Re: [Phpwiki-talk] LDAP

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Paul Henry schrieb:

> Having trouble setting up LDAP to work in 1.3.7. I have WikiUserNew set
> to off. With the following settings, I cannot seem to authenticate user
> "PaulHenry" against the ldap server.
> 
> These are my index.php settings...
> 
> if (!defined('ALLOW_ANON_USER')) define('ALLOW_ANON_USER', true);
> if (!defined('ALLOW_ANON_EDIT')) define('ALLOW_ANON_EDIT', false);
> if (!defined('REQUIRE_SIGNIN_BEFORE_EDIT'))
> define('REQUIRE_SIGNIN_BEFORE_EDIT', ! ALLOW_ANON_EDIT);
> if (!defined('ALLOW_BOGO_LOGIN')) define('ALLOW_BOGO_LOGIN', false);
> 
> if (!defined('ALLOW_USER_PASSWORDS')) define('ALLOW_USER_PASSWORDS',
> true);

the following is ignored in ENABLE_USER_NEW = false

> if (defined('ALLOW_USER_PASSWORDS')) {
>     if (!isset($USER_AUTH_ORDER))
>         $USER_AUTH_ORDER =
>             array(
> //                "BogoLogin",
> //                "PersonalPage",
> //                "HttpAuth",
> //                "Db",
>                   "LDAP",  // define LDAP_AUTH_HOST and LDAP_AUTH_SEARCH
> //                "IMAP",  // define IMAP_AUTH_HOST
> //                "File"   // define AUTH_USER_FILE and opt.
> AUTH_USER_FILE_STORABLE
>                   ) ;
> 
>     if (!defined('PASSWORD_LENGTH_MINIMUM'))
> define('PASSWORD_LENGTH_MINIMUM', 4);
> 
>     if (!defined('USER_AUTH_POLICY'))
>         //define('USER_AUTH_POLICY','first-only');
>         //define('USER_AUTH_POLICY','old');
>         define('USER_AUTH_POLICY','strict');
>         //define('USER_AUTH_POLICY','stacked');
> }

these three are the only important settings.

> // LDAP auth
> if (!defined('LDAP_AUTH_HOST'))   define('LDAP_AUTH_HOST', '127.0.0.1');
> // Give the right LDAP root search information in the next statement.
> if (!defined('LDAP_AUTH_SEARCH')) define('LDAP_AUTH_SEARCH',
> "dc=nodomain");
> 
> if (!defined('ALLOW_LDAP_LOGIN')) define('ALLOW_LDAP_LOGIN', true and
> function_exists('ldap_connect'));
> 
> 
> Here's the ldap dump:
> 
> bullwinkle:/etc/ldap# ldapsearch -x
> # extended LDIF
> #
> # LDAPv3
> # base <> with scope sub
> # filter: (objectclass=*)
> # requesting: ALL
> #
> 
> # nodomain
> dn: dc=nodomain
> objectClass: top
> objectClass: dcObject
> objectClass: organization
> o: nodomain
> dc: nodomain
> 
> # admin, nodomain
> dn: cn=admin,dc=nodomain
> objectClass: simpleSecurityObject
> objectClass: organizationalRole
> cn: admin
> description: LDAP administrator
> userPassword: <removed>
> 
> # PaulHenry, nodomain
> dn: cn=PaulHenry,dc=nodomain
> objectClass: person
> cn: PaulHenry
> sn: Henry
> userPassword:: dGVzdA==
> 
> Suggestions?

not in this moment, since I (in fact my colleague) just setup our own 
samba ldap system, which I will use to get known to LDAP and to finish 
the WikiGroup LDAP class.
we use "uid=userid" as search string for WikiUser, which is fine.

your setup looks fine to me. PaulHenry is in dc=nodomain.
but we use it this way:

ldapsearch -x -h AUTH_LDAP_HOST -b dc=nodomain uid=PaulHenry

Note that the full ldap url might be needed in php "ldap://localhost"
like ldapsearch -x -H AUTH_LDAP_HOST -b dc=nodomain uid=PaulHenry

BTW: LDAP is great together with samba to have a common auth system for 
linux and windows servers. single user and password for all. also group 
and machine management.
-- 
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban/