[pmwiki-users] ldap authentication & active directory

Patrick R. Michaud pmichaud at pobox.com
Wed Aug 23 09:24:23 CDT 2006


On Wed, Aug 23, 2006 at 10:15:53AM +0200, Thomas -Balu- Walter wrote:
> On Tue, Aug 22, 2006 at 06:00:33PM -0400, Gregory Martyn wrote:
> > We're running active directory here at work. I can browse the directory
> > using ldapadmin by pointing it to our active directory server. I tell it
> > that Base is "CN=Users,DC=judicialtitle,DC=com", put in my email address
> > and password and get a list of all the users. An anonymous bind doesn't
> > work.
> 
> I think that's the problem here. pmwiki uses an anonymous bind to look
> up the dn: of the entry and uses this dn: plus the users password to
> try to authenticate.

PmWiki can do an authenticated bind via the $AuthLDAPBindDN and
$AuthLDAPBindPassword variables.

> If I understand http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2255.html
> and http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc1738.html (section 5)
> correctly there is no uid:password combination allowed in LDAP urls, so
> we probably would need to have to set those otherwise.

You're correct that LDAP urls don't include information for initial binds,
thus we have the extra variables.

Pm




More information about the pmwiki-users mailing list