plugin:authad
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
plugin:authad [2016-07-03 20:54] – [Configuration] 2606:a000:49c5:6200:74b8:df1c:3d15:1990 | plugin:authad [2024-01-18 21:06] (current) – [Server Configuration] added Nginx to the other list to correct the sentence. 69.128.51.162 | ||
---|---|---|---|
Line 6: | Line 6: | ||
email : andi@splitbrain.org | email : andi@splitbrain.org | ||
type : Auth | type : Auth | ||
- | lastupdate : 2014-04-03 | + | lastupdate : 2023-04-04 |
compatible : (bundled) | compatible : (bundled) | ||
depends | depends | ||
conflicts | conflicts | ||
similar | similar | ||
- | tags : !bundled | + | tags : !bundled, authentication, |
downloadurl: | downloadurl: | ||
- | bugtracker : # eg. https:// | + | bugtracker : # eg. https:// |
- | sourcerepo : https:// | + | sourcerepo : https:// |
donationurl: | donationurl: | ||
---- | ---- | ||
===== Description ===== | ===== Description ===== | ||
+ | |||
This auth backend allows DokuWiki to authenticate against an Active Directory Server. | This auth backend allows DokuWiki to authenticate against an Active Directory Server. | ||
Line 29: | Line 30: | ||
Before this plugin can be used, you need to setup some settings: | Before this plugin can be used, you need to setup some settings: | ||
- Prepare your AD server, see also [[#server configuration]] below. | - Prepare your AD server, see also [[#server configuration]] below. | ||
- | - Activate the authad plugin in the [[plugin|Plugin | + | - Activate the authad plugin in the [[plugin:extension|Extension |
- Define connection details in the [[config|Configuration Manager]] | - Define connection details in the [[config|Configuration Manager]] | ||
- Switch on this Auth plugin via the configuration option [[config: | - Switch on this Auth plugin via the configuration option [[config: | ||
Line 42: | Line 43: | ||
===Apache=== | ===Apache=== | ||
- | If you're using Apache on Ubuntu or Debian, just install the '' | + | If you're using Apache on Ubuntu or Debian, just install the '' |
===MS IIS7=== | ===MS IIS7=== | ||
- | For MS IIS7 server '' | + | For MS IIS7 server '' |
===lighttpd=== | ===lighttpd=== | ||
Line 55: | Line 56: | ||
ex: | ex: | ||
<code php> | <code php> | ||
- | $conf[' | + | $conf[' |
- | $conf[' | + | $conf[' |
- | $conf[' | + | $conf[' |
</ | </ | ||
===Other=== | ===Other=== | ||
- | If you're using a web server other than Apache or IIS7, you have to figure it out yourself. :( Please update this article if you succeed. | + | If you're using a web server other than Apache, Nginx, |
===== Configuration===== | ===== Configuration===== | ||
Line 119: | Line 120: | ||
==Other options== | ==Other options== | ||
- | Any other options given in '' | + | Any other options given in '' |
In combination with Single-Sign-On, | In combination with Single-Sign-On, | ||
Line 140: | Line 141: | ||
When you configure more than one domain, a domain selection is shown in the login form. | When you configure more than one domain, a domain selection is shown in the login form. | ||
- | If you have an organisation with multiple DCs under a single parent, you may need to connect to port 3268, rather than the default port 389. Otherwise, users from the remote DC may not show up as members of any groups. The easiest way to do this is to change '' | + | If you have an organisation with multiple DCs under a single parent, you may need to connect to **port 3268**, rather than the default port 389. Otherwise, users from the remote DC may not show up as members of any groups. The easiest way to do this is to add the following parameter to your local.protected.php |
+ | |||
+ | <code php conf/local.protected.php> | ||
+ | $conf['plugin'][' | ||
+ | </ | ||
+ | |||
+ | ==A few caveats== | ||
+ | * account suffix is always added to admin username, even when it already contains @ character | ||
+ | * different suffix for admin and normal accounts is not supported | ||
+ | * empty account suffix, that is entering usernames with suffix, is not supported | ||
===== User Profile and Password Changes ===== | ===== User Profile and Password Changes ===== | ||
- | Users can change their user details (name, email and passwords) using the profile button. This may require to set up a privileged user through the '' | + | Users can change their user details (name, email and passwords) using the profile button. This may require to set up a privileged user through the '' |
Please note that DokuWiki' | Please note that DokuWiki' | ||
Line 182: | Line 192: | ||
- Click " | - Click " | ||
- Click " | - Click " | ||
+ | - Right-click " | ||
{{: | {{: | ||
Line 324: | Line 335: | ||
klist | klist | ||
kdestroy | kdestroy | ||
- | (If you get any errors here, make sure your DNS setup is working and you wrote all marked as " | + | </ |
- | - Create a keytab file for your DokuWiki server. Make sure you have created a non-admin user in Active Directory with no password expiration. Run this as a Domain Admin on a Windows server with Support Tools installed:< | + | - Create a keytab file for your DokuWiki server. Make sure you have created a non-admin user in Active Directory with no password expiration. Run this as a Domain Admin on a Windows server with Support Tools installed: < |
- If no errors occurred, copy the keytab file to / | - If no errors occurred, copy the keytab file to / | ||
+ | - Check if authentication via the keytab file works < | ||
+ | kinit -k -t / | ||
+ | kdestroy | ||
+ | </ | ||
- Create / | - Create / | ||
< | < | ||
Line 376: | Line 391: | ||
===== Effect on Plug-Ins ===== | ===== Effect on Plug-Ins ===== | ||
+ | |||
Some plug-ins may not gracefully work once you've switched over to the ad auth backend. Specifically, | Some plug-ins may not gracefully work once you've switched over to the ad auth backend. Specifically, | ||
- | Due to [[http:// | + | Due to [[http:// |
plugin/authad.1467572085.txt.gz · Last modified: 2016-07-03 20:54 by 2606:a000:49c5:6200:74b8:df1c:3d15:1990