TikiWiki and Active Directory Integration

If you want to authenticate TikiWiki agaist Microsoft Active Directory, have a look at this article.

The most interesting part in this posting is that if you are using a Windows 2003 Server, you need to patch the LDAP.php in the PEAR authentication module, as Win2k3 by default does not allow any anonymous queries against the directory.

In <tikiroot>/lib/pear/Auth/Container/LDAP.php search for the following line in function _connect():

if ((@ldap_bind($this->conn_id)) == false) {

and replace it with

if ((@ldap_bind($this->conn_id,"someuser","somepassword")) == false) {

Note, that someuser is in the form of user@domain.tld.

I also recommend to choose to authenticate your admin user against the internal database and not the LDAP (AD) container, otherwise you will lock yourself out easily.

2 thoughts on “TikiWiki and Active Directory Integration”

  1. It has to have the privilege to list the ActiveDirectory, which ordinary users have. You can verify this by checking if the user is able to resolve other domain usernames in a permission dialog somewhere in Windows.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.