Views: 2115 (Data available since 06.02.2017)
Last Modified: 10.10.2012

To edit the parameters of the AD/LDAP module, open the settings form: Settings > System Settings > Module Settings > AD/LDAP AD/LDAP connector.

Module settings

  • Enter the e-mail address to be used for all users who did not provide one (Default user email address (if not specified)).
  • Check the Use NTLM authorization box if required.

    Note: to use NTLM authentication, you will have to configure your web server for use with NTLM authentication and specify the NTLM authentication domains in the AD server parameters.

  • If your configuration is set to use a non-standard variable to store the user login string, set the variable name in the PHP variable to contain NTLM user login (usually it is REMOTE_USER) parameter.

    However, you should keep in mind that the other system modules is using the default variable REMOTE_USER.

    Note: REMOTE_USER stores the value as login or domain\login. A user is authenticated on the web server directly without intermediate passwords or hash values.

  • If your local network has multiple LDAP servers, select the authenticating server in the Default domain server field.
  • The Create new users upon the first successful login option, when employed with the AD protocol, can be used to restrict website access to only the existing users. For example, you can create accounts for the required users and uncheck this option. As a result, only these users will be able to login. This option cannot be used with NTLM authentication.

Keep in mind that a computer running the Apache web server must be included in the Windows domain.

Note: Internet Explorer users may encounter irregular problems using the Control Panel toolbar buttons. To fix this issue, add the following line to the root .htaccess:

SSPIPerRequestAuth On



Courses developed by «Bitrix», Inc.