Register
AD/LDAP server in the system
Creating a AD/LDAP server record is performed in admin section of Bitrix Framework, detailing all necessary server data and user group mapping.
When adding a new server, make sure that the field value
NTLM Authorization Domain
This field is very useful, even when you don't have a domain, but have several LDAP-servers. That's why various LDAP-servers may have users with identical names, creating a somewhat confused situation and obfuscating which server such users where authorized on. But, if you indicate office\john, for example, all questions are resolved.
is specified correctly. It must fully match (including case) with domain name.
Put a checkmark in the option inside module settings
Use NTLM authentication
. When due to some reasons you are using another array variable $_SERVER instead of REMOTE_USER for user login, then update variable name to the required one in the field PHP variable containing NTLM user login. Remember that the majority of Bitrix24 modules specifically use the variable
REMOTE_USER
The field REMOTE_USER contains login or domain/login. All authentication is performed at the web server level, without any passwords, caches and etc.
.
In instances when local network has several LDAP servers, select the server in the field Default domain server that was used for NTLM-authorization. Even if there is only one LDAP server, it's still preferably to indicate this field value, so that employees won't have to enter domain upon the first entry to Bitrix Framework.
Configure NTLM authentication on
Apache servers
NTLM authentication support is enabled by default in Bitrix24 product. Even it you do not use distribution package, recommended by Bitrix24, you need to perform the following
Learn more...
and
IIS
IIS server authorization config is performed in the similar manner as in Linux settings. IIS must be already setup for handling PHP.
