Cannot set up ldap plugin to work

Hi there,

After follow the instruction on how to setup authentication source to setup ldap. I cannot see how to change from local database to ldap when login into OJS

Can you guide me how to setup ldap plugin to work?

Thank you very much,


I haven’t actually used the LDAP plugin, but it looks like he authentication source is defined per user. Once enabled, the Journal Manager can edit the profile of an individual user and change the authentication source to the LDAP instance.


Thank you for your reply. Do i need to register user to be able to login with ldap account (username, password)?
Can i login with ldap user without any pre-registration?


Here my login screen. I didn’t have any option that let me choose to login with ldap account:

The username will be checked for which authentication source is used, then the username and password will be handed off to that source. Thus, there is no prompt at this screen as to what the authentication source is.

I don’t see anywhere in the LDAP plugin code that would provide a registration method directly against LDAP. (C.f. ojs/ at ojs-dev-2_4 · pkp/ojs · GitHub and ojs/ at ojs-dev-2_4 · pkp/ojs · GitHub)

So for you, all account need to be registered first in OJS systeme by using ldap as source before it can be used to login?
Plus, after one ldap account is use to login, does ojs create local account in its database?

OJS will maintain a local user profile for each user, regardless of the authentication source.

It is possible that this line supports new registrations directly against an alternate authentication source, such as LDAP:

If you set your LDAP source to be the “default authentication” source, can you register a new user by filling out the Registration Form, using the existing LDAP username and Password where you would normally fill in a new username and password?

Yes, i can register a new user with the existing ldap username and password but i cannot login using those informations.

After self-registering the user, as a Journal Manager, review the user’s profile. Is the authentication source being set correctly?

Yes. The authentication source being set correctly. It’s LDAP as i try to setup ldap authentication.
But i cannot login and always get message : Invalid username or password. Please try again.

Do we have to register user in advance or we can login with ldap user without any registration?

My reading of the code is that you must register the user in advance.

If an LDAP datasource is selected as the default authentication source, and if the username and password you enter within the registration form matches what is used in LDAP, it looks like the registration is intended to link the user against that default LDAP datasource.

Hmm, I don’t really understand the mecanism of the system. If we still need to registrer manually the user why do we need ldap. Plus, we don’t know the password of everybody.

Sorry i am not good at code reading so it’s really hard for me to understand.
Other system like Moodle, it create user in its database after user authicated via ldap or SSO.

I thought it is the same thing for OJS.

I agree with you regarding the way it “ought” to work - authentication via LDAP or other distributed authentication ought to imply registration, creating the local user record.

I have several feature requests on my todo list related to this:

My intent is (once I get time to dig into these) to have a consistent authentication architecture which should work this way for LDAP, OpenID, OAuth, Shibboleth, etc. Right now this is targeted for the 3.x line, but I also have vested interest in backporting to 2.4.x.

That said, if you want to register users on their behalf, I think you can create their accounts with disposable passwords, and when you change their authentication source, the LDAP password will be required. If you want users to self-register, you just need to direct them to the registration page instead of the login page, communicating that they still need to use their existing username and password, even though it looks like they are registering for a new account.

Thank you Graham ! It’s very kind of you to get sometime to reply to my question.

Will try to set ldap plugin to work by pre-registering user account as you said.
Anyways, have you already set it up to work? I mean login with ldap user account.


I have not used the LDAP plugin personally. I tried setting it up on one of my test instances just now, but was missing the php_ldap libraries, so I didn’t go further than that at this time.