LDAP Auth Backend: OpenLDAP Examples

Below are example configurations for use with the LDAP backend and the OpenLDAP server.

$conf['auth']['ldap']['server']      = 'ldap.server.tld';
$conf['auth']['ldap']['usertree']    = 'uid=%{user}, ou=People, dc=server, dc=tld';
$conf['auth']['ldap']['grouptree']   = 'ou=Groups, dc=server, dc=tld';
$conf['auth']['ldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(memberUid=%{uid})(gidNumber=%{gid})))';

$conf['auth']['ldap']['server']      = 'ldap.server.tld';
$conf['auth']['ldap']['usertree']    = 'ou=People, dc=server, dc=tld';
$conf['auth']['ldap']['userfilter']  = '(&(objectClass=posixAccount)(uid=%{user}))';
$conf['auth']['ldap']['grouptree']   = 'ou=Groups, dc=server, dc=tld';
$conf['auth']['ldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(memberUid=%{uid})(gidNumber=%{gid})))';

$conf['auth']['ldap']['server']   = 'ldap.server.tld';
$conf['auth']['ldap']['binddn']   = 'uid=ldapuser,ou=People,dc=server,dc=tld';
$conf['auth']['ldap']['bindpw']   = 'password';
$conf['auth']['ldap']['usertree'] = 'uid=%{user},ou=People,dc=server,dc=tld';

For use with Kolab.

$conf['auth']['ldap']['server']      = 'mykolabserver'; #replace with hostname of your kolab server
$conf['auth']['ldap']['usertree']    = 'dc=mydomain, dc=com'; #replace with your domain
$conf['auth']['ldap']['grouptree']   = 'dc=mydomain, dc=com'; #replace with your domain
$conf['auth']['ldap']['userfilter']  = '(&(uid=%{user}))';
$conf['auth']['ldap']['groupfilter'] = '(&(objectClass=kolabGroupOfNames)(member=%{dn}))';

$conf['auth']['ldap']['server']      = 'ldap://1.2.3.4:389';
$conf['auth']['ldap']['usertree']    = 'ou=People,dc=example,dc=com';
$conf['auth']['ldap']['grouptree']   = 'ou=Groups,dc=example,dc=com';
$conf['auth']['ldap']['userfilter']  = '(&(uid=%{user})(objectClass=posixAccount))';
$conf['auth']['ldap']['groupfilter'] = '(&(uniquemember=%{dn}))';
$conf['auth']['ldap']['version']     = 3;

Note that you need to use %{dn} for the uniquemember.

Note: you may need to change line 4:
if users in LDAP directory are “PosixAccount”'s:

$conf['auth']['ldap']['userfilter']  = '(&(uid=%{user})(objectClass=posixAccount))';

if users in LDAP directory are only “InetOrgPerson”'s:

$conf['auth']['ldap']['userfilter']  = '(&(uid=%{user})(objectClass=inetOrgPerson))';

This worked for me with a default SLES 10 configuration:

$conf['auth']['ldap']['server']      = 'ldap://server.tld:389';
$conf['auth']['ldap']['port']        = 389;
$conf['auth']['ldap']['usertree']    = 'ou=People,dc=server,dc=tld';
$conf['auth']['ldap']['grouptree']   = 'ou=Group,dc=server,dc=tld';
$conf['auth']['ldap']['userfilter']  = '(&(uid=%{user})objectClass=posixAccount)';
$conf['auth']['ldap']['groupfilter'] = '(&(Member=%{dn})objectClass=posixGroup)';
$conf['auth']['ldap']['version']     = 3;

The groupfilter attribute is what is important, and I recommend to create an “admin” group on the directory, setting superuser to ”@admin” and adding the users you want to administer the wiki to that group using the YAST user manager.

$conf['authtype'] = 'ldap';
$conf['superuser'] = '@wiki';
$conf['auth']['ldap']['server'] = 'ldap://ipa.example.com:389';
$conf['auth']['ldap']['usertree'] = 'cn=users,cn=accounts,dc=example,dc=com';
$conf['auth']['ldap']['grouptree'] = 'cn=groups,cn=accounts,dc=example,dc=com';
$conf['auth']['ldap']['userfilter'] = '(&(uid=%{user})(objectClass=posixAccount))';
$conf['auth']['ldap']['groupfilter'] = '(&(member=%{dn})(objectClass=posixGroup))';
$conf['auth']['ldap']['version'] = '3';