Thanks to Graham and Thomas, I now have it figured out. I was missing the part where I said what to do with the login once it happened. So, for future reference to get ldap to work you need:
## assign an ldap server, with basedn $AuthUser['ldap'] = "ldap://ldap.example.org/ou=people,dc=example,dc=org?uid";; ## Want to use AuthUser so we can use ldap for passwords ## Needs to go BELOW the ldapserver assignment include_once("$FarmD/scripts/authuser.php"); ##Security Variables set login for edit & history page ## to let anyone edit that has an ldap entry: $HandleAuth['diff'] = 'edit'; $DefaultPasswords['edit'] = 'id:*'; $Author = $AuthId; or to check the groups in ldap, and let different groups do different things, do something like this: $AuthUser['@editors'] = get_ldap_values("cn=groups", "(cn=GROUP)", array("memberUid")); $AuthUser['@admins'] = get_ldap_values("cn=groups", "(cn=OTHERGROUP)", array("memberUid")); $DefaultPasswords['edit'] = '@editors'; $DefaultPasswords['attr'] = '@editors'; $DefaultPasswords['upload'] = '@editors'; $DefaultPasswords['admin'] = array('@admins','id:ANOTHERUSER'); cheers, maria On 9/10/07, Thomas Gemperli <[EMAIL PROTECTED]> wrote: > Hi > > On 10.09.2007, at 10:53, Maria McKinley wrote: > > > On 9/10/07, Thomas Gemperli <[EMAIL PROTECTED]> wrote: > >> Hi > >> > >> On 10.09.2007, at 09:46, Maria McKinley wrote: > >> > >>> I am trying to get authentication using ldap working, and having a > >>> very hard time. here are the lines I added to local/config.php: > >>> > >>> ## Want entire site to be password-protected for editing. > >>> $DefaultPasswords['edit'] = crypt('edit_password'); > >>> ## Want to use AuthUser so we can use ldap for passwords > >>> include_once("$FarmD/scripts/authuser.php"); > >>> # use ldap.shadlen.org for authentication > >>> $AuthUser['ldap'] = 'ldap://ldap.shadlen.org/ou=people,dc=shadlen? > >>> dc=org?'; > >> > >> I'm using ldap, with the following config: > >> > >> $AuthUser['ldap'] = "ldap://host.domain.tld/ > >> cn=users,dc=domain,dc=tld? > >> uid"; > >> # Enable authuser extensions - MUST be BELOW every $AuthUser entry > >> in this file > >> include_once("$FarmD/scripts/authuser.php"); > >> > >> Make sure to include authuser.php below any $AuthUser lines. > >> > >> Thomas > >> > > > > Thanks a bunch. That does seem like something worth putting in the > > docs under AuthUser, ldap. Maybe I'll do that once I have this all > > figured out, since it is a wiki and all. :-) However, it doesn't seem > > to completely solve my problem. Now I get no error message, it just > > doesn't log me in, > > No message, like "invalid username" or something similar? > > > so I don't know if the ldap enquiry was successful > > and there is some other problem, or if I am still having ldap > > problems. > > Well, if PmWiki does not complain about your username/password login > was successful. > Now you probably need to define which users are allowed to edit/ > upload/etc pages. > > I use something like this in my config.php: > > $AuthUser['@editors'] = get_ldap_values("cn=groups", "(cn=GROUP)", > array("memberUid")); > $AuthUser['@admins'] = get_ldap_values("cn=groups", > "(cn=OTHERGROUP)", array("memberUid")); > > $DefaultPasswords['edit'] = '@editors'; > $DefaultPasswords['attr'] = '@editors'; > $DefaultPasswords['upload'] = '@editors'; > $DefaultPasswords['admin'] = array('@admins','id:ANOTHERUSER'); > > Please note, I use a self written piece of php to get group members > out of my LDAP directory (Apple OpenDirectory). It will most likely > not work with AD. Anyway, you can "hardcode" legitimated users in > config.php, for example: > > $AuthUser['@editors'] = 'id:USER1, id:USER2'; > $DefaultPasswords['edit'] = '@editors'; > > JFYI, I have attached my "get the group members cookbook". Probably > you would like to "port" it to AD. ;) > > Thomas > > > > > > > _______________________________________________ > pmwiki-users mailing list > [email protected] > http://www.pmichaud.com/mailman/listinfo/pmwiki-users > > > -- Maria Mckinley Scientific Programmer Shadlen Lab Physiology and Biophysics Box 357290 University of Washington (206) 616-3923 [EMAIL PROTECTED] _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
