TikiWiki and Active Directory Integration

If you want to authenticate TikiWiki agaist Microsoft Active Directory, have a look at this article.

The most interesting part in this posting is that if you are using a Windows 2003 Server, you need to patch the LDAP.php in the PEAR authentication module, as Win2k3 by default does not allow any anonymous queries against the directory.

In <tikiroot>/lib/pear/Auth/Container/LDAP.php search for the following line in function _connect():

if ((@ldap_bind($this->conn_id)) == false) {

and replace it with

if ((@ldap_bind($this->conn_id,"someuser","somepassword")) == false) {

Note, that someuser is in the form of user@domain.tld.

I also recommend to choose to authenticate your admin user against the internal database and not the LDAP (AD) container, otherwise you will lock yourself out easily.