It's better when it's simple

User Tools

Site Tools


LDAP Auth Plugin & TinyLDAP

Configuration for authLDAP Auth plugin to authenticate with TinyLDAP.

TinyLDAP configuration

TinyLDAP is a minimalistic LDAP server. Here is how to get a minimal User-Management running through TinyLDAP.

The following LDIF file sets up two groups (admin and user) and two users (superman and batman). superman is member of both groups, batman is only member of the user group:

dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organisation
o: Example Solutions
dc: example
dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People
dn: ou=Groups,dc=example,dc=com
objectClass: organizationalUnit
ou: Groups
dn: cn=user,ou=Groups,dc=example,dc=com
objectClass: posixGroup
description: Common Users
gidNumber: 2000
cn: user
dn: cn=admin,ou=Groups,dc=example,dc=com
objectClass: posixGroup
description: Administrators
cn: admin
gidNumber: 2001
memberUid: superman
dn: uid=superman,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
cn: Clark Kent
givenName: Clark
sn: Kent
uid: superman
userPassword: {MD5}Gh3JHJBzJcaScd3wyUS8cg==
uidNumber: 2000
gidNumber: 2000
homeDirectory: /home/superman
loginShell: /bin/bash
dn: uid=batman,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
cn: Bruce Wayne
givenName: Bruce
sn: Wayne
uid: batman
userPassword: {MD5}Gh3JHJBzJcaScd3wyUS8cg==
uidNumber: 2001
gidNumber: 2000
homeDirectory: /home/batman
loginShell: /bin/bash

To run tinyldap with the above user data you need to prepare the data file (called example below) and add the needed indexes to it:

parse example.ldif example
addindex example uid if
addindex example memberUID if
addindex example gidNumber f
addindex example dn if
addindex example objectClass if

You then can run one of the three tinyldap binaries with the created data file. While configuring I recommend to use the tinyldap_debug binary.

LDAP auth plugin configuration

Finally, the following should configured via the Config Manager or be put into your local.protected.php file to store the config protected.

 * TinyLDAP configuration for LDAP Auth Plugin
 * See for details and explanation
$conf['authtype']    = 'authldap';
$conf['plugin']['authldap']['server']      = 'localhost'; # important! ldap:// style connection doesn't work!
$conf['plugin']['authldap']['usertree']    = 'ou=People, dc=example, dc=com';
$conf['plugin']['authldap']['grouptree']   = 'ou=Groups, dc=example, dc=com';
$conf['plugin']['authldap']['userfilter']  = '(&(uid=%{user})(objectClass=posixAccount))';
$conf['plugin']['authldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))';
plugin/authldap/tinyldap.txt · Last modified: 2013-03-26 12:09 by Klap-in