[pmwiki-users] ldap authentication & active directory

Patrick R. Michaud pmichaud at pobox.com
Wed Aug 23 09:15:15 CDT 2006


On Tue, Aug 22, 2006 at 06:00:33PM -0400, Gregory Martyn wrote:
>    I'm new to ldap, so please forgive me.

Okay, you're forgiven.  :-) :-)

>    We're running active directory here at work. I can browse the directory
>    using ldapadmin by pointing it to our active directory server. I tell it
>    that Base is "CN=Users,DC=judicialtitle,DC=com", put in my email address
>    and password and get a list of all the users. An anonymous bind doesn't
>    work.
> 
>    How do I get pmwiki to use this?

If an anonymous bind isn't working, you can configure PmWiki to use a
non-anonymous bind.  The configuration will go something like:

    $AuthUser['ldap'] = 'ldap://yourserver.com/cn=Users,dc=judicialtitle,dc=com?uid?sub';
    $AuthLDAPBindDN = 'bindingdn';
    $AuthLDAPBindPassword = 'password';

    include_once("$FarmD/scripts/authuser.php");

You'll need to replace:

    'yourserver.com'   with your active directory server
    'uid'              with the correct LDAP attribute used for usernames
    'bindingdn'        with an LDAP dn that allows binding to the server
    'password'         with the password for 'bindingdn'


Also, if you could let me know what LDAP attribute is typically used by 
Active Directory for usernames, that'd be a huge help.  (I don't have access
to an Active Directory server.)

Please let me know if this works, or if you have any other questions.
I can then update the documentation accordingly.

Pm




More information about the pmwiki-users mailing list