GRR is a room booking software.

GRR has a SSO configuration page in its administration panel.

Do not use Lemonldap mode, which is for a very old Lemonldap version, but HTTP authentication.

Set the default profile of connected users and which headers contains surname, firstname and mail.

GRR will check the username in REMOTE_USER, so use remote header conversion if you are in proxy mode.

Access rules:

  • ^/index.php ⇒ accept
  • default ⇒ unprotect


  • Auth-User $uid
  • Auth-Sn: $sn
  • Auth-GivenName: $givenName
  • Auth-Mail: $mail