I think at LDAP server URL you only have to set the server url without the port.
I cannot reproduce
<?php
/*
# ================= DO NOT MODIFY THIS FILE =================
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
#
*/
$conf['authtype'] = 'authldap';
$conf['plugin'][$conf['authtype']]['server'] = "ldap://127.0.0.1:389";
$conf['plugin'][$conf['authtype']]['version'] = '3';
$conf['plugin'][$conf['authtype']]['usertree'] = "ou=People,dc=directory,dc=nh";
$conf['plugin'][$conf['authtype']]['grouptree'] = "ou=Groups,dc=directory,dc=nh";
$conf['plugin'][$conf['authtype']]['userfilter'] = '(&(uid=%{user})(objectClass=inetOrgPerson))';
$conf['plugin']['authldap']['groupfilter'] = '(|(memberUid=%{user})(gidNumber=%{gid}))';
$conf['plugin'][$conf['authtype']]['groupkey'] = 'cn';
$conf['plugin']['authldap']['binddn'] = "cn=ldapservice,dc=directory,dc=nh";
$conf['plugin']['authldap']['bindpw'] = "Z59OUcMHGUaidA_x";
$conf['plugin']['authldap']['starttls'] = 1;
$conf['plugin']['authldap']['modPass'] = 0;
$conf['useacl'] = 1;
?>
ok got it you used a remote ldap provider, no tested in that scenario, it should work OTB, will try when I got time
Indeed, that’s strange. I don’t how I end up with such a configuration… But it works
I removed the “:636” at the end of the LDAP server URI field in the server manager, now it’s ok for Dokuwiki.
I also set “No” for STARTTLS in the UI but that parameter looks not being taken into account by the template, I had to set it to “0” manually in the configuration file.
So the most annoying problem is the inability to login using an email address…
Sorry, I did not find time to dive inside your issue, will try to check and to reproduce the remote ldap account, but can you login with a local account provider (dokuwiki hosted on the same server) with the email ’ address?
Just tested.
- With AD : works OTB
- With DC : authentications is done with uid, not with email.
So the problem is not related to a non-localhost ldap server install but because of DC.
/etc/dokuwiki/local.protected.php
:
- AD :
$conf['authtype'] = 'authad';
$conf['plugin']['authad']['account_suffix'] = '@gaillet.be';
$conf['plugin']['authad']['base_dn'] = 'dc=ad,dc=gaillet,dc=be';
$conf['plugin']['authad']['domain_controllers'] = 'ldaps://ad.gaillet.be'; //multiple can be given
$conf['useacl'] = 1;
- DC :
$conf['authtype'] = 'authldap';
$conf['plugin'][$conf['authtype']]['server'] = "ldap://127.0.0.1:389";
$conf['plugin'][$conf['authtype']]['version'] = '3';
$conf['plugin'][$conf['authtype']]['usertree'] = "ou=People,dc=directory,dc=nh";
$conf['plugin'][$conf['authtype']]['grouptree'] = "ou=Groups,dc=directory,dc=nh";
$conf['plugin'][$conf['authtype']]['userfilter'] = '(&(uid=%{user})(objectClass=inetOrgPerson))';
$conf['plugin']['authldap']['groupfilter'] = '(|(memberUid=%{user})(gidNumber=%{gid}))';
$conf['plugin'][$conf['authtype']]['groupkey'] = 'cn';
$conf['plugin']['authldap']['binddn'] = "cn=ldapservice,dc=directory,dc=nh";
$conf['plugin']['authldap']['bindpw'] = "********************";
$conf['plugin']['authldap']['starttls'] = 1;
$conf['plugin']['authldap']['modPass'] = 0;
$conf['useacl'] = 1;
Very different.
yes with samba4 you use the self bind
, so the user authenticates himself
I retrieve the data, directly from NethServer::SSSD, so it is probably a matter to bind the good data, but I do not know if I could offer user and email address
However why you went to openLdap
It’s so lightweight and easy to install compared to the bloated MS-stylish AD !
for now modify, of course the next template-expand and update will remove your change
- $conf['plugin'][$conf['authtype']]['userfilter'] = '(&(uid=%{user})(objectClass=inetOrgPerson))';
+ $conf['plugin'][$conf['authtype']]['userfilter'] = '(&(mail=%{user})(objectClass=inetOrgPerson))';
I think I tried that (see post #7), it works but we loose the group association (which is useful for ACL)
thank for the hint
you have a debug that is useful to play
$conf['plugin']['authldap']['debug'] = 1;
I think I got it, please could you test this fix in /etc/dokuwiki/local.protected.php
...
$conf['plugin'][$conf['authtype']]['userfilter'] = '(|(uid=%{user})(mail=%{user}))';
$conf['plugin']['authldap']['groupfilter'] = '(memberUid=%{uid})';
...
$conf['plugin']['authldap']['debug'] = 1;
add also the full email of the admin inside /etc/dokuwiki/local.php
$conf['superuser'] = 'admin,admin@nethservertest.org';
$conf['plugin']['authldap']['starttls'] = 1;
this is a bug now I retrieve the startTls from NethServer::SSSD (0 or 1)
Yep. Working
Well done cpt code cruncher And thanks !!
Please don’t tell that to others, but I am just a guy who try and try until it works