Not logged in. · Lost password · Register
Forum: General Help and Support Installation and Configuration RSS
Use LDAP with local ACL?
Avatar
STaNDaR #1
Member since Apr 2019 · 2 posts
Group memberships: Members
Show profile · Link to this post
Subject: Use LDAP with local ACL?
I've successfully setup Dokuwiki to use LDAPS authentication. However, I have to disable ACL and lose my groups.

I don't have control over the structure of my company's LDAP, so I'd like to setup ACL groups locally. Is it possible to use LDAP authentication with local ACL?

Additionally, using LDAP authentication, it doesn't look like usernames are recorded on page edits. Is there a way to capture LDAP usernames for page edits?
This post was edited 2 times, last on 2019-04-25, 01:30 by STaNDaR.
Avatar
schplurtz (Moderator) #2
Member since Nov 2009 · 493 posts · Location: France, Finistère
Group memberships: Global Moderators, Members
Show profile · Link to this post
I don't have control over the structure of my company's LDAP, so I'd like to setup ACL groups locally. Is it possible to use LDAP authentication with local ACL?
You can use https://www.dokuwiki.org/plugin:authsplit . auth users in LDAP, but group, and eventually other things overridable in plain auth plugin.
You probably want to activate the autocreate_users option. Each LDAP validated user automatically gets an entry in the plain auth plugin. All you have then to do is to set the groups with the standard user manager.

Additionally, using LDAP authentication, it doesn't look like usernames are recorded on page edits. Is there a way to capture LDAP usernames for page edits?
You have to indicate in the LDAP auth plugin configuration which ldap attribute holds this information. This setting is not available in the config manager, manual setting only in local.php. Maybe your directory does not use the default displayname attribute. See https://www.dokuwiki.org/plugin:authldap#plugin_configurat… :
#### not available via Config Manager ####
# Mapping can be used to specify where the internal data is coming from.
$conf['plugin']['authldap']['mapping']['name']  = 'displayname'; # Name of attribute Active Directory stores it's pretty print user name.
Avatar
STaNDaR #3
Member since Apr 2019 · 2 posts
Group memberships: Members
Show profile · Link to this post
Thanks for the suggestion. I'm getting an error; trying to track it down: LDAP search returned non-array result: 1 [auth.php:211]

Full debug:
LDAP user to find: userid [auth.php:186]
LDAP Server: ldaps://my.ldap.server:389 [auth.php:189]
LDAP Filter: objectClass=user [auth.php:200]
LDAP user search: Success [auth.php:202]
LDAP search at: DC=my,DC=ldap,DC=server objectClass=user [auth.php:203]
LDAP search returned non-array result: 1 [auth.php:211]
authsplit:checkPass(): primary auth plugin's getUserData() failed, seems user is yet unknown there. [auth.php:335]
Avatar
StarArmy #4
Member since Nov 2011 · 107 posts
Group memberships: Members
Show profile · Link to this post
In reply to post #2
Name of attribute Active Directory stores it's pretty print user name.
I see a typo in the code (it should be "its").
Avatar
schplurtz (Moderator) #5
Member since Nov 2009 · 493 posts · Location: France, Finistère
Group memberships: Global Moderators, Members
Show profile · Link to this post
Quote by StarArmy:
I see a typo in the code (it should be "its").
corrected in wiki.
Avatar
schplurtz (Moderator) #6
Member since Nov 2009 · 493 posts · Location: France, Finistère
Group memberships: Global Moderators, Members
Show profile · Link to this post
In reply to post #3
Quote by STaNDaR:
LDAP user search: Success [auth.php:202]
LDAP search at: DC=my,DC=ldap,DC=server objectClass=user [auth.php:203]
LDAP search returned non-array result: 1 [auth.php:211]
authsplit:checkPass(): primary auth plugin's getUserData() failed, seems user is yet unknown there. [auth.php:335]
ouch. ldap debug is not really helpful, (at least to me).

But I can see objectClass=user. It's an AD isn't it ?
if this is really the case, thos links may help : https://www.dokuwiki.org/plugin:authldap:ad and maybe https://www.dokuwiki.org/plugin:authad.
'
Avatar
cziehr #7
Member since Jan 2011 · 628 posts · Location: 10119 Berlin
Group memberships: Members
Show profile · Link to this post
In reply to post #1
Quote by STaNDaR on 2019-04-24, 22:26:
Is it possible to use LDAP authentication with local ACL?

The plugin virtualgroup gives you the possibilty to create your own groups in the wiki from users you get from your AD- / LDAP-server. I use it and it works very well.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2019-11-17, 12:38:51 (UTC +01:00)