-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andreas Gohr schrieb am 13.03.2006 20:44: > On Mon, 13 Mar 2006 17:16:33 +0100 Werner Flamme <werner.flamme@xxxxxx> > wrote: > >> After I phpized and installed the ldap extension anew, > > Hmm what exactly does this mean? Are you refering to the PHP extension > or the DokuWiki LDAP plugin? Sorry, I meant the PHP extension. It seemed to be broken. Why should I phpize a DokuWiki plugin? ;-) >> I get "LDAP: can not bind anonymously" (inc/auth/ldap.php line 119 or >> inc/auth/ldap.class.php line 78). But we use anonymous bind all around >> the company!? > > Did you enable the debug option to get the exact LDAP error? If yes what > did it say? > I set $conf['allowdebug']=1 and $conf['auth']['ldap']['debug']=true. Now I get 3 lines on top of the page: <div class="error">LDAP: can not bind anonymously</div><div class="info">LDAP anonymous bind: Can't contact LDAP server</div><div class="error">Nutzername oder Passwort sind falsch.</div> The first error is wrong, anonymous binding is the standard method in our company. When I enter my own dn and pw as bin data, the first error disappears. The next line changes to LDAP bind as superuser: Can't contact LDAP server, the last error is still there. Well, I am not LDAP admin. >> Well, after I changed $conf['superuser'] to an existing uid in our >> LDAP, the error disappears. > > This is simply impossible because $conf['superuser'] is not used > anywhere in the ldap backend. Probably a strange coincidence. > > >> Does that mean I cannot have a group as superusers as it is mentioned >> in http://wiki.splitbrain.org/wiki:config#superuser since LDAP needs a >> single superuser? Is there another way of specifying a uid for LDAP >> without writing my uid and password into conf/local.php? ;-) > > If anonymous binds are allowed it should work. I had a report that the > LDAP port had to be set explicitly because the default one point to the > SSL enabled one (I haven't veriefied this yet) That's what I read: it *should* work :-). If it really would, I had not written any email ;-). What default do you mean? In your source, I find neither portnumber 389 (ldap) nor 636 (ldaps). And on http://de3.php.net/manual/en/function.ldap-connect.php I see "If only hostname is specified, then the port defaults to 389." Well, since my original post via gmane did not go through (gmane tells me I have to join the mailing list first), I had time to investigate. While I see $conf['auth']['ldap']['server'] = 'localhost'; at http://wiki.splitbrain.org/wiki:auth:ldap, I changed my entry from 'ldaphost.leizpig.ufz.de' to 'ldap://ldaphost.leizpig.ufz.de:389' (according to hints on the mentioned page in php.net) - and authentication works like a charm :-) I made a remark in wiki:auth:ldap accordingly. > > Andi Werner - -- Werner Flamme, Abt. WKDV UFZ Umweltforschungszentrum Leipzig-Halle GmbH, Permoserstr. 15 - 04318 Leipzig Tel.: (0341) 235-3921 - Fax (0341) 235-453921 http://www.ufz.de - eMail: werner.flamme@xxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEFotwk33Krq8b42MRAhEeAJ41fQBHTWst3f1EiISbKhOj4MZWTACfcuJS pDlFIv0noAff8D/vGTP2ylY= =jFOt -----END PGP SIGNATURE----- -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist