Loading...
 

Tiki LDAP FAQ

Questions

Answers

Question: What needs to be configured on LDAP Base DN?
Answer:  normaly dc=yourDomain, dc=com
Question: How do I configure LDAP User Authentication with Windows Active Directory?
Answer: 

PHP Tiki LDAP User Authentication

Environment:
IIS 5.0, PHP 4.3.3, Tiki 1.7.1.1, Windows 2000 SP 3 (German).
Active Directory is on another server, also Windows 2000 SP3 (German).

Note that only the configuration changes from the default are described here.
- activate extension php_ldap.dll in php.ini
- copy all dll's from the PHP directory (e.g., c:\php\dlls) to a directory where Windows can find them (e.g., c:\winnt\system32) or add this directory to PATH or just copy the files ssleay32.dll and libeay32.dll (for PHP >= 4.3.0, or libsasl.dll for PHP < 4.3.0) where Windows can find them. See PHPs install.txt.
- Login to Tiki as Admin and go to the Login configuration page accessed by selecting 'Admin (click!)'
- in the 'User registration and login' section, set 'Authentication method' to 'Tiki and PEAR::Auth'
- in the 'PEAR::Auth' section, activate 'Create user if not in Tiki?'
- in the 'PEAR::Auth' section, set 'LDAP Host:' to the Active Directory server's name or IP address
- in the 'PEAR::Auth' section, set 'LDAP Base DN:' to the LDAP version of the domain name as it appears in 'Active Directory Users and Computers'. E.g., if the domain is called my-domain.local, set this to 'dc=my-domain,dc=local'
- in the 'PEAR::Auth' section, set 'LDAP User Attribute:' to 'sAMAccountName'
- in the 'PEAR::Auth' section, set 'LDAP User OC:' to 'User'

By default, Active Directory does not allow anonymous ldap_search! Therefore, you have to make a small change in lib\pear\AUTH\Container\LDAP.php in order to ldap_bind with a user account that has the right to do so:
in the function _connect(), change the line (189)
if @ldap_bind($this->conn_id == false) {
to
if @ldap_bind($this->conn_id,"someuser","somepassword" == false) {
where "someuser" is an existing Active Directory user with the password "somepassword". Specify the username as someuser at my-company.local, if the domain is called my-company.local. Obviously, you best create a new user account for this.

Question: I've changed the login settings (LDAP or SSL only), and now can't log in.
Answer:  I've found this listed twice in the "suggested questions" box, and have just done it to myself, as well. I think that three makes it officially a FAQ. :-) Does anyone know how I can reset the login perms and point to any docs on what needs to be done BEFORE turning on this authentication function? Thanks! Patrick Salsbury

Upcoming Events

1)  21 Mar 2024 14:00 GMT-0000
Tiki Roundtable Meeting
2)  18 Apr 2024 14:00 GMT-0000
Tiki Roundtable Meeting
3)  16 May 2024 14:00 GMT-0000
Tiki Roundtable Meeting
4)  20 Jun 2024 14:00 GMT-0000
Tiki Roundtable Meeting
5)  18 Jul 2024 14:00 GMT-0000
Tiki Roundtable Meeting
6)  15 Aug 2024 14:00 GMT-0000
Tiki Roundtable Meeting
7)  19 Sep 2024 14:00 GMT-0000
Tiki Roundtable Meeting
8) 
Tiki birthday
9)  17 Oct 2024 14:00 GMT-0000
Tiki Roundtable Meeting
10)  21 Nov 2024 14:00 GMT-0000
Tiki Roundtable Meeting