AuthUserViaMicrosoftLDAP

Summary:Configure AuthUser with Microsoft AD LDAP
Version:
Prerequisites:
Status:
Maintainer:
Categories: Administration

Description

Configure AuthUser with Microsoft AD LDAP.

This was tested on Windows 2003, apache 2.2.6, php 5.2.4

1st. Install apache ldap modules in apache httpd conf.

 LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
 LoadModule ldap_module modules/mod_ldap.so

2nd. Install php LDAP module and note to Win32 users: in order for this extension to work, there are DLL files that must be available to the Windows system PATH. See the FAQ titled "How do I add my PHP directory to the PATH on Windows" for information on how to do this. Although copying DLL files from the PHP folder into the Windows system directory also works (because the system directory is by default in the systems PATH), it is not recommended. This extension requires the following files to be in the PATH: libeay32.dll and ssleay32.dll.

3rd. Copy this to your local/config.php

   #------Starting below------
    #Security Variables set login for edit & history page
    #to let anyone edit that has an ldap entry:
    $HandleAuth['diff'] = 'edit';
    $DefaultPasswords['edit'] = 'id:*';
    $Author = $AuthId;

    $AuthLDAPBindDN = "your DomainName\\any Username from you Active Dir";
    #(it must be \\ not \)!!!

$AuthLDAPBindPassword = "password for that username";

$AuthUser['ldap'] = 'ldap://your dc host name.your domain.com/ou=organizational unit,dc=your domain,dc=com?mailNickname?sub';

 include_once("$FarmD/scripts/authuser.php");
   #----Ending above-----

The bolded words in the LDAP statement need to be changed to match your configuration. The other words are correct syntax based on this model: ldap://host:port/basedn?attribute?scope?filter

If you are not connecting to a remote domain, your configuration may need to be domain.local instead of domain.com. In this case, the second "dc=" should be changed from dc=com to dc=local.

Finally, the LDAP statement can be a little tricky. If you're having trouble, it may be useful to download Softerra's freeware LDAP Browser 2.6 and browse through your LDAP. That may give you an idea of how the structure works and how to build the syntax.

Referrals

LDAP Referrals supplied by the server may cause unexplained errors. From PmWiki 2.2.103, set in config.php:

  $AuthLDAPReferrals = 0;

This prevents PHP's LDAP from trying to follow them.

Notes

See Also

Contributors

Comments

See discussion at AuthUserViaMicrosoftLDAP-Talk