CINXE.COM

<!DOCTYPE html> <html lang="en" dir="ltr" class="no-js"> <head> <meta charset="utf-8" /> <title>plugin:authldap [DokuWiki]</title> <meta name="generator" content="DokuWiki"/> <meta name="theme-color" content="#008800"/> <meta name="robots" content="index,follow"/> <meta name="keywords" content="plugin,authldap"/> <link rel="search" type="application/opensearchdescription+xml" href="/lib/exe/opensearch.php" title="DokuWiki"/> <link rel="start" href="/"/> <link rel="contents" href="/plugin:authldap?do=index" title="Sitemap"/> <link rel="manifest" href="/lib/exe/manifest.php"/> <link rel="alternate" type="application/rss+xml" title="Recent Changes" href="/feed.php"/> <link rel="alternate" type="application/rss+xml" title="Current namespace" href="/feed.php?mode=list&ns=plugin"/> <link rel="edit" title="Edit this page" href="/plugin:authldap?do=edit"/> <link rel="alternate" type="text/html" title="Plain HTML" href="/_export/xhtml/plugin:authldap"/> <link rel="alternate" type="text/plain" title="Wiki Markup" href="/_export/raw/plugin:authldap"/> <link rel="canonical" href="https://www.dokuwiki.org/plugin:authldap"/> <link rel="stylesheet" href="/lib/exe/css.php?t=dokuwiki&tseed=f1005bad3d81fc9c803c7f93d32a390e"/> <script >var NS='plugin';var JSINFO = {"plugins":{"edittable":{"default columnwidth":""}},"id":"plugin:authldap","namespace":"plugin","ACT":"show","useHeadingNavigation":0,"useHeadingContent":0};(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement);</script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/jquery.min.js" defer="defer"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js" defer="defer"></script> <script src="/lib/exe/js.php?t=dokuwiki&tseed=f1005bad3d81fc9c803c7f93d32a390e&lang=en" defer="defer"></script> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="shortcut icon" href="/lib/tpl/dokuwiki/images/favicon.ico" /> <link rel="apple-touch-icon" href="/lib/tpl/dokuwiki/images/apple-touch-icon.png" /> <meta name="verify-v1" content="OVxl3gsCv2MhZqh1cBQyl0JytWXSwXMjyvwc+4w3WtA=" /> <meta name="google-site-verification" content="YhTVK69hW94ZXUtc2zSLPxTkZKbZIn0zK67mz5WQB-E" />  <script async src="https://www.googletagmanager.com/gtag/js?id=UA-83791-1"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-83791-1', { 'anonymize_ip': true }); </script> </head> <body> <div id="dokuwiki__site"><div id="dokuwiki__top" class="site dokuwiki mode_show tpl_dokuwiki showSidebar hasSidebar">  <header id="dokuwiki__header"><div class="pad group"> <div class="headings group"> <ul class="a11y skip"> <li><a href="#dokuwiki__content">skip to content</a></li> </ul> <h1 class="logo"><a href="/start" accesskey="h" title="Home [h]"><img src="/lib/tpl/dokuwiki/images/logo.png" width="64" height="64" alt="" /><span>DokuWiki</span></a></h1> <p class="claim">It's better when it's simple</p> </div> <div class="tools group">  <div id="dokuwiki__usertools"> <h3 class="a11y">User Tools</h3> <ul> <li class="action login"><a href="/plugin:authldap?do=login&sectok=" title="Log In" rel="nofollow"><span>Log In</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M10 17.25V14H3v-4h7V6.75L15.25 12 10 17.25M8 2h9a2 2 0 0 1 2 2v16a2 2 0 0 1-2 2H8a2 2 0 0 1-2-2v-4h2v4h9V4H8v4H6V4a2 2 0 0 1 2-2z"/></svg></a></li> </ul> </div>  <div id="dokuwiki__sitetools"> <h3 class="a11y">Site Tools</h3> <form action="/start" method="get" role="search" class="search doku_form" id="dw__search" accept-charset="utf-8"><input type="hidden" name="do" value="search" /><input type="hidden" name="id" value="plugin:authldap" /><div class="no"><input name="q" type="text" class="edit" title="[F]" accesskey="f" placeholder="Search" autocomplete="on" id="qsearch__in" value="" /><button value="1" type="submit" title="Search">Search</button><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form> <div class="mobileTools"> <form action="/doku.php" method="get" accept-charset="utf-8"><div class="no"><input type="hidden" name="id" value="plugin:authldap" /><select name="do" class="edit quickselect" title="Tools"><option value="">Tools</option><optgroup label="Page Tools"><option value="edit">Edit this page</option><option value="revisions">Old revisions</option><option value="backlink">Backlinks</option></optgroup><optgroup label="Site Tools"><option value="recent">Recent Changes</option><option value="media">Media Manager</option><option value="index">Sitemap</option></optgroup><optgroup label="User Tools"><option value="login">Log In</option></optgroup></select><button type="submit">></button></div></form> </div> <ul> <li class="action recent"><a href="/plugin:authldap?do=recent" title="Recent Changes [r]" rel="nofollow" accesskey="r">Recent Changes</a></li><li class="action media"><a href="/plugin:authldap?do=media&ns=plugin" title="Media Manager" rel="nofollow">Media Manager</a></li><li class="action index"><a href="/plugin:authldap?do=index" title="Sitemap [x]" rel="nofollow" accesskey="x">Sitemap</a></li> </ul> </div> </div>  <div class="breadcrumbs"> <div class="trace"><span class="bchead">Trace:</span> <span class="bcsep">•</span> <span class="curid"><bdi><a href="/plugin:authldap" class="breadcrumbs" title="plugin:authldap">authldap</a></bdi></span></div> </div> <hr class="a11y" /> </div></header> <div class="wrapper group">  <nav id="dokuwiki__aside" aria-label="Sidebar"><div class="pad aside include group"> <h3 class="toggle">Sidebar</h3> <div class="content"><div class="group"> <p> <strong>Learn about DokuWiki</strong> </p> <ul> <li class="level1"><div class="li"> <a href="/features" class="wikilink1" title="features" data-wiki-id="features">Features</a> & <a href="/blogroll" class="wikilink1" title="blogroll" data-wiki-id="blogroll">reviews</a> </div> </li> <li class="level1"><div class="li"> <a href="/install" class="wikilink1" title="install" data-wiki-id="install">Installation guide</a></div> </li> <li class="level1"><div class="li"> <a href="/manual" class="wikilink1" title="manual" data-wiki-id="manual">User manual</a> & <a href="/wiki:syntax" class="wikilink1" title="wiki:syntax" data-wiki-id="wiki:syntax">syntax</a></div> </li> <li class="level1"><div class="li"> <a href="/changes" class="wikilink1" title="changes" data-wiki-id="changes">Release notes</a></div> </li> <li class="level1"><div class="li"> <a href="/faq" class="wikilink1" title="faq" data-wiki-id="faq">FAQ</a></div> </li> </ul> <p> <strong>Advanced Use</strong> </p> <ul> <li class="level1"><div class="li"> <a href="/extensions" class="wikilink1" title="extensions" data-wiki-id="extensions">Extensions</a></div> </li> <li class="level1"><div class="li"> <a href="/development" class="wikilink1" title="development" data-wiki-id="development">Development manual</a></div> </li> </ul> <p> <strong>Corporate Use</strong> </p> <ul> <li class="level1"><div class="li"> <a href="/faq:support" class="wikilink1" title="faq:support" data-wiki-id="faq:support">Get support</a></div> </li> <li class="level1"><div class="li"> <a href="/donate" class="wikilink1" title="donate" data-wiki-id="donate">Donations</a></div> </li> </ul> <p> <strong>Our Community</strong> </p> <ul> <li class="level1"><div class="li"> <a href="/teams:getting_involved" class="wikilink1" title="teams:getting_involved" data-wiki-id="teams:getting_involved">Get involved</a></div> </li> <li class="level1"><div class="li"> <a href="/dokuinstall" class="wikilink1" title="dokuinstall" data-wiki-id="dokuinstall">Users</a></div> </li> <li class="level1"><div class="li"> <a href="http://forum.dokuwiki.org" class="urlextern" title="http://forum.dokuwiki.org">User forum</a></div> </li> <li class="level1"><div class="li"> <a href="/mailinglist" class="wikilink1" title="mailinglist" data-wiki-id="mailinglist">Development mailinglist</a></div> </li> </ul> <hr /> <p> Follow us on <a href="https://phpc.social/@dokuwiki" class="urlextern" title="https://phpc.social/@dokuwiki">Mastodon</a> and other <a href="/social" class="wikilink1" title="social" data-wiki-id="social">social networks</a>. </p> <p> <a href="/privacy" class="wikilink1" title="privacy" data-wiki-id="privacy">Our Privacy Policy</a> </p> </div></div> </div></nav>  <main id="dokuwiki__content"><div class="pad group"> <div class="pageId"><span>plugin:authldap</span></div> <div class="page group">   <div id="dw__toc" class="dw__toc"> <h3 class="toggle">Table of Contents</h3> <div> <ul class="toc"> <li class="level1"><div class="li"><a href="#ldap_authentication_plugin">LDAP Authentication Plugin</a></div> <ul class="toc"> <li class="level2"><div class="li"><a href="#description">Description</a></div></li> <li class="level2"><div class="li"><a href="#usage">Usage</a></div></li> <li class="level2"><div class="li"><a href="#configuration">Configuration</a></div></li> <li class="level2"><div class="li"><a href="#real_world_examples">Real World Examples</a></div></li> <li class="level2"><div class="li"><a href="#plugin_configuration_settings">Plugin Configuration Settings</a></div> <ul class="toc"> <li class="level3"><div class="li"><a href="#notes">Notes</a></div></li> </ul></li> </ul></li> </ul> </div> </div>  <h1 class="sectionedit1" id="ldap_authentication_plugin">LDAP Authentication Plugin</h1> <div class="level1"> <div class="pluginrepo_entry"><div class="usageInfo"><div class="compatibility"><p class="label">Compatible with DokuWiki</p><p>(bundled)</p></div></div><div class="mainInfo"><p class="description"><a class="media" href="/plugins"><img alt="plugin" class="medialeft" src="/lib/plugins/pluginrepo/images/dwplugin.png" width="60" height="60" /></a> This plugin allows authentication against an LDAP directory using the ACL feature.</p></div><div class="metaInfo"><dl><dt>Last updated on</dt><dd>2015-07-13</dd><dt>Provides</dt><dd><a href="/plugins?plugintype=128#extension__table" class="wikilink1" title="List all Auth plugins">Auth</a></dd><dt>Repository</dt><dd><a class="urlextern" href="https://github.com/dokuwiki/dokuwiki/tree/master/lib/plugins/authldap">Source</a></dd></dl></div><div class="moreInfo"><p class="tags">Tagged with <a href="/plugins?plugintag=%21bundled#extension__table" class="wikilink1" title="List all plugins with this tag">!bundled</a></p></div><div class="authorInfo"><strong>By <a href="mailto:andi%20%5Bat%5D%20splitbrain%20%5Bdot%5D%20org" class="mail" title="andi [at] splitbrain [dot] org">Andreas Gohr</a></strong><ul><li><a href="/plugin:badbehaviour" class="wikilink1" title="plugin:badbehaviour" data-wiki-id="plugin:badbehaviour">badbehaviour</a></li> <li><a href="/plugin:amazon" class="wikilink1" title="plugin:amazon" data-wiki-id="plugin:amazon">amazon</a></li> <li><a href="/plugin:xfortune" class="wikilink1" title="plugin:xfortune" data-wiki-id="plugin:xfortune">xfortune</a></li> <li><a href="/plugin:statistics" class="wikilink1" title="plugin:statistics" data-wiki-id="plugin:statistics">statistics</a></li> <li><a href="/plugin:translation" class="wikilink1" title="plugin:translation" data-wiki-id="plugin:translation">translation</a></li> <li><a href="/plugin:captcha" class="wikilink1" title="plugin:captcha" data-wiki-id="plugin:captcha">captcha</a></li> <li><a href="/plugin:graphviz" class="wikilink1" title="plugin:graphviz" data-wiki-id="plugin:graphviz">graphviz</a></li> <li><a href="/plugin:acl" class="wikilink1" title="plugin:acl" data-wiki-id="plugin:acl">acl</a></li> <li><a href="/plugin:info" class="wikilink1" title="plugin:info" data-wiki-id="plugin:info">info</a></li> <li><a href="/plugin:ditaa" class="wikilink1" title="plugin:ditaa" data-wiki-id="plugin:ditaa">ditaa</a></li> <li>and 60 more</li></ul></div></div> </div> <div class="secedit editbutton_section editbutton_1"><form class="button btn_secedit" method="post" action="/plugin:authldap"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1692889405" /><input type="hidden" name="summary" value="[LDAP Authentication Plugin] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="ldap_authentication_plugin" /><input type="hidden" name="codeblockOffset" value="0" /><input type="hidden" name="range" value="1-524" /><button type="submit" title="LDAP Authentication Plugin">Edit</button></div></form></div> <h2 class="sectionedit2" id="description">Description</h2> <div class="level2"> <p> This module allows authentication against an LDAP directory using the <abbr title="Access Control List">ACL</abbr> feature. It is included with the DokuWiki release. </p> <p> Users can log into the wiki using their username and password defined in a LDAP server, adding new users is not supported through the LDAP backend. </p> </div> <div class="secedit editbutton_section editbutton_2"><form class="button btn_secedit" method="post" action="/plugin:authldap"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1692889405" /><input type="hidden" name="summary" value="[Description] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="description" /><input type="hidden" name="codeblockOffset" value="0" /><input type="hidden" name="range" value="525-823" /><button type="submit" title="Description">Edit</button></div></form></div> <h2 class="sectionedit3" id="usage">Usage</h2> <div class="level2"> <p> Before this plugin can be used, you need to ensure the LDAP PHP module is installed, then setup some settings: </p> <ol> <li class="level1"><div class="li"> Activate the authLDAP plugin in the <a href="/plugin:extension" class="wikilink1" title="plugin:extension" data-wiki-id="plugin:extension">Extension Manager</a>.</div> </li> <li class="level1"><div class="li"> Define the LDAP server in the <a href="/plugin:config" class="wikilink1" title="plugin:config" data-wiki-id="plugin:config">Configuration Manager</a></div> </li> <li class="level1"><div class="li"> Define trees, filters and connection settings too. </div> </li> <li class="level1"><div class="li"> Switch on this Auth plugin via the configuration option <a href="/config:authtype" class="wikilink1" title="config:authtype" data-wiki-id="config:authtype">authtype</a> by selecting <code>authldap</code>.</div> </li> </ol> <p> The version supplied on this page shows a basic setup, this needs to be modified to your own database setup. Different setups are provided. </p> <p> Save the configuration settings to the <code>conf/local.protected.php</code> file to <a href="/plugin:config#protecting_settings" class="wikilink1" title="plugin:config" data-wiki-id="plugin:config">protect the settings</a> against changes via Config Manager. </p> <p> Adding and changing users is not supported through this plugin. So the User Manager, self registration of users and password reset are disabled by this plugin. </p> </div> <div class="secedit editbutton_section editbutton_3"><form class="button btn_secedit" method="post" action="/plugin:authldap"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1692889405" /><input type="hidden" name="summary" value="[Usage] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="usage" /><input type="hidden" name="codeblockOffset" value="0" /><input type="hidden" name="range" value="824-1736" /><button type="submit" title="Usage">Edit</button></div></form></div> <h2 class="sectionedit4" id="configuration">Configuration</h2> <div class="level2"> <p> The backend will be enabled with the <a href="/config:authtype" class="wikilink1" title="config:authtype" data-wiki-id="config:authtype">authtype</a> configuration option by selecting <code>authldap</code> this is part of “Authentication settings” section. </p> <p> In the “Plugin Settings” are settings for the authLDAP plugin. Here you define your LDAP server and connection settings. </p> <p> There are more general <a href="/config#available_options" class="wikilink1" title="config" data-wiki-id="config">authentication related settings</a> available too. </p> </div> <div class="secedit editbutton_section editbutton_4"><form class="button btn_secedit" method="post" action="/plugin:authldap"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1692889405" /><input type="hidden" name="summary" value="[Configuration] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="configuration" /><input type="hidden" name="codeblockOffset" value="0" /><input type="hidden" name="range" value="1737-2141" /><button type="submit" title="Configuration">Edit</button></div></form></div> <h2 class="sectionedit5" id="real_world_examples">Real World Examples</h2> <div class="level2"> <p> Below is a list of example configurations used by various users for various LDAP servers. These are examples! Be sure to adjust them to your specific server settings. </p> <ul> <li class="level1"><div class="li"> <a href="/plugin:authldap:openldap" class="wikilink1" title="plugin:authldap:openldap" data-wiki-id="plugin:authldap:openldap">OpenLDAP</a></div> </li> <li class="level1"><div class="li"> <a href="/plugin:authldap:ad" class="wikilink1" title="plugin:authldap:ad" data-wiki-id="plugin:authldap:ad">Active Directory</a></div> </li> <li class="level1"><div class="li"> <a href="/plugin:authldap:lotus" class="wikilink1" title="plugin:authldap:lotus" data-wiki-id="plugin:authldap:lotus">Lotus Domino (Notes)</a></div> </li> <li class="level1"><div class="li"> <a href="/plugin:authldap:osx" class="wikilink1" title="plugin:authldap:osx" data-wiki-id="plugin:authldap:osx">Open Directory (Mac OS X Server)</a></div> </li> <li class="level1"><div class="li"> <a href="/plugin:authldap:ucs" class="wikilink1" title="plugin:authldap:ucs" data-wiki-id="plugin:authldap:ucs">Univention Corporate Server (UCS)</a></div> </li> <li class="level1"><div class="li"> <a href="/plugin:authldap:oracle" class="wikilink1" title="plugin:authldap:oracle" data-wiki-id="plugin:authldap:oracle">Oracle Internet Directory</a></div> </li> <li class="level1"><div class="li"> <a href="/plugin:authldap:edirectory" class="wikilink1" title="plugin:authldap:edirectory" data-wiki-id="plugin:authldap:edirectory">Novell eDirectory</a></div> </li> <li class="level1"><div class="li"> <a href="/plugin:authldap:tinyldap" class="wikilink1" title="plugin:authldap:tinyldap" data-wiki-id="plugin:authldap:tinyldap">TinyLDAP</a></div> </li> <li class="level1"><div class="li"> <a href="/plugin:authldap:apacheds" class="wikilink1" title="plugin:authldap:apacheds" data-wiki-id="plugin:authldap:apacheds">Apache Directory</a></div> </li> <li class="level1"><div class="li"> <a href="/plugin:authldap:ipa" class="wikilink1" title="plugin:authldap:ipa" data-wiki-id="plugin:authldap:ipa">freeIPA / RHEL Enterprise IPA</a></div> </li> </ul> </div> <div class="secedit editbutton_section editbutton_5"><form class="button btn_secedit" method="post" action="/plugin:authldap"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1692889405" /><input type="hidden" name="summary" value="[Real World Examples] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="real_world_examples" /><input type="hidden" name="codeblockOffset" value="0" /><input type="hidden" name="range" value="2142-2864" /><button type="submit" title="Real World Examples">Edit</button></div></form></div> <h2 class="sectionedit6" id="plugin_configuration_settings">Plugin Configuration Settings</h2> <div class="level2"> <p> This is an example configuration to set via the <a href="/plugin:config" class="wikilink1" title="plugin:config" data-wiki-id="plugin:config">Config Manager</a> or in your <code>conf/local.protected.php</code> to authenticate against your LDAP directory. </p> <dl class="code"> <dt><a href="/_export/code/plugin:authldap?codeblock=0" title="Download Snippet" class="mediafile mf_php">conf/local.protected.php</a></dt> <dd><pre class="code php"><span class="kw2"><?php</span> <span class="co4">/** * Protected settings * LDAP configuration example */</span> <span class="re0">$conf</span><span class="br0">[</span><span class="st_h">'useacl'</span><span class="br0">]</span> <span class="sy0">=</span> <span class="nu0">1</span><span class="sy0">;</span> <span class="co1">//enable ACL</span> <span class="re0">$conf</span><span class="br0">[</span><span class="st_h">'authtype'</span><span class="br0">]</span> <span class="sy0">=</span> <span class="st_h">'authldap'</span><span class="sy0">;</span> <span class="co1">//enable this Auth plugin</span>     <span class="co2">#$conf['plugin']['authldap']['server'] = 'localhost'; </span><span class="co2">#$conf['plugin']['authldap']['port'] = 389; </span><span class="re0">$conf</span><span class="br0">[</span><span class="st_h">'plugin'</span><span class="br0">]</span><span class="br0">[</span><span class="st_h">'authldap'</span><span class="br0">]</span><span class="br0">[</span><span class="st_h">'server'</span><span class="br0">]</span> <span class="sy0">=</span> <span class="st_h">'ldap://server.tld:389'</span><span class="sy0">;</span> <span class="co2">#instead of the above two settings </span><span class="re0">$conf</span><span class="br0">[</span><span class="st_h">'plugin'</span><span class="br0">]</span><span class="br0">[</span><span class="st_h">'authldap'</span><span class="br0">]</span><span class="br0">[</span><span class="st_h">'usertree'</span><span class="br0">]</span> <span class="sy0">=</span> <span class="st_h">'ou=People, dc=server, dc=tld'</span><span class="sy0">;</span> <span class="re0">$conf</span><span class="br0">[</span><span class="st_h">'plugin'</span><span class="br0">]</span><span class="br0">[</span><span class="st_h">'authldap'</span><span class="br0">]</span><span class="br0">[</span><span class="st_h">'grouptree'</span><span class="br0">]</span> <span class="sy0">=</span> <span class="st_h">'ou=Group, dc=server, dc=tld'</span><span class="sy0">;</span> <span class="re0">$conf</span><span class="br0">[</span><span class="st_h">'plugin'</span><span class="br0">]</span><span class="br0">[</span><span class="st_h">'authldap'</span><span class="br0">]</span><span class="br0">[</span><span class="st_h">'userfilter'</span><span class="br0">]</span> <span class="sy0">=</span> <span class="st_h">'(&(uid=%{user})(objectClass=posixAccount))'</span><span class="sy0">;</span> <span class="re0">$conf</span><span class="br0">[</span><span class="st_h">'plugin'</span><span class="br0">]</span><span class="br0">[</span><span class="st_h">'authldap'</span><span class="br0">]</span><span class="br0">[</span><span class="st_h">'groupfilter'</span><span class="br0">]</span> <span class="sy0">=</span> <span class="st_h">'(&(objectClass=posixGroup)(memberUID=%{user}))'</span><span class="sy0">;</span> <span class="re0">$conf</span><span class="br0">[</span><span class="st_h">'plugin'</span><span class="br0">]</span><span class="br0">[</span><span class="st_h">'authldap'</span><span class="br0">]</span><span class="br0">[</span><span class="st_h">'attributes'</span><span class="br0">]</span> <span class="sy0">=</span> <a href="http://www.php.net/array"><span class="kw3">array</span></a><span class="br0">(</span><span class="st_h">'cn'</span><span class="sy0">,</span> <span class="st_h">'displayname'</span><span class="sy0">,</span> <span class="st_h">'mail'</span><span class="sy0">,</span> <span class="st_h">'givenname'</span><span class="sy0">,</span> <span class="st_h">'objectclass'</span><span class="sy0">,</span> <span class="st_h">'sn'</span><span class="sy0">,</span> <span class="st_h">'uid'</span><span class="sy0">,</span> <span class="st_h">'memberof'</span><span class="br0">)</span><span class="sy0">;</span>   <span class="co2"># This is optional but may be required for your server: </span><span class="co2">#$conf['plugin']['authldap']['version'] = 3; </span> <span class="co2"># This enables the use of the STARTTLS command </span><span class="co2">#$conf['plugin']['authldap']['starttls'] = 1; </span> <span class="co2"># This is optional and is required to be off when using Active Directory: </span><span class="co2">#$conf['plugin']['authldap']['referrals'] = 0; </span> <span class="co2"># Optional bind user and password if anonymous bind is not allowed </span><span class="co2">#$conf['plugin']['authldap']['binddn'] = 'cn=admin, dc=my, dc=home'; </span><span class="co2">#$conf['plugin']['authldap']['bindpw'] = 'secret'; </span>   <span class="co2"># Limit search scope for user and group searches (sub|one|base) </span><span class="co2">#$conf['plugin']['authldap']['userscope'] = 'sub'; </span><span class="co2">#$conf['plugin']['authldap']['groupscope'] = 'sub'; </span> <span class="co2"># Optional debugging </span><span class="co2">#$conf['plugin']['authldap']['debug'] = 1; </span> <span class="co2">#### not available via Config Manager #### </span><span class="co2"># Mapping can be used to specify where the internal data is coming from. </span><span class="co2">#$conf['plugin']['authldap']['mapping']['name'] = 'displayname'; # Name of attribute the directory stores its pretty print user name. </span><span class="co2">#$conf['plugin']['authldap']['mapping']['grps'] = array('memberof' => '/CN=(.+?),/i'); # Where groups are defined in directory</span></pre> </dd></dl> <p> You can use the <em>version</em> parameter to tell PHP to use Version 3 of the LDAP protocol to connect to your server - default is version 2. </p> <p> The <em>userfilter</em> defines an LDAP filter which is used to search for a user. The <em>groupfilter</em> is used to fetch the groups a user is in. </p> <p> The following variables are available for the userfilter and the groupfilter: </p> <div class="table sectionedit7"><table class="inline"> <thead> <tr class="row0"> <th class="col0 leftalign"> variable </th><th class="col1 leftalign"> meaning </th> </tr> </thead> <tr class="row1"> <td class="col0 leftalign"> %{user} </td><td class="col1 leftalign"> The username the user tried to login with </td> </tr> <tr class="row2"> <td class="col0 leftalign"> %{server} </td><td class="col1"> The server string provided in <code>$conf['plugin']['authldap']['server']</code> </td> </tr> </table></div> <div class="secedit editbutton_table editbutton_7"><form class="button btn_secedit" method="post" action="/plugin:authldap"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1692889405" /><input type="hidden" name="summary" value="[Table] " /><input type="hidden" name="target" value="table" /><input type="hidden" name="hid" value="table" /><input type="hidden" name="range" value="5484-5756" /><button type="submit" title="Table">Edit</button></div></form></div> <p> The groupfilter can also access all the attributes provided in the user object: </p> <div class="table sectionedit8"><table class="inline"> <thead> <tr class="row0"> <th class="col0 leftalign"> variable </th><th class="col1 leftalign"> meaning </th> </tr> </thead> <tr class="row1"> <td class="col0 leftalign"> %{dn} </td><td class="col1 leftalign"> The users dn eg. <code>uid=user,ou=People,dc=server,dc=dk</code> </td> </tr> <tr class="row2"> <td class="col0 leftalign"> %{uid} </td><td class="col1 leftalign"> The uid of the user eg. user </td> </tr> <tr class="row3"> <td class="col0 leftalign"> %{…} </td><td class="col1 leftalign"> </td> </tr> </table></div> <div class="secedit editbutton_table editbutton_8"><form class="button btn_secedit" method="post" action="/plugin:authldap"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1692889405" /><input type="hidden" name="summary" value="[Table] " /><input type="hidden" name="target" value="table" /><input type="hidden" name="hid" value="table1" /><input type="hidden" name="range" value="5839-6162" /><button type="submit" title="Table">Edit</button></div></form></div> <p> The search scope (depth) can be limited to <code>sub</code>, <code>one</code> and <code>base</code> using the optional <code>userscope</code> and <code>groupscope</code> parameters. They default to <code>sub</code>. Setting them to more limited searches can improve performance. </p> <p> The <em>mapping</em> is used for directories that uses non “standard” names for attributes, a mapping can be applied a regexp to clean it up before replacing the target variable. For all variables but 'grps' only the first attribute is used to replace the variable if more than one is provided. </p> <div class="table sectionedit9"><table class="inline"> <thead> <tr class="row0"> <th class="col0 leftalign"> variable </th><th class="col1 leftalign"> mapping </th><th class="col2 leftalign"> meaning </th> </tr> </thead> <tr class="row1"> <td class="col0 leftalign"> grps </td><td class="col1"> <code>array('memberof' => '/CN=(.+?),/i')</code> </td><td class="col2"> Replace the content of grps with what is provided in the attribute memberof and apply this regexp <code>/CN=(.+?),/i</code> to every element in it. </td> </tr> <tr class="row2"> <td class="col0 leftalign"> name </td><td class="col1 leftalign"> <code>'displayname'</code> </td><td class="col2"> Replace the content of name with first element of 'displayname' attribute. </td> </tr> </table></div> <div class="secedit editbutton_table editbutton_9"><form class="button btn_secedit" method="post" action="/plugin:authldap"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1692889405" /><input type="hidden" name="summary" value="[Table] " /><input type="hidden" name="target" value="table" /><input type="hidden" name="hid" value="table2" /><input type="hidden" name="range" value="6681-7091" /><button type="submit" title="Table">Edit</button></div></form></div> <p> <em>attributes</em> is an array that defines what attributes needs to be fetched during a LDAP user search. </p> <p> Authentication is done in these steps: </p> <ol> <li class="level1 node"><div class="li"> First see if we need to do an anonymous bind by looking in the usertree for a %{user}:</div> <ul> <li class="level2"><div class="li"> If found: Set usertree as DN.</div> </li> <li class="level2"><div class="li"> If not: Try to find a DN for the given login doing a search in the <em>usertree</em> with the given <em>userfilter</em> – there has to be exactly one result</div> </li> </ul> </li> <li class="level1"><div class="li"> Try to bind with the found DN and the given password - if this succeeds access is granted</div> </li> <li class="level1"><div class="li"> For getting the groups a user is in, the <em>groupfilter</em> is used to search the <em>grouptree</em>.</div> </li> </ol> </div> <div class="secedit editbutton_section editbutton_6"><form class="button btn_secedit" method="post" action="/plugin:authldap"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1692889405" /><input type="hidden" name="summary" value="[Plugin Configuration Settings] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="plugin_configuration_settings" /><input type="hidden" name="codeblockOffset" value="0" /><input type="hidden" name="range" value="2865-7710" /><button type="submit" title="Plugin Configuration Settings">Edit</button></div></form></div> <h3 class="sectionedit10" id="notes">Notes</h3> <div class="level3"> <ul> <li class="level1"><div class="li"> While configuring the LDAP access you may want to enable the <em>debug</em> option which will print the error messages your LDAP server is delivering. You should disable it again after setup.</div> </li> <li class="level1"><div class="li"> The freeware <a href="http://directory.apache.org/studio/" class="urlextern" title="http://directory.apache.org/studio/">LDAP Browser</a> (written in Java) is useful to find the proper settings for <code>$conf['plugin']['authldap']</code> and to determine the structure of your LDAP server.</div> </li> <li class="level1"><div class="li"> Mappings and field names are always lowercase regardless of the case used in the LDAP server!</div> </li> <li class="level1"><div class="li"> Make sure you have the PHP LDAP extension installed.</div> </li> <li class="level1"><div class="li"> to check if the LDAP connection is working, the plugin trys to bind as an anonymous user. If anonymous authentication is disable on the LDAP server the plugin can not connect to server</div> </li> <li class="level1"><div class="li"> If you get the “Protocol error” message, you might have not enabled following config statement: <code>$conf['plugin']['authldap']['version'] = 3;</code></div> </li> </ul> </div> <div class="secedit editbutton_section editbutton_10"><form class="button btn_secedit" method="post" action="/plugin:authldap"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1692889405" /><input type="hidden" name="summary" value="[Notes] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="notes" /><input type="hidden" name="codeblockOffset" value="1" /><input type="hidden" name="range" value="7711-" /><button type="submit" title="Notes">Edit</button></div></form></div>  </div> <div class="docInfo"><bdi>plugin/authldap.txt</bdi> · Last modified: <time datetime="2023-08-24T17:03:25+0200">2023-08-24 17:03</time> by <bdi>65.128.43.215</bdi></div> <hr class="a11y" /> </div></main>  <nav id="dokuwiki__pagetools" aria-labelledby="dokuwiki__pagetools__heading"> <h3 class="a11y" id="dokuwiki__pagetools__heading">Page Tools</h3> <div class="tools"> <ul> <li class="edit"><a href="/plugin:authldap?do=edit" title="Edit this page [e]" rel="nofollow" accesskey="e"><span>Edit this page</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z"/></svg></a></li><li class="revs"><a href="/plugin:authldap?do=revisions" title="Old revisions [o]" rel="nofollow" accesskey="o"><span>Old revisions</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M11 7v5.11l4.71 2.79.79-1.28-4-2.37V7m0-5C8.97 2 5.91 3.92 4.27 6.77L2 4.5V11h6.5L5.75 8.25C6.96 5.73 9.5 4 12.5 4a7.5 7.5 0 0 1 7.5 7.5 7.5 7.5 0 0 1-7.5 7.5c-3.27 0-6.03-2.09-7.06-5h-2.1c1.1 4.03 4.77 7 9.16 7 5.24 0 9.5-4.25 9.5-9.5A9.5 9.5 0 0 0 12.5 2z"/></svg></a></li><li class="backlink"><a href="/plugin:authldap?do=backlink" title="Backlinks" rel="nofollow"><span>Backlinks</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M10.59 13.41c.41.39.41 1.03 0 1.42-.39.39-1.03.39-1.42 0a5.003 5.003 0 0 1 0-7.07l3.54-3.54a5.003 5.003 0 0 1 7.07 0 5.003 5.003 0 0 1 0 7.07l-1.49 1.49c.01-.82-.12-1.64-.4-2.42l.47-.48a2.982 2.982 0 0 0 0-4.24 2.982 2.982 0 0 0-4.24 0l-3.53 3.53a2.982 2.982 0 0 0 0 4.24m2.82-4.24c.39-.39 1.03-.39 1.42 0a5.003 5.003 0 0 1 0 7.07l-3.54 3.54a5.003 5.003 0 0 1-7.07 0 5.003 5.003 0 0 1 0-7.07l1.49-1.49c-.01.82.12 1.64.4 2.43l-.47.47a2.982 2.982 0 0 0 0 4.24 2.982 2.982 0 0 0 4.24 0l3.53-3.53a2.982 2.982 0 0 0 0-4.24.973.973 0 0 1 0-1.42z"/></svg></a></li><li class="top"><a href="#dokuwiki__top" title="Back to top [t]" rel="nofollow" accesskey="t"><span>Back to top</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12z"/></svg></a></li> </ul> </div> </nav> </div>  <footer id="dokuwiki__footer"><div class="pad"> <div class="license">Except where otherwise noted, content on this wiki is licensed under the following license: <bdi><a href="https://creativecommons.org/licenses/by-sa/4.0/deed.en" rel="license" class="urlextern">CC Attribution-Share Alike 4.0 International</a></bdi></div> <div class="buttons"> <a href="https://creativecommons.org/licenses/by-sa/4.0/deed.en" rel="license"><img src="/lib/images/license/button/cc-by-sa.png" alt="CC Attribution-Share Alike 4.0 International" /></a> <a href="https://www.dokuwiki.org/donate" title="Donate" ><img src="/lib/tpl/dokuwiki/images/button-donate.gif" width="80" height="15" alt="Donate" /></a> <a href="https://php.net" title="Powered by PHP" ><img src="/lib/tpl/dokuwiki/images/button-php.gif" width="80" height="15" alt="Powered by PHP" /></a> <a href="//validator.w3.org/check/referer" title="Valid HTML5" ><img src="/lib/tpl/dokuwiki/images/button-html5.png" width="80" height="15" alt="Valid HTML5" /></a> <a href="//jigsaw.w3.org/css-validator/check/referer?profile=css3" title="Valid CSS" ><img src="/lib/tpl/dokuwiki/images/button-css.png" width="80" height="15" alt="Valid CSS" /></a> <a href="https://dokuwiki.org/" title="Driven by DokuWiki" ><img src="/lib/tpl/dokuwiki/images/button-dw.png" width="80" height="15" alt="Driven by DokuWiki" /></a> </div> <div style="margin-top: 2em; font-size:90%" class="dokuwiki"><div style="float:right"><a href="http://www.splitbrain.org/personal#imprint" style="float:right; text-decoration: none; color:#333">Imprint</a></div></div> <style type="text/css"> @media screen { body { padding-top: 30px; } #global__header { position: absolute; top: 0; left: 0; text-align: left; vertical-align: middle; line-height: 1.5; background-color: #333; box-shadow: 0 0 8px rgba(0,0,0,0.5); width: 100%; margin: 0; padding: 5px 20px; -moz-box-sizing: border-box; -webkit-box-sizing: border-box; box-sizing: border-box; white-space: nowrap; overflow: hidden; } #global__header h2 { position: absolute; left: -99999em; top: 0; overflow: hidden; display: inline; } #global__header ul, #global__header li { margin: 0; padding: 0; list-style: none; display: inline; line-height: 1.5; } #global__header a { color: #bbb; text-decoration: none; margin-right: 20px; font-size: 14px; font-weight: normal; } #global__header a:hover, #global__header a:active, #global__header a:focus { color: #fff; text-decoration: underline; } #global__header form { float: right; margin: 0 0 0 20px; } #global__header input { background-color: #333; background-image: none; border: 1px solid #bbb; color: #fff; box-shadow: none; border-radius: 2px; margin: 0; line-height: normal; padding: 1px 0 1px 0; height: auto; } #global__header input.button { border: none; color: #bbb; } #global__header input.button:hover, #global__header input.button:active, #global__header input.button:focus { color: #fff; text-decoration: underline; } } /* /@media */ @media only screen and (min-width: 601px) { /* changes specific for www.dokuwiki.org */ #dokuwiki__header { padding-top: 3em; } #dokuwiki__usertools { top: 3em; } /* changes specific for bugs.dokuwiki.org */ div#container div#showtask { top: 40px; } } /* /@media */ @media only screen and (max-width: 600px) { body { padding-top: 0; } #global__header { position: static; white-space: normal; overflow: auto; } #global__header form { float: none; display: block; margin: 0 0 .4em; } } /* /@media */ @media print { #global__header { display: none; } } /* /@media */ </style> <div id="global__header"> <h2>Global DokuWiki Links</h2> <form method="get" action="https://search.dokuwiki.org/" target="_top"> <input type="text" name="q" title="Search all DokuWiki sites at once" class="input" /> <input type="submit" title="Search all DokuWiki sites at once" value="Search" class="button" /> </form> <ul> <li><a href="https://download.dokuwiki.org" title="Download the latest release" target="_top">Download</a></li> <li><a href="https://www.dokuwiki.org" title="Read the DokuWiki documentation" target="_top">Wiki</a></li> <li><a href="https://forum.dokuwiki.org" title="Ask questions in the DokuWiki forum" target="_top">Forum</a></li> <li><a href="https://irc.dokuwiki.org" title="Check IRC chat logs or join the chat" target="_top">IRC</a></li> <li><a href="https://github.com/splitbrain/dokuwiki/issues" title="Report and track bugs" target="_top">Bugs</a></li> <li><a href="https://translate.dokuwiki.org/" title="Help translating the DokuWiki interface" target="_top">Translate</a></li> <li><a href="https://github.com/splitbrain/dokuwiki" title="Access the most recent git commits" target="_top">Git</a></li> <li><a href="https://xref.dokuwiki.org/reference/dokuwiki/" title="Cross-Reference of the DokuWiki source code" target="_top">XRef</a></li> <li><a href="https://codesearch.dokuwiki.org/" title="Search through the sources of DokuWiki, plugins and templates" target="_top">Code Search</a></li> </ul> </div>  </div></footer> </div></div> <div class="no"><img src="/lib/exe/taskrunner.php?id=plugin%3Aauthldap&1743558546" width="2" height="1" alt="" /></div> <div id="screen__mode" class="no"></div></body> </html>