[dokuwiki] Re: Does dokuwiki support multiple ldap servers?

• From: Grant Gardner <grant@xxxxxxxxxxxxxxxxxx>
• To: dokuwiki <dokuwiki@xxxxxxxxxxxxx>
• Date: Tue, 30 Jun 2009 22:22:53 +1000

On Tue, 30 Jun 2009 01:01:13 +0200, Dmitry Katsubo <dma_k@xxxxxxx> wrote:
> kay Han wrote on 29.06.2009 14:40:
>> Hello dma_k, thanks for your help
>>
>> yes I mean if it is possible to configure dokuwiki so that It connects
> to all three LDAP (AD  actually) servers we have to authenticate the
user.
>> It sounds like the chain would do the job. But in local.php these
> parameters are for just for one ldap server, I do not see how I would
> configure it for 3 servers
>>
>> $conf['auth']['ldap']['server'] = 'adserver.mycompany.se';
>> $conf['auth']['ldap']['binddn'] = '%{user}@addomain.mycompany.se';
>> $conf['auth']['ldap']['usertree'] = 'dc=addomain,dc=mycompany,dc=se';
>> $conf['auth']['ldap']['userfilter'] =
> '(userPrincipalName=%{user}@addomain.mycompany.se)';
>
> Hi Kay!
>
> Let's follow the requirement to do top quoting. Thank you, Michael, for
> noticing.
>
> If plugin internals have been written correctly, I am sure, you will
> find no difficulties extend this plugin to chain different LDAP servers.
> My idea is that the configuration should also contain the type of the
> service, and hash keys may take any values:
>
> $conf['auth']['chained']['authconfigs'] = "conf1 conf2 conf3"
>
> $conf['auth']['conf1']['type'] = 'ldap';
> $conf['auth']['conf1']['server'] = ...
> $conf['auth']['conf2']['type'] = 'ldap';
> $conf['auth']['conf2']['server'] = ...
> $conf['auth']['conf3']['type'] = 'ldap';
> $conf['auth']['conf3']['server'] = ...
>
> Or try contacting the plugin's author if you have difficulties.
>
> Bye

That would be me.

Firstly, I suspect changing the ldap or AD plugins to fallback through
a series of servers would be less hassle for this particular problem.

But that said, this scenario has crossed my mind before.

The problem as Kay points out is that the basic model for auth plugins
assumes a single plugin and therefore all the implementations (including
ldap and chained) use hard-coded configuration locations.

So in addition to changing how the chained plugin is configured you also
need to change the ldap plugin itself.

My suggestion would be to pass in the configuration hash on construction
assuming that is possible with PHP.

So the chained plugin would effectively do (in createAuth(), around line
93)

   new auth_ldap($conf['auth']['conf1'])

Then change the ldap plugin, which fortunately only references the global
$conf just once, to use the constructor argument instead of $conf and
you're pretty much done.

I'm sure it would be possible to generalise this to fall back to a no arg
constructor if the plugin being chained doesn't support dynamic config.

Cheers,
      Grant.
-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

• » [dokuwiki] Does dokuwiki support multiple ldap servers? - kay Han
• » [dokuwiki] Re: Does dokuwiki support multiple ldap servers? - James Lin
• » [dokuwiki] Re: Does dokuwiki support multiple ldap servers? - Dmitry Katsubo
• » [dokuwiki] Re: Does dokuwiki support multiple ldap servers? - kay Han
• » [dokuwiki] Re: Does dokuwiki support multiple ldap servers? - Michael Klier
• » [dokuwiki] Re: Does dokuwiki support multiple ldap servers? - Patrice Caron
• » [dokuwiki] Re: Does dokuwiki support multiple ldap servers? - Dmitry Katsubo
• » [dokuwiki] Re: Does dokuwiki support multiple ldap servers? - Grant Gardner

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription