Loading...
 
Skip to main content

History: LDAPUseInPriorVersions

View published page

Source of version: 1 (current)

Copy to clipboard
            !!!LDAP Pear::Auth Settings With LDAP version 3 And TikiWiki 1.9.7

You may have to explicitly set the version in TikiWiki 1.9.7 to get it to work with LDAP v3.  If you are having problems, try the following:

Open userslib.php search for the following code around line 624:
{CODE(ln=>1,colors=>php,wrap=>1,wiki=>1,rtl=>0)}$options["memberisdn"] = ($tikilib->get_preference("auth_ldap_memberisdn", "y") == "y");{CODE}

Add the following lines right after this line:
{CODE(ln=>1,colors=>php,wrap=>1,wiki=>1,rtl=>0)}
$options["version"] = $tikilib->get_preference("auth_ldap_version", "3");
{CODE}

!!!LDAP Pear::Auth Settings With Microsoft Active Directory Services (ADS) And TikiWiki 1.9.7
Essentially the LDAP settings to work with a Microsoft Active Directory Server are the same. However they won't work from the get-go without changing the userslib.php (valid for version  1.9.7)

Open /lib/userslib.php and search for the following code around line 624:
{CODE(ln=>1,colors=>php,wrap=>1,wiki=>1,rtl=>0)}$options["memberisdn"] = ($tikilib->get_preference("auth_ldap_memberisdn", "y") == "y");{CODE}

Add the following lines right after this line:
{CODE(ln=>1,colors=>php,wrap=>1,wiki=>1,rtl=>0)}
$options["binddn"] = $tikilib->get_preference("auth_ldap_adminuser", "");
$options["bindpw"] = $tikilib->get_preference("auth_ldap_adminpass", "");
{CODE}

These lines create the necessary binding for the ADS since by default it doesn't allow anonymous requests.

After that the following LDAP configuration settings do work with ADS:

# in the 'User registration and login' section, set 'Authentication method' to 'Tiki and PEAR::Auth'

In the 'PEAR::Auth' section set the following settings:

# set 'AUTH Type' to 'LDAP'
# set 'LDAP Host:' to the Active Directory server's name or IP address
# set 'LDAP Port:' to '389'
# leave 'BaseDSN' empty
# activate 'Create user if not in Tiki?'
# deactivate 'Create user if not in Auth?' (we do not want the user to be created in the LDAP dir)
# leave 'LDAP URL' empty
# set 'LDAP Scope:' to 'sub'
# set 'LDAP Base DN:' to the LDAP version of the domain name as it appears in 'Active Directory Users and Computers'. E.g., if the domain is called my-domain.local, set this to 'dc=my-domain,dc=local'. You might add an 'ou=yourorganizaonalunit' entry too. That depends on your config.
# leave 'LDAP User DN' empty
# set 'LDAP User Attribute:' to 'sAMAccountName'
# set 'LDAP User OC:' to '*'
# leave 'LDAP Group DN' empty
# set 'LDAP Group Attribute:' to 'cn'
# set 'LDAP Group OC:' to 'groupOfUniqueNames'
# set 'LDAP Member Attribute:' to 'uniqueMember'
# set 'LDAP Member Is DN::' to 'n'
# set 'LDAP Admin User Name' to 'cn=LDAPReader, cn=users, dc=my-domain, dc=local' -  replace 'LDAPReader' with a username that is able to read the LDAP directory on ADS. Adjust the cn=, dc= settings accordingly.
# set 'LDAP Admin User Name' to the password of your LDAPReader user password.

Now you should be able to login. If you get a blank page after login make sure your PHP version is >=4.3.2 as this is required by the LDAP Pear module.  After it works with these basic settings you can further refine the settings carefully if (for example) you only want a special group inside the LDAP directory have access to the TikiWiki.