Not logged in. · Lost password · Register
Forum: General Help and Support Installation and Configuration RSS
ldap auth group support with groupOfNames
Avatar
kokel #1
Member since Sep 2013 · 2 posts
Group memberships: Members
Show profile · Link to this post
Subject: ldap auth group support with groupOfNames
Hello,

I have a problem with groupOfNames in ldap auth plugin with dokuwiki weatherwax.

LDAP:
Group Object:
dn: cn=wikiAdmins,ou=wiki,ou=groups,dc=example,dc=com
objectClass: top
objectClass: groupOfNames
cn: wikiAdmins
member: uid=tobias.hachmer,ou=users,dc=example,dc=com

User Entry:
dn: uid=tobias.hachmer,ou=users,dc=example,dc=com
structuralObjectClass: inetOrgPerson
memberOf: cn=wikiAdmins,ou=wiki,ou=groups,dc=example,dc=com

dokuwiki conf:
$conf['authtype'] = 'authldap';
$conf['passcrypt'] = 'ssha';
$conf['plugin']['authldap']['server'] = 'ldap://ldap.example.com:389';
$conf['plugin']['authldap']['usertree'] = 'ou=users,dc=example,dc=com';
$conf['plugin']['authldap']['grouptree'] = 'ou=wiki,ou=groups,dc=example,dc=com';
$conf['plugin']['authldap']['userfilter'] = '(&(uid=%{user})(objectClass=person))';
$conf['plugin']['authldap']['groupfilter'] = '(&(objectClass=groupOfNames)(member=%{dn}))';
$conf['plugin']['authldap']['version'] = 3;
$conf['plugin']['authldap']['starttls'] = 1;
$conf['plugin']['authldap']['binddn'] = 'uid=wiki,ou=systems,dc=example,dc=com';
$conf['plugin']['authldap']['bindpw'] = 'pw';
$conf['plugin']['authldap']['groupkey'] = 'uid';
$conf['plugin']['authldap']['debug'] = 1;

I can't get the group stuff working. Authentication works fine but dokuwiki doesn't recognize ldap groups.

Running doku.php?do=check as authenticated ldap user gets this:
You are currently logged in as tobias.hachmer (Tobias Hachmer)
You are part of the groups user

The user group is not from ldap.
Please give me hint what I am doing wrong or to get this working.

Thanks,
Kokel
Avatar
JeremyBYU #2
Member since Oct 2013 · 2 posts
Group memberships: Members
Show profile · Link to this post
I seriously dont know if this will help, but I'll give it a shot.

I tried forever to get LDAP to work but i never really could. So I ended up using the AD plugin.  I got authentication to work, but I couldnt get all my groups to work.  The basic built in groups worked like Domain Admin, but the ones that I made did not work.  Then I realized the groups that I had were a different security group type.  Mine were Security Group - Global, and theirs were Security Group- Domain Local.  When I made groups that were of that type, it all started working.  So I would check to see if other groups, like Domain Admin work.


The only problem I have now when I try to open user manager it says "authorisation method does not provide user counts".
Avatar
kokel #3
Member since Sep 2013 · 2 posts
Group memberships: Members
Show profile · Link to this post
Thanks for the reply.

But I get this working set the group key back to "cn" which is the default. I had set this to 'uid'.
Maybe the documentation could be more exact about the group key directive or name it to a better one like 'group rdn' e.g.

Regards,
Tobias Hachmer
Avatar
marki1 #4
Member for 3 months · 1 post
Group memberships: Members
Show profile · Link to this post
Better late than never: I'm not sure if the output of doku.php?do=check is updated to reflect the current configuration if you don't log out and back in.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2019-09-23, 16:12:33 (UTC +02:00)