Views: 1190
Last Modified: 29.08.2023

Step-by-step config

  1. Register AD/LDAP server in the system Creating a AD/LDAP server record is performed in admin section of Bitrix Framework, detailing all necessary server data and user group mapping.

    Learn more...
  2. When adding a new server, make sure that the field value NTLM Authorization Domain This field is very useful, even when you don't have a domain, but have several LDAP-servers. That's why various LDAP-servers may have users with identical names, creating a somewhat confused situation and obfuscating which server such users where authorized on. But, if you indicate office\john, for example, all questions are resolved. is specified correctly. It must fully match (including case) with domain name.

  3. Put a checkmark in the option inside module settings Use NTLM authentication . When due to some reasons you are using another array variable $_SERVER instead of REMOTE_USER for user login, then update variable name to the required one in the field PHP variable containing NTLM user login. Remember that the majority of Bitrix24 modules specifically use the variable REMOTE_USER The field REMOTE_USER contains login or domain/login. All authentication is performed at the web server level, without any passwords, caches and etc. .

    In instances when local network has several LDAP servers, select the server in the field Default domain server that was used for NTLM-authorization. Even if there is only one LDAP server, it's still preferably to indicate this field value, so that employees won't have to enter domain upon the first entry to Bitrix Framework.

  4. Configure NTLM authentication on Apache servers NTLM authentication support is enabled by default in Bitrix24 product. Even it you do not use distribution package, recommended by Bitrix24, you need to perform the following

    Learn more...
    and IIS IIS server authorization config is performed in the similar manner as in Linux settings. IIS must be already setup for handling PHP.

    Learn more...
  5. Configure employee web browsers Internet Explorer. For successful NTLM authentication you need to have web server in the Local Intranet zone. .

Related documentation:


Courses developed by Bitrix24