Zentyal Forum, Linux Small Business Server

Zentyal Server => Directory and Authentication => Topic started by: sk9 on December 04, 2018, 10:48:38 pm

Title: Dokuwiki LDAP authentication on a Zentyal 5.1 server
Post by: sk9 on December 04, 2018, 10:48:38 pm

Hello everyone,
I'm trying to connect Dokuwiki which "runs" on my Zentyal 5.1 server to Zentyal's LDAP. Unfortunately, there is almost no documentation available concerning LDAP in newer Zentyal versions. This made me playing around a lot. Even after reading lots of forum topics about LDAP, I still didn't succeed. Especially, Zentyal displays a base, a user and a group DN, but no password I should use (as in earlier versions). Also, I'm wondering about the user and group filters.

This is how the LDAP section of my Dokuwiki local.php looks like:

Code: [Select]

$conf['authtype'] = 'authldap';
$conf['superuser'] = '@admin';
$conf['disableactions'] = 'register';
$conf['plugin']['authldap']['server'] = 'ldap://127.0.0.1';
$conf['plugin']['authldap']['port'] = 389;
$conf['plugin']['authldap']['usertree'] = ' CN=Users,DC=domainname,DC=net ';
$conf['plugin']['authldap']['grouptree'] = ' CN=Users,DC=domainname,DC=net ';
$conf['plugin']['authldap']['userfilter'] = '(&(uid=%{user})(objectClass=posixAccount))\'';
$conf['plugin']['authldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))';
$conf['plugin']['authldap']['version'] = 3;
$conf['plugin']['authldap']['binddn'] = 'CN=Administrator,DC=domainname,DC=net';
$conf['plugin']['authldap']['bindpw'] = '<b>randomstuff';
$conf['plugin']['authldap']['modPass'] = 0;
$conf['auth']['ldap']['groupfilter'] = '(&(objectClass=posixGroup)(memberUID=%{user}))';

Does anybody have ideas? Dokuwiki displays "Couldn't connect to LDAP server" as error message when trying to log in using LDAP.

Title: Re: Dokuwiki LDAP authentication on a Zentyal 5.1 server
Post by: half_life on December 23, 2018, 05:17:00 am

First and foremost,  don't use an admin level user to query ldap.  All you need is a non privileged user to do read only queries.  Use that users DN and their password to connect to ldap. 


I suggest using an ldap query tool to troubleshoot such as  Apache Studio  http://directory.apache.org/studio/downloads.html (http://directory.apache.org/studio/downloads.html)  It has been awhile but you might need to adjust the ldap filters for your needs.