Tiki LDAP FAQ Help

Print List FAQs

Questions

  1. What needs to be configured on LDAP Base DN?
  2. How do I configure LDAP User Authentication with Windows Active Directory?
  3. I've changed the login settings (LDAP or SSL only), and now can't log in.

Answers

Question: What needs to be configured on LDAP Base DN?
Answer 

normaly dc=yourDomain, dc=com

Question: How do I configure LDAP User Authentication with Windows Active Directory?
Answer 

PHP Tiki LDAP User Authentication

Environment: IIS 5.0, PHP 4.3.3, Tiki 1.7.1.1, Windows 2000 SP 3 (German). Active Directory is on another server, also Windows 2000 SP3 (German).

Note that only the configuration changes from the default are described here. - activate extension php_ldap.dll in php.ini - copy all dll's from the PHP directory (e.g., c:\php\dlls) to a directory where Windows can find them (e.g., c:\winnt\system32) or add this directory to PATH or just copy the files ssleay32.dll and libeay32.dll (for PHP >= 4.3.0, or libsasl.dll for PHP < 4.3.0) where Windows can find them. See PHPs install.txt. - Login to Tiki as Admin and go to the Login configuration page accessed by selecting 'Admin (click!)' - in the 'User registration and login' section, set 'Authentication method' to 'Tiki and PEAR::Auth' - in the 'PEAR::Auth' section, activate 'Create user if not in Tiki?' - in the 'PEAR::Auth' section, set 'LDAP Host:' to the Active Directory server's name or IP address - in the 'PEAR::Auth' section, set 'LDAP Base DN:' to the LDAP version of the domain name as it appears in 'Active Directory Users and Computers'. E.g., if the domain is called my-domain.local, set this to 'dc=my-domain,dc=local' - in the 'PEAR::Auth' section, set 'LDAP User Attribute:' to 'sAMAccountName' - in the 'PEAR::Auth' section, set 'LDAP User OC:' to 'User'

By default, Active Directory does not allow anonymous ldap_search! Therefore, you have to make a small change in lib\pear\AUTH\Container\LDAP.php in order to ldap_bind with a user account that has the right to do so: in the function _connect(), change the line (189) if @ldap_bind($this->conn_id? == false) { to if @ldap_bind($this->conn_id,"someuser","somepassword"? == false) { where "someuser" is an existing Active Directory user with the password "somepassword". Specify the username as , if the domain is called my-company.local. Obviously, you best create a new user account for this.

Question: I've changed the login settings (LDAP or SSL only), and now can't log in.
Answer 

I've found this listed twice in the "suggested questions" box, and have just done it to myself, as well. I think that three makes it officially a FAQ. :-) Does anyone know how I can reset the login perms and point to any docs on what needs to be done BEFORE turning on this authentication function? Thanks! Patrick Salsbury

6 Comments

Last changes

Site Language: English