This backend can be used if you want to use Dokuwiki together with a corporate LDAP, but you do not have any control over the structure of the LDAP. It allows you to keep all the access data for your wiki in Dokuwiki´s plain text files and still use the corporate LDAP for authentication so your contributers will not need to memorize yet another user name and password.
As I am in the same situation as describe above I have used for more than two years a self-developed patch for Dokuwiki´s LDAP authentication backend. And I did file a wishlist bug for inclusion of that patch into Dokuwiki base. This wishlist bug was rejected and so the next logical step was creating a separate backend for this scenario, even though the authentication process is a mix between LDAP and plain.
That shows if you have a look at the code. The backend is inherited from the LDAP backend. It overwrites most of the functions with simple variants. Additionally it contains a lot of functions from the Plain backend, again with small variations in most of these.
This authentication backend is published under the GPL V2.
Unpack the file in the /lib/plugins directory of your Dokuwiki installation. That will create a directory authldaplocal.
As of Dokuwiki release 2013-05-10 (Weatherwax) auth plugins are treated almost in the same way as normal plugins. They are installed in the plugin directory and have a configuration dialog. Configuration of the backend is done through the dokuwiki configuration dialog:
Mark 'Use Access Control Lists', select 'authldaplocal' as the authentication backend:
Configure your LDAP server:
This will generate the following configuration entries (in local.php):
# Use access control $conf['useacl'] = 1; # Authentication type LDAP using local ACLs $conf['authtype'] = 'authldaplocal'; # LDAP server URL (required) $conf['plugin']['authldaplocal']['server'] = 'ldap://ldap.example.com:389'; # port (required but may be zero) $conf['plugin']['authldaplocal']['port'] = 0; # root dn for the user tree (required) $conf['plugin']['authldaplocal']['usertree'] = 'ou=People, dc=example, dc=com'; # filter for users, %{user} will be replaced by user id (required) $conf['plugin']['authldaplocal']['userfilter'] = '(&(uid=%{user})(objectClass=posixAccount))'; # ldap version is optional but may be required for your server $conf['plugin']['authldaplocal']['version'] = 3;
The backend will try to authenticate every login against the configured LDAP server. In addition it will look up every user in your local /conf/users.auth.php. When both conditions are met, the user is logged in.
Groups may be acquired from the LDAP but local groups will used in any case.
The user manager can be used to add, delete or edit users. User information is pulled from the LDAP when necessary or convenient. It is not possible to add users not in the LDAP via the user manager.
Reuse of code from other authentication backends has to be improved.
Version 0.5 was made for DokuWiki Release 2013-12-08 (Binky). It also works in later versions up to now.
ldap_local-0.5.2.tar.gz (17,083 Bytes)
The plugin is also available from a GitHub repository https://github.com/kvormweg/authldaplocal
0.1 (2009-10-12):
- initial release
0.2 (2012-02-20):
- compatibility release for DokuWiki 2012-01-25
- better integration with user manager
0.3 (2012-10-14):
- compatibility release for DokuWiki 2012-10-13
- failure to aquire LDAP groups is now non fatal
0.4 (2013-03-14):
- compatibility release for DokuWiki 2013-03-06rc
- completely reorganised as as plugin
0.4.1 (2013-07-10):
- compatibility release for DokuWiki 2013-05-10a
0.4.2 (2013-07-22):
- Getting LDAP groups when creating new users has been fixed
0.5 (2013-12-01):
- compatibility release for DokuWiki 2013-12-08
0.5.1 (2015-11-03):
- compatibility release for DokuWiki 2015-08-10
0.5.2 (2016-07-26):
- compatibility release for DokuWiki 2016-06-26