[dokuwiki] Re: auth backend ldap broken?
- From: Werner Flamme <werner.flamme@xxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Tue, 14 Mar 2006 10:22:56 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andreas Gohr schrieb am 13.03.2006 20:44:
> On Mon, 13 Mar 2006 17:16:33 +0100 Werner Flamme <werner.flamme@xxxxxx>
> wrote:
>
>> After I phpized and installed the ldap extension anew,
>
> Hmm what exactly does this mean? Are you refering to the PHP extension
> or the DokuWiki LDAP plugin?
Sorry, I meant the PHP extension. It seemed to be broken. Why should I
phpize a DokuWiki plugin? ;-)
>> I get "LDAP: can not bind anonymously" (inc/auth/ldap.php line 119 or
>> inc/auth/ldap.class.php line 78). But we use anonymous bind all around
>> the company!?
>
> Did you enable the debug option to get the exact LDAP error? If yes what
> did it say?
>
I set $conf['allowdebug']=1 and $conf['auth']['ldap']['debug']=true. Now I
get 3 lines on top of the page:
<div class="error">LDAP: can not bind anonymously</div><div
class="info">LDAP anonymous bind: Can't contact LDAP server</div><div
class="error">Nutzername oder Passwort sind falsch.</div>
The first error is wrong, anonymous binding is the standard method in our
company.
When I enter my own dn and pw as bin data, the first error disappears. The
next line changes to LDAP bind as superuser: Can't contact LDAP server, the
last error is still there. Well, I am not LDAP admin.
>> Well, after I changed $conf['superuser'] to an existing uid in our
>> LDAP, the error disappears.
>
> This is simply impossible because $conf['superuser'] is not used
> anywhere in the ldap backend. Probably a strange coincidence.
>
>
>> Does that mean I cannot have a group as superusers as it is mentioned
>> in http://wiki.splitbrain.org/wiki:config#superuser since LDAP needs a
>> single superuser? Is there another way of specifying a uid for LDAP
>> without writing my uid and password into conf/local.php? ;-)
>
> If anonymous binds are allowed it should work. I had a report that the
> LDAP port had to be set explicitly because the default one point to the
> SSL enabled one (I haven't veriefied this yet)
That's what I read: it *should* work :-). If it really would, I had not
written any email ;-).
What default do you mean? In your source, I find neither portnumber 389
(ldap) nor 636 (ldaps). And on
http://de3.php.net/manual/en/function.ldap-connect.php I see "If only
hostname is specified, then the port defaults to 389."
Well, since my original post via gmane did not go through (gmane tells me I
have to join the mailing list first), I had time to investigate. While I see
$conf['auth']['ldap']['server'] = 'localhost';
at http://wiki.splitbrain.org/wiki:auth:ldap, I changed my entry from
'ldaphost.leizpig.ufz.de' to 'ldap://ldaphost.leizpig.ufz.de:389'
(according to hints on the mentioned page in php.net) - and authentication
works like a charm :-)
I made a remark in wiki:auth:ldap accordingly.
>
> Andi
Werner
- --
Werner Flamme, Abt. WKDV
UFZ Umweltforschungszentrum Leipzig-Halle GmbH,
Permoserstr. 15 - 04318 Leipzig
Tel.: (0341) 235-3921 - Fax (0341) 235-453921
http://www.ufz.de - eMail: werner.flamme@xxxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEFotwk33Krq8b42MRAhEeAJ41fQBHTWst3f1EiISbKhOj4MZWTACfcuJS
pDlFIv0noAff8D/vGTP2ylY=
=jFOt
-----END PGP SIGNATURE-----
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
Other related posts:
