README.md
1# LDAP+local authentication backend for Dokuwiki
2
3## Scenario
4This backend can be used if you want to use Dokuwiki together with a corporate LDAP, but you do not have any control over the structure of the LDAP. It allows you to keep all the access data for your wiki in Dokuwiki´s plain text files and still use the corporate LDAP for authentication so your contributers will not need to memorize yet another user name and password.
5
6## History
7As I am in the same situation as describe above I have used for more than two years a self-developed patch for Dokuwiki´s LDAP authentication backend. And I did file a wishlist bug for inclusion of that patch into Dokuwiki base. This wishlist bug was rejected and so the next logical step was creating a separate backend for this scenario, even though the authentication process is a mix between LDAP and plain.
8
9Ths mix shows if you have a look at the code. The backend is inherited from the LDAP backend. It overwrites most of the functions with simple variants. Additionally it contains a lot of functions from the Plain backend, again with small variations in most of these.
10
11## License
12This authentication backend is published under the GPL V2.
13
14## Installation
15Unpack the file into the `/lib/plugins` directory of your Dokuwiki installation. It will create a directory named 'authldaplocal' there.
16
17## Configuration
18As of Dokuwiki release 2013-05-10 (Weatherwax) auth plugins are treated almost in the same way as normal plugins. They are installed in the plugin directory and have a configuration dialog. Configuration of the backend is done through the dokuwiki configuration dialog:
19
20Mark 'Use Access Control Lists', select 'authldaplocal' as the authentication backend and configure your LDAP server:
21
22
23````
24# Use access control
25$conf['useacl'] = 1;
26# Authentication type LDAP using local ACLs
27$conf['authtype'] = 'authldaplocal';
28# LDAP server URL (required)
29$conf['plugin']['authldaplocal']['server'] = 'ldap://ldap.example.com:389';
30# port (required but may be zero)
31$conf['plugin']['authldaplocal']['port'] = 0;
32# root dn for the user tree (required)
33$conf['plugin']['authldaplocal']['usertree'] = 'ou=People, dc=example, dc=com';
34# filter for users, %{user} will be replaced by user id (required)
35$conf['plugin']['authldaplocal']['userfilter'] = '(&(uid=%{user})(objectClass=posixAccount))';
36# ldap version is optional but may be required for your server
37$conf['plugin']['authldaplocal']['version'] = 3;
38````
39## Functions
40The backend will try to authenticate every login against the configured LDAP server. In addition it will look up every user in your local /conf/users.auth.php. When both conditions are met, the user is logged in.
41
42Groups may be acquired from the LDAP but it is recommended to create and use local groups.
43
44The user manager can be used to add, delete or edit users. User information is pulled from the LDAP when necessary or convenient. It is not possible to add users not in the LDAP via the user manager.
45
46## ToDo
47Reuse of code from other authentication backends has to be improved.
48
49