[pmwiki-users] Guidance on use of LDAP for authentication

Patrick R. Michaud pmichaud at pobox.com
Sat Mar 25 16:59:21 CST 2006

On Fri, Mar 24, 2006 at 12:50:15PM -0500, Curtis, Clayton wrote:
>    I'd like to use LDAP (which we already have in place for enterprise
>    networking) as an authentication mechanism, primarily to force capture of
>    author and to prevent anonymous changes.  However, doing a search on
>    "LDAP"  yielded only the cookbook for AuthUser (with some tantalizing
>    hints), some pages on the main PmWiki site (AuthUser, ChangeLog,
>    ReleaseNotes), and some PITS notes.  I noted that someone else pled for
>    more info in the Cookbook for AuthUser.  Any help would be appreciated.

I'm afraid I can only offer more tantalizing hints, but perhaps
they will inspire questions that will in turn get you to your
goal (and perhaps give us some documentation sources to boot).

To enable LDAP authentication, try adding a line like the following
to the Site.AuthUser page:

    ldap: ldap://ldap.example.com/ou=People,o=example?uid

where "ldap.example.com" is the LDAP server you want to authenticate
against, "ou=People,o=example" is the distinguished name (DN)
for the authentication entries, and "uid" is the LDAP attribute
corresponding to a user's login name.

If your authentication entries aren't all at one level in the
LDAP tree, then try adding "?sub" to the end of the string:

    ldap: ldap://ldap.example.com/ou=People,o=example?uid?sub

See if that gets you any further along; and if not then please don't
hesitate to return with more questions.


More information about the pmwiki-users mailing list