Not logged in. · Lost password · Register
Forum: General Help and Support Features and Functionality RSS
Using AD-Auth backend in an multidomain (trused) environment
Avatar
og #1
Member since May 2006 · 154 posts · Location: 86899 Landsberg
Group memberships: Members
Show profile · Link to this post
Subject: Using AD-Auth backend in an multidomain (trused) environment
I'm currently using DW with the Active Directroy auth backend to authenticate my users. We now joined our domain with another one, building a Windows trust relationship between them. Now, i want the new users from the other domain to be able to logon to DW using their credentials. I've tried using the UPN-form as "user@domain" but it won't work.
Is there any implementation to this? I think there must be a domain-popup, like Windows shows on logon, to get them online.
Oli...
Avatar
andi (Administrator) #2
Member since May 2006 · 2446 posts · Location: Berlin Germany
Group memberships: Administrators, Members
Show profile · Link to this post
The AD backend allows to configure multiple AD servers and use the correct one based on the user's Domain. However this currently works for SSO logins only. There's no way to specify the domain in the login currently. I suggest to open a feature request ticket.
Read this if you don't get any useful answers.
Lies dies wenn du keine hilfreichen Antworten bekommst.
Avatar
og #3
Member since May 2006 · 154 posts · Location: 86899 Landsberg
Group memberships: Members
Show profile · Link to this post
How does the backend do this? I've read about adLDAP but can't find how it should determine the DC of a simple username entered. Also i did not work for me. Please could you explain?
Oli...
Avatar
andi (Administrator) #4
Member since May 2006 · 2446 posts · Location: Berlin Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Read my reply again. It only works with SSO. The Kerberos/NTLM mechanism send the domein in the user name.
Read this if you don't get any useful answers.
Lies dies wenn du keine hilfreichen Antworten bekommst.
Avatar
og #5
Member since May 2006 · 154 posts · Location: 86899 Landsberg
Group memberships: Members
Show profile · Link to this post
You're right, didn't mention that. I will open FR to get this done.
Oli...
Avatar
stedster #6
Member since Feb 2010 · 6 posts
Group memberships: Members
Show profile · Link to this post
So the FR is there (http://bugs.dokuwiki.org/index.php?do=details&task_id=…), but it seem like nothing happened.
I read a little about adldap and as far as I understand this is not supported by it at all.

So the only way would be to hack it into Dokuwiki and make this work somehow by passing values for the Domain in use to $conf['auth']['ad']['account_suffix'] and so on.

Or is there any other way to do it?
Oliver, did you find any workaround? More than one wiki maybe?

I know MediaWiki offers multidomain login, but it has no ACLs... and I like Dokuwiki better anyways :-)

Thanks!
Avatar
andi (Administrator) #7
Member since May 2006 · 2446 posts · Location: Berlin Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Just a tip: most development on the AD backend was done because someone paid for it. Eg. some company needed a feature and hired my company to implement it.

If you really need this feature for your company, I highly recommend going this way. I do not have an AD Server at home and no use for it myself, so development out of pure boredom in this area is highly unlikely ;-)
Read this if you don't get any useful answers.
Lies dies wenn du keine hilfreichen Antworten bekommst.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20120620-dev, © 2003-2011 by Yves Goergen
Current time: 2014-04-18, 20:11:17 (UTC +02:00)