Goal: only allow AD-authenticated users to create/edit/upload.
Progress: AD authentication is working using
http://www.dokuwiki.org/auth:ad, that is it successfully queries AD and I see myself logged in as my AD username.
Problem: AD authenticated users cannot edit pages.
Here are my current edits in conf\local.protected.php (censored):
$conf['disableactions'] = 'register';
$conf['useacl'] = 1;
$conf['autopasswd'] = 0;
$conf['allowdebug'] = 1;
// ad conf
$conf['authtype'] = 'ad';
$conf['passcrypt'] = 'ssha';
$conf['auth']['ad']['account_suffix'] = '@mycompany.com';
$conf['auth']['ad']['base_dn'] = 'DC=mycompany,DC=com';
$conf['auth']['ad']['domain_controllers'] = 'domaincontroller.mycompany.com';
$conf['superuser'] = '@Domain_Users';
Here is my conf\acl.auth.php (uncensored):
* @ALL 1
* @user 8
* @Domain_Users 8
I don't see groups populated when I run doku.php?do=check -- it simply says "You are part of the groups " without enumerating any of the groups.
Windows XP box running
"###### ApacheFriends XAMPP (basic package) version 1.6.6a ######
Apache 2.2.8
PHP 5.2.5 + PHP 4.4.8 + PEAR"
Active Directory from what I can see in AD Mgt:
"Domain Functional Level:
Windows Server 2003"
When running wireshark on the box running dokuwiki, I see that the LDAP bind request succeeds, but then there are two requests with nearly identical responses from the domain controller like this:
"RefErr: DSID-031006E0" with a reference to "mycompany.com" (censored) in it.
Having written all this, I'm now of the suspicion that Active Directory is improperly configured -- because it took me several attempts to find the right base_dn and account_suffix to get it right. I see other names like "mycompany.stupiddomain.com" (censored) in the Active Directory.
Has anyone else run into this and found what it was?