Several tings:
* You can't activate
use_tls[/m] and [m]use_ssl[/m] at the same time. Try to deactivate both. If everthing works, activate ONE of them to try which one may work out-of-the-box with your environment and start to tinker, if both do not work (TLS is SSL, but [m]use_ssl[/m] triggers other functionality than [m]use_tls[/m]). DokuWiki is using adldap-Lib to realize the auth:ad-Module. After quick look at the source code of the current adLDAP release, it seems that [m]use_ssl[/m] and [m]use_tls[/m] are establishing the encrypted connection in different ways (cf. ~line 639 of the orgiginal [m]adLDAP.php). More information:
http://adldap.sourceforge.net/wiki/doku.php?id=documentation_configuration#ssl,
http://adldap.sourceforge.net/wiki/doku.php?id=documentation_configuration#tls
* There is no
general need to create a special user to do the AD auth.
* It is very hard to debug if you try to get everything working at once. So, start with a simpler config like this as it should work with a common Active Directory:
$conf['authtype'] = 'ad';
$conf['auth']['ad']['account_suffix'] = '@office.domain.com';
$conf['auth']['ad']['base_dn'] = 'DC=office,DC=domain,DC=com';
$conf['auth']['ad']['domain_controllers'] = 'alpha.office.domain.com';
$conf['auth']['ad']['debug'] = 0;
$conf['superuser'] = '@dokuwiki_admins'; //create this group or use another group name
$conf['manager'] = '@dokuwiki_admins';
If this works, add encryption by using
$conf['auth']['ad']['use_tls'] = 1;[/m] OR [m]$conf['auth']['ad']['use_ssl'] = 1;. Then try SSO, expirywarn and stuff and us a special user (if needed at all)