LDAP / Active directory

Posted by sophana 17 Feb 2005 12:28 GMT-0000

I did succeed in setting up ldap auth once with openldap.
But my hard drive crashed and now I cannot make it work any more. My symtom is a blank page after login.

I'd recommand that you use an ldap browser and browse your active directory to see the structure.

I think you need a bind dn, when I did try the ldap server debug messages, I saw that pear first search for a user, then it launch a bind process.

Posted by willdyke 17 Feb 2005 14:41 GMT-0000

I have been working on this exact problem today.

If you know how to patch your wiki installation, there is a patch attached.

cd $tiki_base
patch -p5 < wiki.patch

The problem is in $tiki_base/lib/pear/Auth/Container/LDAP.php, where the ldap_bind occurs. I believe that an anonymous ldap_bind will not work for all Active Directories - it certainly doesn't work for mine.

In lib/userslib.php, I added the following two lines:

$options["adminuser"] = $tikilib->get_preference("auth_ldap_adminuser", "");
        $options["adminpass"] = $tikilib->get_preference("auth_ldap_adminpass", "");

In lib/pear/Auth/Container/LDAP.php, I changed the lines 188-191 to be:

// bind anonymously for searching
        if ($this->options['adminuser']) {
            $bindresult = @ldap_bind($this->conn_id, $this->options['adminuser'], $this->options['adminpass']);
        } else {
            $bindresult = @ldap_bind($this->conn_id);
        }
                                                                                                                                                                                                                 
        if ($bindresult == false) {
            return PEAR::raiseError("Auth_Container_LDAP: Could not connect and bind to LDAP server.", 41, PEAR_ERROR_DIE);
        }

Give it a go, and let me know of any problems.

Posted by willdyke 17 Feb 2005 14:47 GMT-0000

I couldn't get the patch file to attach to my message.

I have created a new thread called LDAP Active Directory patch.

Posted by Yirm 28 Dec 2007 17:43 GMT-0000

Good news. I checked 1.10 out from CVS, and there seem to have been substantial modifications to the authentication code. By using the 1.10 code and following the instructions at the tiki docs EXACTLY, it works. I was never able to get it to work in 1.9.8.3. I found Microsoft's Netmon 3.1 to be an invaluable tool to find out the LDAP server's responses to troubleshoot my own mistakes. But like I said, follow the instructions for LDAP in the auth docs, and it should work without any modifications to the 1.10 code.

-Jeremy