Cool Solution - Setting up phpBB3 with LDAP authentication

From Univention Wiki

Jump to: navigation, search
Produktlogo UCS Version 4.1

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.

Prerequisites

We need to install MySQL server and the PHP extension for MySQL

univention-install mysql-server mysql-common php5-mysql 

For image manipulation features in phpBB install ImageMagick and GD library:

univention-install php5-imagick php5-gd

Setting up a database

mysql -uroot -p$(cat /etc/mysql.secret)

create database <DATABASE NAME>;

create user '<USER NAME>'@'localhost' identified by '<USER PASSWORD>';

grant all on <DATABASE NAME>.* to '<USER NAME>'@'localhost';

quit

Installing phpBB

First download the latest version of phpBB from the official page and move it to /var/www/.

Open the installation wizard afterwards: <FQDN or IP>/<phpBB folder>/install/

Hint: Change <phpBB folder> to the folder that contains phpBB in /var/www.

PhpBB-web-setup-1.png Click on tab INSTALL.


Phpbb-web-setup-2.png Click on Proceed to next step

Installation compatibility

Phpbb-web-setup-3.png Phpbb-web-setup-4.png Phpbb-web-setup-5.png Everything should be green, except for entries below Supported database that are not MySQL/MySQL with MySQLi Extension. Also, config.php should be shown as Found, Unwritable, which is perfectly fine.

Phpbb-web-setup-6.png Click on Start install

Database settings

Option Value
Database type MySQL with MySQLi Extension
Database server hostname localhost
Database server port <empty unless you changed MySQLs standard port on purpose>
Database name <database name>
Database username <database username>
Database password <database password>
Prefix for tables in database <if wanted>

Hint: Change the values to the credentials and names you gave the user and database before.

Click on Proceed to next step

The next page should show a message Test connection: Successful connection

Phpbb-web-setup-7.png Click on Proceed to next step


Administrator configuration

Phpbb-web-setup-8.png Provide the wizard with credentials to configure the first admin user. Keep in mind to use an "Administrator username" that already exists in the LDAP, if you plan to set up LDAP authentication afterwards and only have one admin user! phpBB must have at least one admin user configured apart from the LDAP to ensure administration capability, when LDAP is not available for authentication. So you must either provide the wizard now with a LDAP user, or create an admin user, that already exists with that username in LDAP, in phpBB later on.

Default board language

Administrator username

Administrator password

Confirm password

Contact mail address

Click on Proceed to next step

Phpbb-web-setup-9.png If the admin settings (e.g. password complexity) didn't pass the test, review them.

Click on Proceed to next step

Phpbb-web-setup-10.png Download the config file, as offered by the wizard, now and copy it to phpbb's root directory.

Phpbb-web-setup-11.png Click on Done and Proceed to next step


Advanced settings

Customize those as you wish

Click on Proceed to next step

Database is created with initial data now

Click on Proceed to next step

Final stage

Everything should be fine. The wizard should confirm successful completion now by telling you to remove the install directory. To do this execute the following command:

rm -rf /var/www/phpbb/install

Click on Login then.

Setting up LDAP authentication

After Login one is redirected to the Administration Control Panel (ACP).

At least one of the admin users has to exist in the LDAP, to ensure that at least one user can perform changes after the authentication was set to LDAP. That's why phpBB will prompt you with an error if none of the admin users exist in LDAP and switch back to ordinary login.

Anyone is just a registered user after the first login with LDAP credentials and the initially created admin user has to provide the automatically registered users with admin privileges, if needed. To do this switch to the Manage groups module and assign those users the admin group.

To set up LDAP switch to Client communication -> Authentication

Create a simple authentication account for phpBB to bind to LDAP, since the bind user's password is stored in the database in plaintext by phpBB!

Select an authentication method: Ldap

Phpbb-web-setup-18.png

Option Value
Ldap server name ldaps://localhost
Ldpa server port 7636
Ldap base dn <BASE DN>
Ldap uid uid
Ldap user filter optional to further limit access (e.g. objectClass=posixGroup)
Ldap email attribute <leave empty>
Ldap user dn uid=<bind user uid>,cn=users,<BASE DN>
Ldap password <bind user's password>
Note: <BASE DN> can be obtained by executing
ucr get ldap/base

Note: The bind user's password will be stored as plain text in the database, visible to everybody who can access your database or who can view this configuration page. You might want to create an extra binding user to increase security.

Click on Submit.

A green box saying Configuration updated successfully. should appear.

Add phpBB3 to web services

To add phpBB3 to the web services on the UCS overview page, execute this:

ucr set \
ucs/web/overview/entries/service/phpbb-<forum name>/description="Forum" \
ucs/web/overview/entries/service/phpbb-<forum name>/label/de="Forum" \
ucs/web/overview/entries/service/phpbb-<forum name>/label="Forum" \
ucs/web/overview/entries/service/phpbb-<forum name>/link="/<phpBB folder>"

Hint: Change phpbb-<forum name> to the folder that contains phpBB in /var/www.

Further information

Further information about additional functionality and various optional features can be obtained from phpBB project page.

Personal tools