Question
How does Plesk LDAP Auth extension work and for which of the following type of Plesk user accounts?
- Reseller accounts
- Customer accounts
- User accounts such as mail account
- Additional Administrator Accounts
Answer
Note: Currently, the LDAP Auth extension cannot be configured via CLI. Vote and comment on this feature request from our Official Plesk UserVoice channel as top-voted suggestions are likely to be included in future versions.
The extension allows to disable Plesk native authentication and enable LDAP authentication to Plesk. In other words, if there is an external LDAP server (a central database storing multiple combinations of usernames and passwords), it is possible to use one login/password pair to log into several Plesk servers that have the extension installed and configured to use the same LDAP server.
Note: The extension works as LDAP client and does not provide ability to manage login/password storage as a LDAP server.
Note: If LDAP needs a prefix or a suffix this should be checked on the LDAP directory.
Note: LDAP extension cannot be used for webmail.
In case if it is needed to use both Plesk native authentication and LDAP Auth methods, enable LDAP Auth settings only at Extensions > LDAP Auth as it is shown below:
No additional configuration from OS level is required before installing the LDAP Auth extension. The only requirement is that Plesk should have the user with the same name as the one on LDAP server. For example, LDAP server has user jdoe with password password. Then it is required to create the same user in Plesk, configure extension and disable Plesk native authentication. After that it will be possible to log into Plesk as jdoe with password password.
Note: The type of the user is not related specifically to account type.
For Windows it is required to specify domain name with ending slash DOMAIN in "Login prefix" or a suffix such as @example.com.
The following ports should be open from Plesk to Domain Controller:
- UDP Port 88 for Kerberos authentication
- UDP Port 389 for LDAP and TCP Port 636 for SSL LDAP to handle queries from client computers to the domain controllers