I've been trying to test out a dokuwiki setup on our company intranet. I'd like to chain (
http://www.dokuwiki.org/auth:ggauth#chained) LDAP and plain authtypes, much like the example given there.
When auth is set to plain, logins work without any debug messages.
When auth is set to ldap, logins work, and I get the message
LDAP user search: Success [ldap.class.php:180]
when I initially login.
When auth is set to chained with authtypes = "ldap,plain", if I log in as a user that should be authenticated by LDAP, it fails and I get the debug messages:
LDAP user search: Operations error [ldap.class.php:180]
Sorry, username or password was wrong.
While if I log in with a user in the plain auth system, it succeeds with the debug messages:
LDAP user search: Operations error [ldap.class.php:180]
LDAP: bind with DOMAINNAME\plainuser failed [ldap.class.php:90]
LDAP user dn bind: Invalid credentials
where plainuser is the username to for the plain auth backend.
Finally, if I use chained with authtypes = "plain,ldap" - ldap logins still don't to work. When logging in as a ldap user, I get the errors
LDAP user search: Operations error [ldap.class.php:180]
Sorry, username or password was wrong.
while logging in with the plain-auth user succeeds without any debug messages.
I found some older notes suggesting that I'm not the only person to have run into this issue (
http://www.dokuwiki.org/tips:chainedauth) but I can't find anything about how to actually solve it.
Does anybody know why LDAP would fail only when used in concert with chained?
EDIT: the author of the chained auth backend correctly points out the known issue
http://www.dokuwiki.org/auth:ggauth#known_issues with cleanID getting called all over the place which is possibly scrubbing out @ or \ character somewhere and thus causing problems.