myDBR allows you to use Microsoft Active Directory for user authentication. This includes user creation, authentication, group creation and user group handling. The functionality is the same as in myDBR's SSO-authentication.
In order to use Active Directory authentication, the following settings needs to be defined in Environment settings:
Domain ControllerActive Directory server(s) handling the security authentication requests. If you want to balance the queries over multiple controllers separate them with commas.
Account SuffixThe full account suffix for your domain
Base DNWhere to start the searches in Active Directory. If left empty myDBR will attempt to detect this information automatically from your domain controller
UsernameUsername which has read privileges to Active Directory
PasswordPassword for the Username
To configure myDBR's Active Directory-authentication in the Active Directory server, the following groups need to be defined:
myDBR GroupsA group defining the AD groups which will be considered as myDBR groups. The default name for this group is 'myDBR Groups'. All other myDBR groups must be members of this group. If you wish the change the default group name, place definition
$mydbr_defaults['active_directory_mydbr_groups'] = 'NEWMYDBRGROUPNAME';into mydbr/user/defaults.php.
myDBR AdminsIf user belongs to this group (s)he is granted admin rights to myDBR. The default name for this group is 'myDBR Admins' and the group must be member of 'myDBR Groups'. If you wish the change the default group name, place definition
$mydbr_defaults['active_directory_mydbr_admin_group'] = 'NEWADMINGROUPNAME';into mydbr/user/defaults.php.
Other groups inside 'myDBR Groups' to define user groups to which you can define reports toAny group added to 'myDBR Groups' will be shown as a user group inside myDBR. This will allow one to define different access rights to different reports. Users can be member of these groups directly or via other AD groups belonging to these groups.
All of the predefined group names can be customized in mydbr/user/defaults.php.
myDBR determines if user in Active Directory is a myDBR user by checking if the user belongs to any of the groups listed in Active Directory group 'myDBR Groups' or is directly member of 'myDBR Groups'.
All user group handling is done inside Active Directory. When a user logs in her/his groups are checked against the Active Directory provided group list.
If the Active Directory is set as a login method, administrators can still login with myDBR login by adding
&local=1 to login URL. For example
if you have installed myDBR at
localhost/mydbr you would login locally using
To prevent users logging in with the myDBR login when AD is used, remove unnecessary myDBR logins and secure the admin password.