TikiWiki and Active Directory Integration
If you want to authenticate TikiWiki agaist Microsoft Active Directory, have a look at this article.
The most interesting part in this posting is that if you are using a Windows 2003 Server, you need to patch the LDAP.php in the PEAR authentication module, as Win2k3 by default does not allow any anonymous queries against the directory.
In <tikiroot>/lib/pear/Auth/Container/LDAP.php search for the following line in function _connect():
if ((@ldap_bind($this->conn_id)) == false) {
and replace it with
if ((@ldap_bind($this->conn_id,"someuser","somepassword")) == false) {
Note, that someuser is in the form of user@domain.tld.
I also recommend to choose to authenticate your admin user against the internal database and not the LDAP (AD) container, otherwise you will lock yourself out easily.
I am Software Engineer and partly self-employed. I am currently focused around C++ and Java on Linux, but previously used to develop mainly for Windows on the Microsoft .NET platform, and sometimes Python and PHP for web applications. I consider myself being a Linux enthusiast. (
Does the AD username need any particular privaliges?
It has to have the privilege to list the ActiveDirectory, which ordinary users have. You can verify this by checking if the user is able to resolve other domain usernames in a permission dialog somewhere in Windows.