Authentication

The HRM curently supports three user authentication mechanisms:

• Simple, internal user management module (default - no additional configuration needed)

• Generic LDAP server

• Microsoft’s Active Directory - (AD) server

The HRM can be configured to use LDAP/AD to test user credentials and obtain limited user information (e-mail address angd group).

You can enable any combination of authentication mechanisms by editing $HRM_CONFIG/hrm_config.inc. The first one is the default for new users. Valid examples are:

<?php
...
// Only integrated authentication (default)
$authenticateAgainst = array("integrated");

// Authenticate against Active Directory by default;
// some users may be checked against integrated authentication
$authenticateAgainst = array("active_dir", "integrated");

// Integrated authentication by default;
// some users may be authenticated against ldap
$authenticateAgainst = array("integrated", "ldap");

// This is also possible, however unlikely in reality:
$authenticateAgainst = array("active_dir", "ldap", "integrated");
...

The following pages explain the required configuration steps for the support authentication mechanisms:

• Active Directory authentication
• LDAP authentication