LDAP Authentication Type Configuration

We have provided several configuration settings with the intention of making this package flexible and performant in many different environments. These settings are available from the ec_ldap authentication type page, found by clicking on the authentication type at index.php/dashboard/system/registration/authentication.

Queue Batch Size - When running our user sync job, you may need to adjust the number of users that sync per request to prevent php timeout errors, or to maximize performance. Setting this number higher will result in faster sync times, but is more susceptible to cause errors if the request runs to long.

Link a concrete5 and LDAP user if the email matches - Pretty much what it says. When we attempt to sync LDAP and concrete5 users, normally we check if a link exists and if not we attempt to create it. When this method is enabled, we first check if a user is already linked, if not then we will check if a concrete5 user exists with the same email account and if it does we link it. Note: This could be a security risk if you do not have email verification enabled as it could allow for someone else to create a concrete5 account ahead of tie which is then synced to an ldap account. Use with caution.

LDAP Network Timeout - This is the duration in seconds that we wait for an LDAP server to respond when connecting before trying the next server in the list. If you have high latency LDAP servers you may need to adjust this setting higher, but doing so may cause longer delays in logging in when one or more LDAP servers are unavailable.

LDAP Time Limit - The maximum number of seconds an ldap query can take to run before timing out. Note: The actual time limit for operations is also bounded by the server's configured maximum time. The lesser of these two settings is the actual time limit.

LDAP Cache TTL - The number of seconds to cache LDAP objects. In this package we cache User and Group LDAP queries in certain situations. This helps to reduce the load on your LDAP servers when running the sync job, and additionally helps performance in environments that leverage nested groups. We recommend setting this value to the slightly longer than amount of time that it takes for your environment's user sync job to run (after all users have been synced the first time). If you wish to disable the LDAP Cache, simply set this value to 0.