dokuwiki with LDAP authentication

Question

I've setup dokuwiki in my workplace. I'd like to set the authentication to LDAP but I don't manage to get it to work. My company is using OpenLDAP.

I'm not sure if it's even possible since I probably don't have enough information about the LDAP settings. On our FTP server we use .htaccess to for authentication

AuthType Basic
AuthName "Authentication"
AuthAuthoritative off
AuthLDAPURL "ldap://ldapref.domain.xx.xy/dc=domain,dc=xx,dc=xy?uid"
require valid-user

I always get the following error:

LDAP: couldn't connect to LDAP server

I was hoping I could somehow simply use the .htaccess settings in dokuwiki to authenticate through LDAP.

Is this possible?

Answer 1

Use the ldapsearch tool to verify that the host upon which the LDAP client is running can access the server, and further that the LDAP client can authenticate. Use something to the effect of:

ldapsearch -H ldap://ldapref.domain.xx.xy \
  -b dc=domain,dc=xx,xy=at -s sub -x -LLL \
  '(uid=<the-user-id-to-authenticate>)' 1.1

The above command assumes the legacy OpenLDAP search syntax since the question mentioned OpenLDAP.

If the search succeeds then the LDAP client should be able to connect and authenticate with the same parameters. Ideally, the ldapsearch tool should be executed upon the same system which will authenticate to the LDAP server.

see also

• LDAP: using ldapsearch

Answer 2

The information you've got there should be enough to configure at least the logging in part of the authldap plugin. See https://www.dokuwiki.org/plugin:authldap

The group setup should probably be relatively straight forward too when you're using a relatively common OpenLDAP setup.

This setup might probably work for you:

<?php
/* OpenLDAP config */
$conf['plugin']['authldap']['server']      = 'ldapref.domain.xx.xy';
$conf['plugin']['authldap']['usertree']    = 'uid=%{user}, ou=People,dc=domain,dc=xx,dc=xy';
$conf['plugin']['authldap']['grouptree']   = 'ou=Groups,dc=domain,dc=xx,dc=xy';
$conf['plugin']['authldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(memberUid=%{uid})(gidNumber=%{gid})))';