TinyLDAP is a minimalistic LDAP server. Here is how to get a minimal User-Management running through TinyLDAP.
The following LDIF file sets up two groups (admin and user) and two users (superman and batman). superman is member of both groups, batman is only member of the user group:
dn: dc=example,dc=com objectClass: top objectClass: dcObject objectClass: organisation o: Example Solutions dc: example dn: ou=People,dc=example,dc=com objectClass: organizationalUnit ou: People dn: ou=Groups,dc=example,dc=com objectClass: organizationalUnit ou: Groups dn: cn=user,ou=Groups,dc=example,dc=com objectClass: posixGroup description: Common Users gidNumber: 2000 cn: user dn: cn=admin,ou=Groups,dc=example,dc=com objectClass: posixGroup description: Administrators cn: admin gidNumber: 2001 memberUid: superman dn: uid=superman,ou=People,dc=example,dc=com objectClass: inetOrgPerson objectClass: posixAccount cn: Clark Kent givenName: Clark sn: Kent uid: superman userPassword: {MD5}Gh3JHJBzJcaScd3wyUS8cg== uidNumber: 2000 gidNumber: 2000 homeDirectory: /home/superman loginShell: /bin/bash mail: [email protected] dn: uid=batman,ou=People,dc=example,dc=com objectClass: inetOrgPerson objectClass: posixAccount cn: Bruce Wayne givenName: Bruce sn: Wayne uid: batman userPassword: {MD5}Gh3JHJBzJcaScd3wyUS8cg== uidNumber: 2001 gidNumber: 2000 homeDirectory: /home/batman loginShell: /bin/bash mail: [email protected]
To run tinyldap with the above user data you need to prepare the data file (called example below) and add the needed indexes to it:
parse example.ldif example addindex example uid if addindex example memberUID if addindex example gidNumber f addindex example dn if addindex example objectClass if
You then can run one of the three tinyldap binaries with the created data file. While configuring I recommend to use the tinyldap_debug binary.
Finally, the following should configured via the Config Manager or be put into your local.protected.php file to store the config protected.
<?php /** * TinyLDAP configuration for LDAP Auth Plugin * See https://www.dokuwiki.org/plugin:authldap:tinyldap for details and explanation */ $conf['authtype'] = 'authldap'; $conf['plugin']['authldap']['server'] = 'localhost'; # important! ldap:// style connection doesn't work! $conf['plugin']['authldap']['usertree'] = 'ou=People, dc=example, dc=com'; $conf['plugin']['authldap']['grouptree'] = 'ou=Groups, dc=example, dc=com'; $conf['plugin']['authldap']['userfilter'] = '(&(uid=%{user})(objectClass=posixAccount))'; $conf['plugin']['authldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))';