Nethserver-dokuwiki ldap auth problem when connected to a remote ldap bind

pagaille · June 14, 2019, 12:26pm

Hi there, hi @stephdl

I’d like to report some problems I have had when installing nethserver-dokuwiki on a nethserver connected to remote opendldap server.

Here is the bind setup :

After installation, the file /etc/dokuwiki/local.protected.php was not correctly configured :

$conf['authtype'] = 'authldap';
$conf['plugin'][$conf['authtype']]['server'] = "ldaps://domain.tld:636:636";

note the double 636.

$conf['plugin']['authldap']['starttls']   = 1;

Not blocking but leads to an error message. I had to disable this.

Question :

Is there a way to enable the users to log in with their email address (which they are used to) ? I tried with '(&(|(objectclass=inetOrgPerson))(|(uid=%{user})(|(mail=%{user}))))' and it works but the group association doesn’t work anymore and I don’t see a way to make it work with an email as login.

m.traeumner · June 14, 2019, 12:42pm

I think at LDAP server URL you only have to set the server url without the port.

stephdl · June 14, 2019, 1:39pm

I cannot reproduce

<?php
/*
# ================= DO NOT MODIFY THIS FILE =================
# 
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
# 
*/

$conf['authtype'] = 'authldap';
$conf['plugin'][$conf['authtype']]['server'] = "ldap://127.0.0.1:389";
$conf['plugin'][$conf['authtype']]['version'] = '3';
$conf['plugin'][$conf['authtype']]['usertree'] = "ou=People,dc=directory,dc=nh";
$conf['plugin'][$conf['authtype']]['grouptree'] = "ou=Groups,dc=directory,dc=nh";
$conf['plugin'][$conf['authtype']]['userfilter'] = '(&(uid=%{user})(objectClass=inetOrgPerson))';
$conf['plugin']['authldap']['groupfilter']  = '(|(memberUid=%{user})(gidNumber=%{gid}))';
$conf['plugin'][$conf['authtype']]['groupkey'] = 'cn';
$conf['plugin']['authldap']['binddn']     = "cn=ldapservice,dc=directory,dc=nh";
$conf['plugin']['authldap']['bindpw']     = "Z59OUcMHGUaidA_x";
$conf['plugin']['authldap']['starttls']   = 1;
$conf['plugin']['authldap']['modPass'] = 0;


$conf['useacl'] = 1;



?>

stephdl · June 14, 2019, 1:46pm

ok got it you used a remote ldap provider, no tested in that scenario, it should work OTB, will try when I got time

pagaille · June 15, 2019, 6:41am

Indeed, that’s strange. I don’t how I end up with such a configuration… But it works