Added a comment: Solution

diff --git a/doc/forum/Best_way_to_setup_LDAP_authentication___63__/comment_1_f071bea899389d805dbac0703a7612d4._comment b/doc/forum/Best_way_to_setup_LDAP_authentication___63__/comment_1_f071bea899389d805dbac0703a7612d4._comment
new file mode 100644 (file)
index 0000000..10e587a
--- /dev/null
+++ b/doc/forum/Best_way_to_setup_LDAP_authentication___63__/comment_1_f071bea899389d805dbac0703a7612d4._comment
@@ -0,0 +1,27 @@
+[[!comment format=mdwn
+ username="ac_w"
+ avatar="http://cdn.libravatar.org/avatar/a76f89f70fffde5fbdacaa2a0438d8d9"
+ subject="Solution"
+ date="2021-05-06T13:31:21Z"
+ content="""
+I've managed to make it work with the method described [here](https://ikiwiki.info/plugins/httpauth/).
+
+I did not understand at first that an LDAP authentication on the webserver was enough and that ikiwiki would just trust what the webserver returns. Anyway, I replaced nginx with apache2, loaded the modules `authnz_ldap` and `ldap`, and used a configuration like this one :
+
+```
+<Location /~ikiwiki/wiki_name/auth>
+        order allow,deny 
+        allow from all 
+        AuthName \"AuthRequired\" 
+        AuthType Basic 
+        AuthBasicProvider ldap 
+
+        AuthLDAPURL \"ldap://<ldap_fqdn>:389/<searchbase>?uid?sub?<searchfilter>\" 
+        AuthLDAPBindDN  \"<binddn>\" 
+        AuthLDAPBindPassword \"<password>\" 
+        require valid-user 
+</Location>
+```
+
+As you can see I chose the second option of [the documentation](https://ikiwiki.info/plugins/httpauth/) (separate cgiauthurl), as gitlab must be able to ping the wiki without authentication (as mentioned at the end of [this doc](https://ikiwiki.info/tips/Hosting_Ikiwiki_and_master_git_repository_on_different_machines/)). Unfortunately gitlab doesn't seem to provide a way to set complex post-receive hook (the interface just provides something called \"webhooks\" which just takes an url and not a complete shell command), so I need to investigate further.
+"""]]