History: LdapAuthenticationAdmin
Preview of version: 18
Instead of using Tiki's internal user system, you can configure Tiki to authenticate users against an LDAP server. The username still has to be in Tiki, but it will authenticate the password against an LDAP server.
Logged in as an administrator, go to the admin screen, and click on Login. 
There you will see two sections: User registration and login and PEAR::Auth.
Under the User registration and login section, change "Authentication Method" to Tiki and PEAR::Auth.
- Create user if not in Tiki?
- If username exists on the LDAP server, it will create the Tiki user and allow them to login.
- Create user if not in Auth?
- Will create a Tiki user even if they do not exist in LDAP directory, and will add the user to the LDAP server using LDAP Admin User/Pwd. Only use this when using the "Users can register" option.
- Just use Tiki auth for admin?
- Just use Tiki authentication, for administrator instead of a LDAP authentication.
- LDAP Host
- FQDN of LDAP server. ("localhost" if it is on the same machine that Tiki is on.)
- LDAP Port
- Port that LDAP server is listening on. Default is 389.
- LDAP Scope
- base, one, or sub (default). Search base DN only, one-level down, or the entire subtree.
- LDAP Base DN
- Base DN (Distinguished Name) of LDAP directory you want to use on the LDAP server. Usually something like dc=example,dc=org.
- LDAP User DN
- What OU are your users under? This may be something like "ou=People". This is just the group/OU; don't put the full DN.
- LDAP User Attribute
- What LDAP attribute are you looking to match as the username. I use shadowAccount for "LDAP User OC", so the username will match up with the uid attribute. This could be "userid" or something else depending on what Object Class you use for the users on the LDAP server.
- LDAP User OC
- Fill in which Object Class your users are setup with in your LDAP directory. As mentioned above, I am using shadowAccount, but this could be posixAccount, account, or others.
- LDAP Group DN (this doesn't seem to get used at this point)
- DN (Distinguished Name) of group you want to have access to Tiki. Usually something like cn=TikiAccess,ou=Group,dc=example,dc=org. *Just a guess, someone please correct/confirm me
- LDAP Group Attribute (this doesn't seem to get used at this point)
- Similar to LDAP User Attribute. What LDAP attribute are you looking to match as the group name. I use groupOfUniqueNames for "LDAP Group OC", so the group will match up with the cn attribute. This could be something else depending on what Object Class you use for the group on the LDAP server.
- LDAP Group OC (this doesn't seem to get used at this point)
- Fill in which Object Class your group is setup with in your LDAP directory. As mentioned above, I am using groupOfUniqueNames, but this could be something else.
- LDAP Member Attribute
- Inside that group what attribute will be the username. If you're using groupOfUniqueNames this should be "uniqueMember".
- LDAP Member is DN
- y/n. Is the value of the LDAP Member Attribute the DN of the user? N means it contains only the username.
- LDAP Admin User
- DN of the LDAP directory admin.
- LDAP Admin Pwd
- Password that goes with this admin account.
Pear::Auth
"An Introduction to LDAP" by Luke A. Kanies — Luke A. Kanies introduces LDAP and explains why it is an important tool for network administrators.
"Getting Started with LDAP" by Luke A. Kanies — Luke A. Kanies shows you how to set up a basic LDAP directory to store Unix user accounts, along with a script to pull those accounts to a Unix system.