Hello,
I found this project this week and installed it very easily, and I thank everyone that posted directions for using Active Directory LADP authentication.
I insisted on having recursive group support, so I hacked in code to make that work earlier this week. I decided that I could rewrite my hack so it was a clean extension of the code that had already been developed, so here it is.
This code works in my production environment. It is a variation of a _vbscript_ I wrote to map network drives. It takes the distinguished name (DN) of the user and finds all groups that DN is a part of, then takes the DNs for those groups and looks for all groups those DNs are a part of, etc. It also correctly detects circular groups and does not loop infinitely.
Here is the part of local.conf for that works for me:
$conf['authtype'] = 'ldap';
$conf['auth']['ldap']['server'] = 'server.domain.com';
$conf['auth']['ldap']['port'] = 389;
$conf['auth']['ldap']['binddn'] = '%{user}@domain.com';
$conf['auth']['ldap']['usertree'] = 'dc=domain,dc=com';
$conf['auth']['ldap']['userfilter'] = '(SAMAccountName=%{user})';
$conf['auth']['ldap']['mapping']['name'] = 'displayname';
# This is not needed- the group retreival code works.
#$conf['auth']['ldap']['mapping']['grps'] = array('memberof' => '/CN=(.+?),/i');
$conf['auth']['ldap']['grouptree'] = 'dc=avc,dc=edu';
$conf['auth']['ldap']['groupfilter'] = '(&(objectClass=group)(cn=*)(member=%{dn}))';
# Don't know if this is the default.
$conf['auth']['ldap']['groupkey'] = 'cn';
#This cleans up the group name fetched from 'groupkey'
#$conf['auth']['ldap']['groupfilter2'] = '/CN=(.+?),/i'; #Not needed for AD
#This identifies the group's DN code
$conf['auth']['ldap']['groupDN'] = 'distinguishedname';
$conf['auth']['ldap']['referrals'] = 0; # Switch referrals off for use with Active Directory
$conf['auth']['ldap']['version'] = 3;
$conf['superuser'] = '@Domain Admins'; #name group AD for dokuwiki administration
Thank you for all the work you have done,
Mike Wilmes