From: ac_w Date: Thu, 6 May 2021 13:31:39 +0000 (-0400) Subject: Added a comment: Solution X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/885102612a4a7f2792217163dbda1aafa7db3fce Added a comment: Solution --- diff --git a/doc/forum/Best_way_to_setup_LDAP_authentication___63__/comment_1_f071bea899389d805dbac0703a7612d4._comment b/doc/forum/Best_way_to_setup_LDAP_authentication___63__/comment_1_f071bea899389d805dbac0703a7612d4._comment new file mode 100644 index 000000000..10e587a02 --- /dev/null +++ b/doc/forum/Best_way_to_setup_LDAP_authentication___63__/comment_1_f071bea899389d805dbac0703a7612d4._comment @@ -0,0 +1,27 @@ +[[!comment format=mdwn + username="ac_w" + avatar="http://cdn.libravatar.org/avatar/a76f89f70fffde5fbdacaa2a0438d8d9" + subject="Solution" + date="2021-05-06T13:31:21Z" + content=""" +I've managed to make it work with the method described [here](https://ikiwiki.info/plugins/httpauth/). + +I did not understand at first that an LDAP authentication on the webserver was enough and that ikiwiki would just trust what the webserver returns. Anyway, I replaced nginx with apache2, loaded the modules `authnz_ldap` and `ldap`, and used a configuration like this one : + +``` + + order allow,deny + allow from all + AuthName \"AuthRequired\" + AuthType Basic + AuthBasicProvider ldap + + AuthLDAPURL \"ldap://:389/?uid?sub?\" + AuthLDAPBindDN \"\" + AuthLDAPBindPassword \"\" + require valid-user + +``` + +As you can see I chose the second option of [the documentation](https://ikiwiki.info/plugins/httpauth/) (separate cgiauthurl), as gitlab must be able to ping the wiki without authentication (as mentioned at the end of [this doc](https://ikiwiki.info/tips/Hosting_Ikiwiki_and_master_git_repository_on_different_machines/)). Unfortunately gitlab doesn't seem to provide a way to set complex post-receive hook (the interface just provides something called \"webhooks\" which just takes an url and not a complete shell command), so I need to investigate further. +"""]]