It's better when it's simple

User Tools

Site Tools


Translations of this page?:

Learn about DokuWiki

Advanced Use

Corporate Use

Our Community

Follow us on Facebook, Twitter and other social networks.

Our Privacy Policy


TinyLDAP Configuration

Since the release 2013-05-10 “Weatherwax”
see AuthLDAP plugin TinyLDAP config page

For releases 2012-10-13 “Adora Belle” and older
see info below

TinyLDAP is a minimalistic LDAP server. Here is how to get a minimal User-Management running through TinyLDAP.

The following LDIF file sets up two groups (admin and user) and two users (superman and batman). superman is member of both groups, batman is only member of the user group:

dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organisation
o: Example Solutions
dc: example
dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People
dn: ou=Groups,dc=example,dc=com
objectClass: organizationalUnit
ou: Groups
dn: cn=user,ou=Groups,dc=example,dc=com
objectClass: posixGroup
description: Common Users
gidNumber: 2000
cn: user
dn: cn=admin,ou=Groups,dc=example,dc=com
objectClass: posixGroup
description: Administrators
cn: admin
gidNumber: 2001
memberUid: superman
dn: uid=superman,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
cn: Clark Kent
givenName: Clark
sn: Kent
uid: superman
userPassword: {MD5}Gh3JHJBzJcaScd3wyUS8cg==
uidNumber: 2000
gidNumber: 2000
homeDirectory: /home/superman
loginShell: /bin/bash
dn: uid=batman,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
cn: Bruce Wayne
givenName: Bruce
sn: Wayne
uid: batman
userPassword: {MD5}Gh3JHJBzJcaScd3wyUS8cg==
uidNumber: 2001
gidNumber: 2000
homeDirectory: /home/batman
loginShell: /bin/bash

To run tinyldap with the above user data you need to prepare the data file (called example below) and add the needed indexes to it:

parse example.ldif example
addindex example uid if
addindex example memberUID if
addindex example gidNumber f
addindex example dn if
addindex example objectClass if

You then can run one of the three tinyldap binaries with the created data file. While configuring I recommend to use the tinyldap_debug binary.

Finally, the following should be put into your local.protected.php file:

$conf['authtype']    = 'ldap';
$conf['auth']['ldap']['server']      = 'localhost'; # important! ldap:// style connection doesn't work!
$conf['auth']['ldap']['usertree']    = 'ou=People, dc=example, dc=com';
$conf['auth']['ldap']['grouptree']   = 'ou=Groups, dc=example, dc=com';
$conf['auth']['ldap']['userfilter']  = '(&(uid=%{user})(objectClass=posixAccount))';
$conf['auth']['ldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))';
auth/ldap_tinyldap.txt · Last modified: 2013-09-18 00:22 by Klap-in