Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update ldap docs #40

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Update ldap docs #40

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ec9110f
Update ldap.md to include new group mapping.
icsinfo Nov 29, 2022
14431dd
remove warning label so numbering works.
icsinfo Nov 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion auth/ldap.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,14 @@ LDAP / Active Directory is an enterprise authentication solution developed by Mi
- **Email Field Mapping**
- **Display Name Field Mapping**
- **Avatar Picture Field Mapping**
1. If you want your wiki to assign groups to users that match their LDAP groups, enable the **Map Groups** option. This also removes any existing group assignments that don't match LDAP, so consider this carefully before enabling for existing installations. If you have disabled any local wiki accounts you can lock yourself out.
1. If you enabled the **Map Groups** option, enter the base DN to search for your LDAP groups in the **Group Search Base**.
1. The **Group Search Filter** is to specify the LDAP group property that contains group membership. The default works in most LDAP configurations, but will not search nested groups in Active Directory. For Active Directory, use something like **(member:1.2.840.113556.1.4.1941:={{dn}})** to search nested groups. See [Microsoft's documentation](https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx) for more information. Any other LDAP provider you will need to modify the filter accordingly. {{dn}} will get replaced with the user property specified in **Group DN Property**.
1. Change the **Group Search Scope** from **sub** (search the base dn and any entries below the base dn) to **base** (search only the base dn) or **one** (search the base dn and one level below) only if your environment requires it.
1. Change the **Group DN Property** only if you assign group membership based on something other than the user's Distinguished Name.
1. Change the **Group Name Field** to the LDAP property that your groups define their name in. This is the LDAP field that your wiki will match group names on.
1. Enable the **Self-registration** option. *(unless you plan on authorizing users manually)*
1. Select the **group** new users should be assigned to when they login for the first time.
1. Select the **group** new users should be assigned to when they login for the first time. Don't do this if you have **Map Groups** enabled.
1. Make sure the checkbox next to **LDAP / Active Directory** in the list of strategies is checked. The text should now say that the strategy is **active**.
1. Click **Apply** on the upper right of the page to save and apply the configuration.

Expand Down