# Log file

iTop Configuration file: **login_debug** - set to true.
Errors will be logged in log/error.log


# Previous authentications?

When debugging or using initial configuration, it may be required to erase all iTop cookies.

It is recommended to test each supported type (external/form/basic - see **allowed_login_types**) individually rather than all at once.



# LDAP Authentication

Based on https://www.itophub.io/wiki/page?id=latest%3Aadmin%3Auser_authentication_options


There's two main possibilities to provide LDAP authentication through iTop.

## Internal

iTop **internal** authentication assumes iTop checks the credentials.

iTop class:
* UserInternal
  * UserLocal
  * UserLDAP

Internal authentication usually works with a **form** or **basic**

Related PHP variables
```
$_SERVER['PHP_AUTH_USER']
$_SERVER['PHP_AUTH_PW']
```

## External

iTop **external** authentication could also rely on an LDAP user.
This user would have been authenticated by for instance the (Apache) web server instead of iTop itself (Seamless Single Sign On/SSO).

iTop class:
* UserExternal 

Related PHP variables
```
$_SERVER['REMOTE_USER'] (by default, can be changed in iTop configuration file: 'ext_auth_variable')
```

In this case, it will be required that apart from (first in list) "external" allowed_login_types, "form" is added as well.