plugin:authldap:tinyldap
Table of Contents
LDAP Auth Plugin & TinyLDAP
TinyLDAP configuration
TinyLDAP is a minimalistic LDAP server. Here is how to get a minimal User-Management running through TinyLDAP.
The following LDIF file sets up two groups (admin
and user
) and two users (superman
and batman
). superman
is member of both groups, batman
is only member of the user
group:
- example.ldif
dn: dc=example,dc=com objectClass: top objectClass: dcObject objectClass: organisation o: Example Solutions dc: example dn: ou=People,dc=example,dc=com objectClass: organizationalUnit ou: People dn: ou=Groups,dc=example,dc=com objectClass: organizationalUnit ou: Groups dn: cn=user,ou=Groups,dc=example,dc=com objectClass: posixGroup description: Common Users gidNumber: 2000 cn: user dn: cn=admin,ou=Groups,dc=example,dc=com objectClass: posixGroup description: Administrators cn: admin gidNumber: 2001 memberUid: superman dn: uid=superman,ou=People,dc=example,dc=com objectClass: inetOrgPerson objectClass: posixAccount cn: Clark Kent givenName: Clark sn: Kent uid: superman userPassword: {MD5}Gh3JHJBzJcaScd3wyUS8cg== uidNumber: 2000 gidNumber: 2000 homeDirectory: /home/superman loginShell: /bin/bash mail: superman@example.com dn: uid=batman,ou=People,dc=example,dc=com objectClass: inetOrgPerson objectClass: posixAccount cn: Bruce Wayne givenName: Bruce sn: Wayne uid: batman userPassword: {MD5}Gh3JHJBzJcaScd3wyUS8cg== uidNumber: 2001 gidNumber: 2000 homeDirectory: /home/batman loginShell: /bin/bash mail: batman@example.com
To run tinyldap with the above user data you need to prepare the data file (called example
below) and add the needed indexes to it:
parse example.ldif example addindex example uid if addindex example memberUID if addindex example gidNumber f addindex example dn if addindex example objectClass if
You then can run one of the three tinyldap binaries with the created data file. While configuring I recommend to use the tinyldap_debug
binary.
LDAP auth plugin configuration
Finally, the following should configured via the Config Manager or be put into your local.protected.php
file to store the config protected.
- conf/local.protected.php
<?php /** * TinyLDAP configuration for LDAP Auth Plugin * See https://www.dokuwiki.org/plugin:authldap:tinyldap for details and explanation */ $conf['authtype'] = 'authldap'; $conf['plugin']['authldap']['server'] = 'localhost'; # important! ldap:// style connection doesn't work! $conf['plugin']['authldap']['usertree'] = 'ou=People, dc=example, dc=com'; $conf['plugin']['authldap']['grouptree'] = 'ou=Groups, dc=example, dc=com'; $conf['plugin']['authldap']['userfilter'] = '(&(uid=%{user})(objectClass=posixAccount))'; $conf['plugin']['authldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))';
plugin/authldap/tinyldap.txt · Last modified: 2013-03-26 12:09 by Klap-in