Easy!Appointments supports LDAP (Lightweight Directory Access Protocol) authentication, allowing your staff and administrators to log in using credentials from a central directory such as Active Directory or OpenLDAP. This is especially useful for organizations that want centralized user management and single sign-on (SSO) capabilities.
🔐 LDAP is only available for staff and admin users. Customers still use the public booking form and do not require LDAP credentials.
Benefits of LDAP Integration
- Centralized account management
- Improved security and password policy enforcement
- Seamless login experience for employees
- Supports Active Directory and OpenLDAP
Prerequisites
Before enabling LDAP authentication:
- You must have an operational LDAP server (e.g., Microsoft Active Directory).
- Easy!Appointments must be able to connect to the server (network/firewall access).
- LDAP credentials and connection details must be known (host, base DN, etc.).
- The staff and admin users must already exist in the Easy!Appointments database (usernames must match their LDAP usernames).
Step-by-Step Configuration
1. Enable LDAP in config.php
Edit the file:application/config/config.php
Set the following options:
$config['ldap_enabled'] = TRUE;
$config['ldap_host'] = 'ldap://your-ldap-server.com';
$config['ldap_port'] = 389; // Use 636 for LDAPS
$config['ldap_base_dn'] = 'dc=example,dc=com';
$config['ldap_user_attribute'] = 'sAMAccountName'; // For Active Directory
$config['ldap_bind_dn'] = 'cn=ldap-reader,ou=users,dc=example,dc=com';
$config['ldap_bind_password'] = 'your-reader-password';
$config['ldap_use_tls'] = FALSE; // Set to TRUE if you require TLS
✅ Replace the above values with those from your LDAP provider or IT department.
2. Match LDAP Users with App Users
Each staff/admin user in Easy!Appointments must have a username field that matches the LDAP sAMAccountName or UID exactly.
You can update these users via the Admin Panel or directly in the database (ea_users table).
3. Login Using LDAP
Once LDAP is enabled:
- Staff and administrators can log in using their LDAP username and password.
- If authentication succeeds, they’ll be granted access based on their Easy!Appointments role.
- Passwords are not stored in the Easy!Appointments database for LDAP users.
Troubleshooting
| Issue | Solution |
|---|---|
| “Invalid Credentials” | Check bind DN, password, and base DN. Also verify that the user exists in Easy!Appointments. |
| “Can’t connect to LDAP server” | Ensure host/port are reachable from your server and that firewall rules are open. |
| LDAPS not working | Use port 636 and ensure SSL certificates are properly installed and valid. |
Security Tips
- Use LDAPS (port 636) or StartTLS to encrypt credentials during transmission.
- Ensure only read-only service accounts are used for binding to LDAP.
- Rotate the bind account password regularly.
Limitations
- Customers cannot log in using LDAP.
- User roles (admin/staff) must still be managed within Easy!Appointments.
- No automatic user provisioning — users must be manually added first.