LDAP / Active Directory is an enterprise authentication solution developed by Microsoft.
- In the Administration Area of your wiki, click on Authentication in the left navigation.
- Click on LDAP / Active Directory.
- Enter the LDAP URL where the LDAP server can be reached.
- Enter the distinguished name in Admin Bind DN of the account used for binding.
- Enter the password in Admin Bind Credentials for the account specified above.
- Enter the base DN to search users from, in the Search Base field.
- Enter the query to match a user with the entered username/email in the Search Filter field. The value MUST include the
{{username}} tag. For example, if the username is stored in the uid field, the query would be (uid={{username}}). The {{username}} tag will be interpolated at runtime when performing the search (the active directory default setting should be (sAMAccountName={{username}})) .
- If a TLS certificate must be provided to the LDAP server, enable the Use TLS option and enter the absolute path to the certificate file in the TLS Certificate Path field.
- In case your directory fields are different than those used by Wiki.js, you can specify a mapping for each using the following fields:
- Unique ID Field Mapping
- Email Field Mapping
- Display Name Field Mapping
- Avatar Picture Field Mapping
- Enable the Self-registration option. (unless you plan on authorizing users manually)
- Select the group new users should be assigned to when they login for the first time.
- Make sure the checkbox next to LDAP / Active Directory in the list of strategies is checked. The text should now say that the strategy is active.
- Click Apply on the upper right of the page to save and apply the configuration.
Saving your LDAP configuration doesn't actually perform a connection to your LDAP Server. You need to perform an actual login to establish a connection.
To do so, open an incognito window in your browser and attempt to login to your wiki with a user in your directory.
If you get errors while trying to login, you can enable a LDAP debugging flag to report internal LDAP error messages to the console (or docker logs).
From the Administration Area, click on Developer Tools in the sidebar, then on Flags. Enable the LDAP Debug flag.
When using docker, type the command docker logs wiki to view the logs (assuming a container named wiki).