Four questions, with #4 being the most important.
1) I assume the hostname should be the Active Directory hostname, not the hostname on which the wiki resides.
On this page:
http://wiki.opengarden.org/Deki_Wiki/FAQ/User_Management/How_do_I...Integrate_my_users_with_LDAP%2f%2fMS_Ac tive_Directory%3f
under examples, 2) why don't they prefix the hostname value with "hostname" like the rest? typo?
In this image (from the above link):
http://wiki.opengarden.org/@api/deki/files/543/=MindtouchLdapSettingsScreenshot.PNG
3) What is "sd" for the bindingdn value?

My main question is that our domain is in the form tool.box.com (made up example). Our AD server FQDN is therefore adctrl.tool.box.com
4) So, should our searchbase be:
searchbase DC=tool,DC=box,DC=com
or
searchbase DC=tool.box,DC=com
with "adctrl" not appearing at all in the searchbase, correct?

Sorry, not a Windows guy, so this is all new to me. Thanks!

Hello alvsupport,
try a LDAP-Browser to find out, what is the correct servername.

Greetings
Jochen

My main question is that our domain is in the form tool.box.com (made up example). Our AD server FQDN is therefore adctrl.tool.box.com
4) So, should our searchbase be:
searchbase DC=tool,DC=box,DC=com
or
searchbase DC=tool.box,DC=com
with "adctrl" not appearing at all in the searchbase, correct?

yes thats correct. your searchbase should most likely be
"DC=tool,DC=box,DC=com"

OK, #1 was pretty much self explanatory.
#2 was fixed by merktnichts.
#4 was answered by MaxM. Thank you sir!

Still wondering about bindingdn though. I fixed the image link for reference above. What is "sd"? According to the main documentation (first link), the servername is not part of the bindingdn. So is "sd.mindtouch.com" the domainname? I don't think so, because the first DC of the searchbase, in the example image, is just "mindtouch" not "sd".

So something isn't matching up. Underneath "Example settings" on the main page perhaps it would help to also see the "hostname" and "searchbase" values under their examples (i know it is mainly a groupquery & groupqueryall example). That way we could see if the domain is truly "sales.acme.com" (more like my example above) and that the servername is not "sales".
This would confirm that the attached image example is wrong and clear a lot of things up for us. If "sales" is the servername, then this example would not match up with example in the dashed box right above it that merktnichts just edited.

Thanks!

Can't seem to edit my post more than once! :)

Anyhow, after reviewing the first link again, I think that 6.2 (at the top) searchbase might be wrong, at least for AD. It should not have the leading DC=sales, if sales is truly the first part of the hostname (like 6.1 indicates). That would make the attached image accurate. But that would also mean that bindingdn under "Example Settings" in the dashed box should be "bindingdn $1@servername.domainname.local". It would go a long way if example 'hostname' and 'searchbase' rows were included for the Active Directory,
Novell eDirectory, and OpenLDAP columns also under the "Example Settings". merktnichts a little more help please?

Thanks!

yes thats correct. your searchbase should most likely be
"DC=tool,DC=box,DC=com"

Does the LDAP authentication need http or https?
I faced the same issue, and our AD only allows https connections, not LDAP, http accessiable