Original link: https://lisz.me/tech/webmaster/ldap-dokuwiki.html
foreword
The development of encyclopedia
When it comes to encyclopedia, the most famous in the world is WikiPedia , and the most famous in China is Baidu Encyclopedia . Of course, there are some differences between the two. WikiPedia supports multiple languages and can be edited freely, but generally requires the necessary references and links to support it. Baidu Encyclopedia only supports Chinese, and has relatively high requirements for editing entries. Generally speaking, it is written and reviewed by specialized personnel. In addition to these two, there are also some other popular encyclopedias, such as China Encyclopedia , 360 Encyclopedia , Sogou Encyclopedia , etc. The distinctive feature of Popular Encyclopedia is that it has a very wide range and is suitable for popular science, but it may not be enough to find some too detailed knowledge.
Therefore, with the increasing demand for specialization of encyclopedias, more and more specialized or specialized encyclopedias have also begun to emerge, such as Wikipedias related to computer science, AI knowledge bases , gray machine Wikis related to games, and Wikipedias related to computer science. Two-dimensional animation, novel related Mengniang encyclopedia , etc. This makes up for the lack of popular encyclopedia to a certain extent, and meets the public’s demand for specialized knowledge popularization or manuals.
open source encyclopedia
Since it is an encyclopedia site, it needs an encyclopedia program to support user management, entry editing, entry review and other functions. In fact, the world’s largest encyclopedia site WikiPedia uses the free and open source MediaWiki . On the other hand, Baidu Baike uses closed-source programs developed by itself, and is connected to Baidu-based products such as Baidu Account and Baidu Know. If you want to build an encyclopedia site yourself, in addition to MediaWiki, there are many free options, such as Dokuwiki , Wiki.js , Notion , etc.
Among them, Dokuwiki is a PHP-based open source program that can be used for both encyclopedia sites and team sites. One of the things I like about Dokuwiki is that it can be deployed independently and supports version iteration without the need for a database at all. This seems to be very close to the idea of ”everything is a file”. ( 
In fact, it is because the author is not willing to manage the database) Although Wiki.js is written based on NodeJS, it still needs to connect to the database. Notion is a software that is more like a personal note. It does not need to be deployed by itself, but only needs to be edited on the web or client. Notion itself supports many open functions, and even manages documents together with zotero . If you are very familiar with the various functions of Notion, it may be very suitable to use Notion to build an encyclopedia. However, I feel that getting to this point may require as much complexity as learning the cosmic IDE – Visual Studio.
The design of Dokuwiki is somewhat similar to the design philosophy of VS Code, and the ontology provides only the most basic and simplest functions. If you want other features or change the style, you can do so by installing plugins or themes. while Dokuwiki
Official and community authors provide a wealth of plug-ins and themes, which have good scalability and DIY possibilities. For example, the LDAP authentication that this article intends to access for Dokuwiki is actually one of the official plug-ins. The default program is to have the LDAP Auth Plugin installed, we only need to do some simple settings to access LDAP authentication.
practice
In order to implement Dokuwiki access LDAP authentication more easily, a pre-prepared Docker image – shuosc/dokuwiki is used here. If you are interested, you can visit the shuosc/docker-dokuwiki project maintained by the author to learn more about the build details of this image.
pre-prepared environment
- Docker environment
- docker-compose tool
Dokuwiki
Create instance
Start a Dokuwiki instance using the docker-compose.yml file below and the docker-compose up -d command. The port mapping here can be adjusted according to preference or actual situation.
# docker-compose.yml version : ' 2' services : dokuwiki : image : shuosc/dokuwiki:latest ports : - 80:80 environment : - DIR=wiki volumes : - ./data:/opt/data
run verification
Visit http://localhost/wiki/ to see the Dokuwiki instance home page as shown below. This is actually the page after logging in with the default admin user.
The initial password of the default administrator admin for shuosc/dokuwiki is admin. If the container instance can be accessed from the external network, it is recommended to change the password to a strong password in time after running for security reasons.
Configure LDAP Login
Install LDAP support
Since the shuosc/dokuwiki image is not originally built for LDAP authentication, and the php7-ldap library required for LDAP authentication is not installed, you need to enter the container to install it after starting the instance, and restart the container instance to take effect.
# 进入容器实例docker exec -ti < id > /bin/bash # 默认用户为root apt update && apt install -y php7-ldap # 退出容器实例后执行docker restart < id >
Due to the software source of USTC (University of Science and Technology of China) adopted by the shuosc/dokuwiki mirror by default, the author encountered a Not Found error when installing the php7-ldap library. If you also encounter it, you can switch the software source of the container instance to other software sources, such as executing sed -i "s/ustc/nju/" /etc/apt/sources.list to switch from USTC to NJU (Nanjing University). ) software source.
Also, such an installation is only a temporary solution, after destroying and rebuilding the container instance there is still no php7-ldap library. Therefore, subsequent shuosc/dokuwki mirrors will add this support.
Set up LDAP
After successful login, you can click the management button in the upper right corner as shown in the previous step to enter the management page .
Here, you can click the extension manager to confirm whether the LDAP Auth Plugin is pre-installed. Since it is a screenshot after it is enabled, there are no uninstall and close buttons and a prompt to enable it on the right.
Return to the previous management page and click the Configuration Settings button to enter the complete configuration settings. As shown in the figure below is the configuration of the LDAP authentication part, which can be found at the back of the actual page.
The above picture is the default configuration, we need to fill in some of the entries, the content is as follows (the others can be left as default):
| entry | content |
|---|---|
| server | ldap.example.com |
| usertree | ou=People,dc=example,dc=com |
| userfilter | (&(objectClass=posixAccount)(uid=%{user})) |
| version | 3 |
| binddn | cn=admin,dc=example,dc=com |
| bindpw | xxxxxxxxxxxx |
| modPass | unchecked |
Enable LDAP
The previous step is to fill in the LDAP related configuration information. Here, you also need to switch the default authentication method (authtype) from authbasic to authldap, as shown in the following figure. In addition, in order to ensure that the LDAP administrator user can access the Dokuwiki management page, it is also necessary to specify the username of the superuser (superuser).
Since LDAP authentication is enabled, the registration function of Dokuwiki should be disabled as shown below,
other
After accessing LDAP authentication for Dokuwiki, all LDAP users under all specified group directories can log in to Dokuwiki normally. However, since LDAP only provides user login authentication, the permissions of the corresponding pages of Dokuwiki still need to be managed by the user manager that comes with Dokuwiki. Specific operations can be found in the Dokuwiki Manual for more information.
References
- LDAP Auth Backend: OpenLDAP Examples
- Dokuwiki with LDAP error: User authentication is temporarily unavailable
This article is reprinted from: https://lisz.me/tech/webmaster/ldap-dokuwiki.html
This site is for inclusion only, and the copyright belongs to the original author.