Integrate SugarCRM with Active Directory

Here is a quick how to guide on configuring SugarCRM to integrate with your Active Directory.

First thing you need to do is log into your SugarCRM and click on the admin link in the upper right hand corner.

Scroll down to System Settings and click on this link.

Now scroll down to LDAP Authentication Support and enable it. This will expand out and you will need to configure these settings.

Here is a better explanation of the above settings:

  • Enable LDAP – Yes
  • Server enter the FQDN of your Active Directory Server – (example: MYSERVER.MYDOMAIN.com. This should be your Domain Controller)
  • Port enter 389 – (This is the default port enter it unless you have some custom configuration for LDAP)
  • Base DN enter OU=sugarcrm,DC=MYSERVER,DC=MYDOMAIN,DC=com – (The OU “OU=sugarcrm” is the actual OU in Active Directory that you chose to put your users in. Note this OU does not have to called sugarcrm. It can be called anything you want or any OU that has the users you want to be in your SugarCRM.)
  • Bind Attribute enter userPrincipalName – (This is what is used for Active Directory. If you had Mac network, or OpenLDAP you would use something else.)
  • Login Attribute enter samaccountname – (This is what is used for Active Directory. If you had Mac network, or OpenLDAP you would use something else.)
  • Authenticated User enter username@MYSERVER.MYDOMAIN.com or domain\userfirstname.userlastname  – (You need to add a user to your active directory for the purpose of authenticating from your SugarCRM to your active directory to read the LDAP. This user should be a service account that needs only read access to Active Directory. If you chose to enter int his format “domain\userfirstname.userlastname” enter it with two backslashes like “domain\\userfirstname.userlastname” because when you click save Sugar will remove one of the backslashes.)
  • Authenticated Password enter the password of the authenticated user you created.
  • Auto Create Users – (I typically turn this on. When you create an AD user you don’t have to create their account in SugarCRM you just have them log in and SugarCRM will create the account automatically.)

Once you are done configuring that you need to make some changes in PHP.

By default  in PHP the LDAP module is not loaded. To load this run this command from a shell:

yum install php-ldap

Now go to your php.ini file and add the below line:
extension=ldap.so

I simply added to the bottom of my php.ini file.

There is another line that is commented out by default. You need to turn LDAP on. Do a search for:
extension=php_ldap.dll and un-comment this line.

Save your php.ini file. Restart Apache web server and then try to log in with one of your Active Directory accounts.

Leave a Comment