Views: 1146
Last Modified: 29.08.2023


Go to the page Module settings (Settings > System settings > Module settings > AD/LDAP connector).

  • In case of employed NTLM authorization, check the flag in the field Use NTLM authentication.

    Note:For proper NTLM authentication performance you need to setup corresponding web server modules Bitrix24 distribution package already supports NTLM-authentication by default. If you don't use the package recommended by Bitrix24, you need to perform appropriate actions:

    Learn more ...
    , as well as specify domains for NTLM authentication Creating a AD/LDAP server profile is performed in the Bitrix Framework control panel, listing all the necessary server details and user group assignment.

    Learn more ...
    in the site's AD server settings.

  • If due to some reasons you use other array $_SERVER variable to store user login storage, define this variable in the field PHP variable containing NTLM user login. Consider that the majority of product modules use specifically the variable REMOTE_USER REMOTE_USER contains login value or domain\login. All authentication is performed at the web server level without any passwords, caches, etc. .
  • When local network has several LDAP-servers, indicate the specific server in the field Default domain server that is used for NTLM-authentication.
  • Removed flag at the option Create new user account on first successful login while using AD protocol allows limiting users having access to site. For example, five accounts are created, flag is removed, and only five defined users have system login However, administrator can create accounts outside LDAP. Such users will have access and total user count will be more than 5. .
  • The option Create a user even if a user with specified login name exists defines if a second user is created, when a user with such login has been found during import.
  • Also, if required, configure Redirect NTLM authentication to ports 8890 and 8891.

Note: please remember, that computer with Apache server, must be included into a Windows domain.

Note: in some cases when working with old versions of Internet Explorer, Bitrix24 products can experience errors. The issue causes malfunctioning buttons in admin and public sections. To solve this issue, add the string
SSPIPerRequestAuth On
to the root file .htaccess


Courses developed by Bitrix24