{{tag>en en:linux en:server en:web en:wiki en:authentication}}
====== LDAP Authentication with Dokuwiki ======
This page describes how to activate the LDAP authentication with [[en:linux:dokuwiki]].\\
For more informations on the ldap server configuration, look at [[en:linux:openldap]].

The use of LDAP authentication is quite simple, but there is some limitations : it's not possible to use "register" from dokuwiki.\\
The documentation about LDAP authentication is available here : http://wiki.splitbrain.org/wiki:auth:ldap

To configure the LDAP authentication, you need to edit manually the config file local.php\\
Here is the configuration of this server :
<file>
$conf['useacl'] = 1;
$conf['authtype'] = 'ldap';
$conf['superuser'] = '@wikiadmin';


$conf['auth']['ldap']['version']    = 3;
$conf['auth']['ldap']['server']      = 'localhost';
$conf['auth']['ldap']['port']        = 389;
$conf['auth']['ldap']['binddn']     = 'cn=apache, ou=services, dc=bouthors, dc=fr';
$conf['auth']['ldap']['bindpw']     = '***';
$conf['auth']['ldap']['usertree']    = 'ou=users, dc=bouthors, dc=fr';
$conf['auth']['ldap']['grouptree']   = 'ou=groups, dc=bouthors, dc=fr';
$conf['auth']['ldap']['userfilter']  = '(&(cn=%{user})(objectClass=mboUser))';
$conf['auth']['ldap']['groupfilter'] = '(&(objectClass=mboGroup)(uniqueMember=%{dn}))';
$conf['auth']['ldap']['mapping']['name']  = 'sn';
#$conf['auth']['ldap']['debug']      = true;
</file>

Theses options are related to my LDAP tree described inside [[en:linux:openldap]].

For information, the following LDAP requests are used :
  - connection to the LDAP server with binddn/bindpw
  - search of the user inside usertree with the filter userfilter
  - search of the group membership inside grouptree with the filter groupfilter
  - bind of the user with the user dn (found with the user search) and the password provided by the user
  - the mapping option allows to define which field contains the user name.