /**
     * The attributes that should be mutated to dates.
     *
     * @var array
     */
    protected $dates = ['deleted_at', 'email_verified_at', '2fa_setup_at'];
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

# Step 2: Configuring session driver

Open the config/auth.php file and comment out or delete the following code:

    // Comment out or remove below for LDAP
    'users' => [
        'driver' => 'eloquent',
        'model'  => App\User::class,
    ],
1
2
3
4
5

Insert the following code immediately after the previous lines you commented out or deleted:

'users' => [
    'driver' => 'ldap',
    'model' => LdapRecord\Models\ActiveDirectory\User::class,
    'rules' => [],
    'database' => [
        'model' => App\User::class,
        'sync_passwords' => false,
        'sync_attributes' => [
            'name' => 'cn',
            'email' => 'mail',
        ],
    ],
],
1
2
3
4
5
6
7
8
9
10
11
12
13

# Step 3: Connecting to LDAP

Configure your LDAP server settings.

Add the following lines to your .env file and edit to your needs.

LDAP_LOGGING=true
LDAP_CONNECTION=default
LDAP_CONNECTIONS=default

LDAP_DEFAULT_HOSTS=10.0.0.1
LDAP_DEFAULT_USERNAME="cn=admin,dc=local,dc=com"
LDAP_DEFAULT_PASSWORD=secret
LDAP_DEFAULT_PORT=389
LDAP_DEFAULT_BASE_DN="dc=local,dc=com"
LDAP_DEFAULT_TIMEOUT=5
LDAP_DEFAULT_SSL=false
LDAP_DEFAULT_TLS=false
1
2
3
4
5
6
7
8
9
10
11
12

# Step 4: Finishing Up!

You're almost ready! The last thing you need to do is flush the configuration cache by running

php artisan config:cache
1

You are now ready to login via LDAP!

To test your connection you can run

php artisan ldap:test
1