Nethserver-dokuwiki ldap auth problem when connected to a remote ldap bind

Hi there, hi @stephdl :slight_smile:

I’d like to report some problems I have had when installing nethserver-dokuwiki on a nethserver connected to remote opendldap server.

Here is the bind setup :


After installation, the file /etc/dokuwiki/local.protected.php was not correctly configured :

$conf['authtype'] = 'authldap';
$conf['plugin'][$conf['authtype']]['server'] = "ldaps://domain.tld:636:636";

note the double 636.

$conf['plugin']['authldap']['starttls']   = 1;

Not blocking but leads to an error message. I had to disable this.

Question :

Is there a way to enable the users to log in with their email address (which they are used to) ? I tried with '(&(|(objectclass=inetOrgPerson))(|(uid=%{user})(|(mail=%{user}))))' and it works but the group association doesn’t work anymore and I don’t see a way to make it work with an email as login.

I think at LDAP server URL you only have to set the server url without the port.

I cannot reproduce

# ================= DO NOT MODIFY THIS FILE =================
# Manual changes will be lost when this file is regenerated.
# Please read the developer's guide, which is available
# at NethServer official site:

$conf['authtype'] = 'authldap';
$conf['plugin'][$conf['authtype']]['server'] = "ldap://";
$conf['plugin'][$conf['authtype']]['version'] = '3';
$conf['plugin'][$conf['authtype']]['usertree'] = "ou=People,dc=directory,dc=nh";
$conf['plugin'][$conf['authtype']]['grouptree'] = "ou=Groups,dc=directory,dc=nh";
$conf['plugin'][$conf['authtype']]['userfilter'] = '(&(uid=%{user})(objectClass=inetOrgPerson))';
$conf['plugin']['authldap']['groupfilter']  = '(|(memberUid=%{user})(gidNumber=%{gid}))';
$conf['plugin'][$conf['authtype']]['groupkey'] = 'cn';
$conf['plugin']['authldap']['binddn']     = "cn=ldapservice,dc=directory,dc=nh";
$conf['plugin']['authldap']['bindpw']     = "Z59OUcMHGUaidA_x";
$conf['plugin']['authldap']['starttls']   = 1;
$conf['plugin']['authldap']['modPass'] = 0;

$conf['useacl'] = 1;


ok got it you used a remote ldap provider, no tested in that scenario, it should work OTB, will try when I got time

1 Like

Indeed, that’s strange. I don’t how I end up with such a configuration… But it works :slight_smile: