$wgLDAPServerNames = array(
'KAR' => 'ldap://aab.kar.local:389/',
);
use:
$wgLDAPServerNames = array(
'KAR' => 'aab.kar.local',
);
The other info gets filled in for you automatically.
$wgLDAPSearchStrings = array(
'KAR' => 'KAR\\_apache',
);
This should be:
$wgLDAPSearchStrings = array(
'KAR' => 'KAR\\USER-NAME',
);
As USER-NAME will get subsituted by the user logging in.
$wgLDAPEncryptionType = array(
'KAR' => 'clear',
);
Your AD server may not like this; I'm not sure if SSL (or Kerberos) is
required for binding by default in AD, but I think it is. I know there
is a way to turn it off, which is fine for testing, but not so ok for
production. If you are having problems, make it work without SSL, then
work towards using SSL.
$wgLDAPUseLocal = false;
$wgMinimalPasswordLength = 1;
Do I have to use the following 2 extra configurations for AD
if I want to use "Syncronizing LDAP groups"?
$wgLDAPBaseDNs = array(
'KAR' => 'cn=Users,dc=kar,dc=local'
);
$wgLDAPSearchAttributes = array(
'KAR' => =user827'
);
Yes, but $wgLDAPSearchAttributes, should probably be:
$wgLDAPSearchAttributes = array( "KAR"=>"sAMAccountName" );
and you'll need:
$wgLDAPUseLDAPGroups = array( "KAR"=>"true" );
$wgLDAPGroupObjectclass = array( "KAR"=>"group" );
$wgLDAPGroupAttribute = array( "KAR"=>"member" );
$wgLDAPGroupNameAttribute = array( "KAR"=>"cn" )
You *really* should get regular authentication working before you try
group sync.
What do I have to change the following configuration
if I
want to use "Single Domain Requiring Search Before Binding"?
This is the wrong configuration example; you quoted the non-AD config.
But you can ignore that, just use the config above with what you had.
V/r,
Ryan Lane