Extension:Windows NTLM LDAP Auto Auth
From MediaWiki.org
 |
The author of this extension is no longer maintaining it! Meaning any reports for additional features and/or bugfixes will more than likely be ignored. Volunteers are encouraged to take on the task of developing and maintaining it. As a courtesy, you may want to contact the author. You should also remove this template and list yourself as maintaining the extension in the page's {{extension}} infobox. |
|
This extension stores its source code on a wiki page. Please be aware that this code may be unreviewed or maliciously altered. They may contain security holes, outdated interfaces that are no longer compatible etc. Note: No localisation updates are provided for this extension by translatewiki.net. |
 Release status: unmaintained |
|
|---|---|
| Implementation | User identity |
| Description | Verify users against AD LDAP and manage group permissions. |
| Author(s) | Martin Siddall |
| Last version | 1.0 |
| MediaWiki | 1.13.0rc2 |
| License | GPLv3+ |
| Download | No link |
| Check usage and version matrix | |
Introduction [edit]
Having seen the functionallity of Media WIKI I wanted to use the system as a way of document control within our IT department. We wanted to have the authentication and group security controlled by our Active Directory domain. After messing with the auth plugin's written by others I found that none of them suited our way of working so I decided to write our own, and this is the result.
Feature set [edit]
This auth plugin is based on Rusty Burchfield's Extension:AutomaticREMOTE_USER and Ryan Lane's Ldap.
- Allow Windows Active Directory domain verification of the IIS authenticated user.
- Creates internal WIKI accounts and imports LDAP fields. (mail,firstname,surname)
- Connects to Windows Global Catalog to allow support for multiple domains / forests.
- Permission / Security control of which LDAP groups can access the WIKI.
- Permission / Security mapping of LDAP groups to internal wiki groups.
- Nested group support.
- Automatic creation of internal WIKI groups, and user membership.
- Removal of Login / Logout access & buttons.
- No anonymous access.
Permission mapping may also require Extension:Group_Based_Access_Control to provide granular access to pages within the WIKI.
Please note that access control cannot be 100% effective within the WIKI please see Security_issues_with_authorization_extensions
Tested on [edit]
- MediaWIKI 1.13.0rc2
- PHP 5.2.6 (isapi)
- MySQL 5.0.67-community-nt
- IIS 5.1
Installation [edit]
- Install Php using isapi feature (CGI not needed)
- Configure IIS to use php5isapi.dll for .php extentions
- Configure IIS to do the Authentication (disable anonymous access).
- Edit settings within LocalSettings.php to suit your windows environment.
- Add the following lines to your LocalSettings.php
- Copy WinNTLMLDAPAutoAuth.php in your extension dir.
Add the following lines in the order shown at the end of LocalSettings.php [edit]
Configure parts inside <> [edit]
## Windows Global Catalog Server $wgWinLDAPGCServer = "<gcserver.test.com>"; ## PHP SERVER VAR which contains the authenticated IIS user id TESTDOMAIN\TESTUSER $wgWinLDAPGCServerValue = $_SERVER['REMOTE_USER']; ## Read only user account which can access the windows AD. Windows does not support anonymous logins by default. $wgWinLDAPBindUser = "<domain>\\<domain user>"; $wgWinLDAPBindPassword = "<password>"; ## Base of searches. Use the base of your forest / domain. $wgWinLDAPForestRoot = "<dc=test,dc=com>"; ## Map LDAP groups to wiki groups user accounts must be a member of the following groups $wgWinLDAPGroupMapExternal = array("<CN=Wiki SysOp,OU=_Managed WIKI Groups,DC=test,DC=com>","<CN=Wiki Bureaucrat,OU=_Managed WIKI Groups,DC=test,DC=com>","<CN=Wiki User,OU=_Managed WIKI Groups,DC=test,DC=com>","<CN=Wiki Restricted,OU=_Managed WIKI Groups,DC=test,DC=com>"); $wgWinLDAPGroupMapInternal = array("sysop","bureaucrat","user","wiki restricted"); ## Enable TLS security $wgWinLDAPUseTLS = false; ## Enable nested group searching, may delay login. $wgWinLDAPGroupNested = true; ## Debug $wgWinLDAPDebug = true; $wgWinLDAPDebugLogFile = "<c:/inetpub/temp/ldap_debug.txt>";
Add this if you want to disable anonymous access OPTIONAL [edit]
The following additions are required to lock down the WIKI to prevent basic security issues.
In this configuration the four groups within AD are mapped to sysop, bureaucrat, user and wiki restricted. Below is the config to :-
- Disable anonymous access.
- Standard users can only read.
- Bureaucrats can edit.
- Remove the login / logout buttons.
- Prevent anyone from creating accounts as extension uses Windows Active Directory exclusively.
- Users are by default not 'autoconfirmed' users.
## Restrict access to unauthorised people $wgWhitelistRead = array(); ## Anonymous $wgGroupPermissions['*']['read'] = false; $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['createpage'] = false; $wgGroupPermissions['*']['createaccount'] = false; $wgGroupPermissions['*']['createtalk'] = false; $wgGroupPermissions['*']['writeapi'] = false; ## User $wgGroupPermissions['user' ]['move'] = false; $wgGroupPermissions['user' ]['read'] = true; $wgGroupPermissions['user' ]['edit'] = false; $wgGroupPermissions['user' ]['createpage'] = false; $wgGroupPermissions['user' ]['createtalk'] = false; $wgGroupPermissions['user' ]['upload'] = false; $wgGroupPermissions['user' ]['reupload'] = false; $wgGroupPermissions['user' ]['reupload-shared'] = false; $wgGroupPermissions['user' ]['minoredit'] = false; $wgGroupPermissions['user' ]['purge'] = false; $wgGroupPermissions['user' ]['move-subpages'] = false; $wgGroupPermissions['user' ]['writeapi'] = false; ## Bot $wgGroupPermissions['bot' ]['move'] = true; $wgGroupPermissions['bot' ]['read'] = true; $wgGroupPermissions['bot' ]['edit'] = true; $wgGroupPermissions['bot' ]['createpage'] = true; $wgGroupPermissions['bot' ]['createtalk'] = true; $wgGroupPermissions['bot' ]['upload'] = true; $wgGroupPermissions['bot' ]['reupload'] = true; $wgGroupPermissions['bot' ]['reupload-shared'] = true; $wgGroupPermissions['bot' ]['minoredit'] = true; $wgGroupPermissions['bot' ]['purge'] = true; $wgGroupPermissions['bot' ]['move-subpages'] = true; $wgGroupPermissions['bot' ]['writeapi'] = true; ## Sysop $wgGroupPermissions['sysop']['createaccount'] = false; $wgGroupPermissions['sysop' ]['move'] = true; $wgGroupPermissions['sysop' ]['read'] = true; $wgGroupPermissions['sysop' ]['edit'] = true; $wgGroupPermissions['sysop' ]['createpage'] = true; $wgGroupPermissions['sysop' ]['createtalk'] = true; $wgGroupPermissions['sysop' ]['upload'] = true; $wgGroupPermissions['sysop' ]['reupload'] = true; $wgGroupPermissions['sysop' ]['reupload-shared'] = true; $wgGroupPermissions['sysop' ]['minoredit'] = true; $wgGroupPermissions['sysop' ]['purge'] = true; $wgGroupPermissions['sysop' ]['move-subpages'] = true; $wgGroupPermissions['sysop' ]['writeapi'] = true; ## Bureaucrats $wgGroupPermissions['bureaucrat' ]['userrights'] = true; $wgGroupPermissions['bureaucrat' ]['move'] = false; $wgGroupPermissions['bureaucrat' ]['read'] = false; $wgGroupPermissions['bureaucrat' ]['edit'] = false; $wgGroupPermissions['bureaucrat' ]['createpage'] = false; $wgGroupPermissions['bureaucrat' ]['createtalk'] = false; $wgGroupPermissions['bureaucrat' ]['upload'] = false; $wgGroupPermissions['bureaucrat' ]['reupload'] = false; $wgGroupPermissions['bureaucrat' ]['reupload-shared'] = false; $wgGroupPermissions['bureaucrat' ]['minoredit'] = false; $wgGroupPermissions['bureaucrat' ]['purge'] = false; $wgGroupPermissions['bureaucrat' ]['move-subpages'] = false; $wgGroupPermissions['bureaucrat' ]['writeapi'] = false; ## Diable autoconfirmed $wgAutoConfirmAge = 3600 * 24 * 365 * 100; ## 100 years $wgGroupPermissions['autoconfirmed']['autoconfirmed'] = false; $wgGroupPermissions['autoconfirmed']['read'] = false; ## Remove Login/Logout Button function StripLogin(&$personal_urls, &$wgTitle) { unset( $personal_urls["login"]); return true; } function StripLogout(&$personal_urls, &$wgTitle) { unset( $personal_urls["logout"]); return true; } $wgHooks['PersonalUrls'][] = 'StripLogout'; $wgHooks['PersonalUrls'][] = 'StripLogin';
Add this part at the end [edit]
## Auth Plugin require_once('AuthPlugin.php'); ## WinNTLMLDAP AD Auth require_once('extensions/WinNTLMLDAPAutoAuth.php'); $wgAuth = new Auth_NTLM_User();
Make a new file in extensions/WinNTLMLDAPAutoAuth.php [edit]
Just paste in the following lines
<?php // This program is free software: you can redistribute it and/or modify it // under the terms of the GNU General Public License as published by the Free // Software Foundation, either version 3 of the License, or (at your option) // any later version. // This program is distributed in the hope that it will be useful, but WITHOUT // ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or // FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for // more details. // You should have received a copy of the GNU General Public License along with // this program. If not, see <http://www.gnu.org/licenses/>. // Add these lines to the bottom of your LocalSettings.php // // require_once('AuthPlugin.php'); // require_once('extensions/WinNTLMLDAPAutoAuth.php'); // $wgAuth = new Auth_NTLM_User(); // Extension credits that show up on Special:Version $wgExtensionCredits['other'][] = array( 'name' => 'Windows NTLM LDAP Auto Auth', 'version' => '1.0', 'author' => array('Martin Siddall'), 'url' => 'http://www.mediawiki.org/', 'description' => 'Processes NTLM authentication, checks AD via LDAP and adds/removes group membership.', ); // Internal global vars $wgWinLDAPUserReal = ""; $wgWinLDAPUserEmail = ""; $wgWinLDAPGroupMembership = ""; // This hook is registered by the Auth_NTLM_User constructor. function Auth_NTLM_User_hook() { global $wgUser; global $wgRequest; global $_REQUEST; global $wgWinLDAPGCServerValue; global $wgWinLDAPGroupMapExternal; global $wgWinLDAPGroupMapInternal; global $wgWinLDAPGroupMembership; // Disable access to manual login / logout pages. $title = $wgRequest->getVal('title'); if (($title == "Special:UserLogout" || ($title == "Special:UserLogin"))) { header("Location: http://" . $_SERVER['SERVER_NAME'] . "/index.php?title=Main_Page"); return; } // Do nothing if session is valid $user = User::newFromSession(); if (!$user->isAnon()) { return; // User is already logged in and not anonymous. } // Copied from includes/SpecialUserlogin.php if (!isset($wgCommandLineMode) && !isset($_COOKIE[session_name()])) { wfSetupSession(); } // Submit a fake login form to authenticate the user. $username = $wgWinLDAPGCServerValue; $params = new FauxRequest(array( 'wpName' => $username, 'wpPassword' => '', 'wpDomain' => '', 'wpRemember' => '' )); // Authenticate user data will automatically create new users. $loginForm = new LoginForm($params); $result = $loginForm->authenticateUserData(); if ($result != LoginForm::SUCCESS) { error_log('Unexpected authentication failure.'); return; } // Remove user from all non auto groups $oldGroups = $wgUser->getEffectiveGroups(); foreach ($oldGroups as $group) { if ($group <> "*" or $group <> "user" or $group <> "autoconfirmed") { $wgUser->removeGroup($group); } } // Add user to security groups foreach ($wgWinLDAPGroupMembership as $userGroup) { $i = 0; foreach ($wgWinLDAPGroupMapExternal as $externalGroup) { if (strtolower($userGroup) == strtolower($externalGroup)) { $wgUser->addGroup($wgWinLDAPGroupMapInternal[$i]); } $i = $i + 1; } } $wgUser->setCookies(); return; // User has been logged in } class Auth_NTLM_User extends AuthPlugin { var $ldapconn; var $verified; function Auth_NTLM_User() { global $wgWinLDAPGCServer; if (strlen($wgWinLDAPGCServer)) { global $wgExtensionFunctions; if (!isset($wgExtensionFunctions)) { $wgExtensionFunctions = array(); } else if (!is_array($wgExtensionFunctions)) { $wgExtensionFunctions = array($wgExtensionFunctions); } // Add authentication Hook` array_push($wgExtensionFunctions, 'Auth_NTLM_User_hook'); } return; } function authenticate($username, $password) { if ($this->verified == true) { return true; } else { return false; } } function LDAPverify() { global $wgWinLDAPGCServerValue, $wgWinLDAPGCServer, $wgWinLDAPUseTLS; global $wgWinLDAPBindUser, $wgWinLDAPBindPassword, $wgWinLDAPForestRoot; global $wgWinLDAPUserReal, $wgWinLDAPUserEmail, $wgWinLDAPGroupMembership, $wgWinLDAPGroupNested; global $wgWinLDAPGroupMapExternal; global $wgWinLDAPGroupMapInternal; // Abort verification if allready verified if ($this->verified == true) { return true; } $this->debugme("Connecting to GC $wgWinLDAPGCServer"); // Connect to Windows Domain GC (LDAP) Server $this->ldapconn = ldap_connect($wgWinLDAPGCServer, 3268); if (isset($this->ldapconn)) { $this->debugme("Succesfully connected"); if (!ldap_set_option($this->ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3)) { $this->debugme("Protocol option not set"); } if (!ldap_set_option($this->ldapconn, LDAP_OPT_REFERRALS, 0)) { $this->debugme("Referrals option not set"); } if ($wgWinLDAPUseTLS == true) { if (ldap_start_tls($this->ldapconn) == false) { $this->debugme("TLS enabled and could not start"); return false; } } if (strlen($wgWinLDAPBindUser) && strlen($wgWinLDAPBindPassword)) { $this->debugme("Binding as $wgWinLDAPBindUser"); if (ldap_bind($this->ldapconn, $wgWinLDAPBindUser, $wgWinLDAPBindPassword) == true) { $this->debugme("Binding as $wgWinLDAPBindUser suceeded"); // Extract username and domain from specified server VAR $temp = strtolower(str_replace('\\', ':', $wgWinLDAPGCServerValue)); $pos = strpos($temp, ":"); $NTLMusername = substr($temp, $pos + 1); $NTLMdomain = substr($temp, 0, $pos); // Search LDAP for user $filter = "(&(|(mail=" . $NTLMusername . "*)(anr=" . $NTLMusername . "))(mailnickname=*)(objectCategory=person)(objectClass=user))"; // Search with AD // $filter = "(&(sAMAccountName=" . $NTLMusername . ")(objectCategory=person)(objectClass=user))"; $search = ldap_search($this->ldapconn, $wgWinLDAPForestRoot, $filter, array("cn", "givenname", "sn", "mail", "memberof", "samaccountname")); $records = ldap_get_entries($this->ldapconn, $search); $this->debugme("Base for filter search [$wgWinLDAPForestRoot]"); $this->debugme("Searching LDAP for user using filter [$filter]"); // Only allow matching if one LDAP account found. if ($records["count"] == 1) { $this->debugme("One match found for $NTLMusername"); for ($i = 0; $i < $records["count"]; $i++) { // User verified $this->verified = true; // User prefs $wgWinLDAPUserReal = $records[$i]["cn"][0]; $wgWinLDAPUserEmail = $records[$i]["mail"][0]; $this->debugme("User pref retrieved [$wgWinLDAPUserReal]"); $this->debugme("User pref retrieved [$wgWinLDAPUserEmail]"); // Get group membership $wgWinLDAPGroupMembership = $records[$i]["memberof"]; foreach ($wgWinLDAPGroupMembership as $membershipOfGroup) { $this->debugme("Group membership [$membershipOfGroup]"); } // Expand nested groups if ($wgWinLDAPGroupNested == true) { $this->debugme("Expanding groups looking for nested groups"); $this->expandNestedGroups(); } // Check user is in securty group $securityFlag = false; $i = 0; foreach ($wgWinLDAPGroupMapExternal as $securityGroup) { foreach ($wgWinLDAPGroupMembership as $userGroup) { if ($userGroup == $securityGroup) { $securityFlag = true; $this->debugme("Security group check passed added to group [" . $wgWinLDAPGroupMapInternal[$i] . "]"); } } $i = $i + 1; } // Dont login if not in group if ($securityFlag == false) { $this->debugme("Security group check failed"); return false; } else { return true; } } } else { $this->debugme("More than one or zero match found for $NTLMusername -> Found : ".$records["count"]); return false; } } else { $this->debugme("Binding as $wgWinLDAPBindUser failed"); return false; } } else { $this->debugme("Anonymous connections are not allowed"); return false; } } else { $this->debugme("Connection to GC failed"); return false; } } function expandNestedGroups() { global $wgWinLDAPGroupMapExternal; global $wgWinLDAPGroupMapInternal; $i = 0; foreach ($wgWinLDAPGroupMapExternal as $externalGroup) { $this->getGroupMembers($externalGroup, $wgWinLDAPGroupMapInternal[$i]); $i = $i + 1; } } function getGroupMembers($group, $groupmap) { if (strtolower(substr($group, 0, 2)) == "cn") { $filter = str_replace("cn=", "", substr($group, 0, strpos($group, ","))) ; $base = substr(substr($group, strpos($group, ",")), 1); $search = ldap_search($this->ldapconn, $base, $filter, array("dn", "cn", "member", "objectclass")); $records = ldap_get_entries($this->ldapconn, $search); if ($records["count"] == 1) { $DNclass = $records[0]["objectclass"]; foreach ($DNclass as $groupClass) { if (strtolower($groupClass) == "group") { // Add group mapping $this->insertGroupArray($group, $groupmap); if (isset($records[0]["member"])) { $groupMembers = $records[0]["member"]; foreach ($groupMembers as $groupMember) { $this->getGroupMembers($groupMember, $groupmap); } } } } } } } function insertGroupArray($group, $groupmap) { global $wgWinLDAPGroupMapExternal; global $wgWinLDAPGroupMapInternal; $existflag = false; foreach ($wgWinLDAPGroupMapExternal as $externalGroup) { if ($group == $externalGroup) { $existflag = true; break; } } if ($existflag == false) { // Group does not exist insert into $wgWinLDAPGroupMapExternal $this->debugme("Found nested group adding to mappings [$group] [$groupmap]"); array_push($wgWinLDAPGroupMapExternal, $group); array_push($wgWinLDAPGroupMapInternal, $groupmap); } } function allowPasswordChange() { return false; } function setPassword($user, $password) { return false; } function updateExternalDB($user) { return true; } function canCreateAccounts() { return false; } function addUser($user, $password) { return false; } function userExists($username) { return true; } function validDomain($domain) { return true; } function updateUser(&$user) { return true; } function autoCreate() { return true; } function strict() { return true; } function initUser(&$user) { global $wgWinLDAPUserReal, $wgWinLDAPUserEmail; $user->setRealName($wgWinLDAPUserReal); $user->setEmail($wgWinLDAPUserEmail); $user->setToken(); $user->setOption('enotifwatchlistpages', 0); $user->setOption('enotifusertalkpages', 0); $user->setOption('enotifminoredits', 0); $user->setOption('enotifrevealaddr', 0); $user->confirmEmail(); $user->saveSettings(); } function modifyUITemplate(&$template) { $template->set('useemail', false); $template->set('remember', false); $template->set('create', false); $template->set('domain', false); $template->set('usedomain', false); } function getCanonicalName($username) { // Pre verify to populate account information if ($this->verified == false) { $this->LDAPverify(); } if ($this->verified == true) { // Format username as this is the case which the user types avoids duplicated logins // upper case domain name and lower case username $pos = strpos($username, chr(92)) - 1; for ($i = 0; $i < (strlen($username) - 1); $i++) { if ($i <= $pos) { $username[$i] = strtoupper($username[$i]); } else { $username[$i] = strtolower($username[$i]); } } } return $username; } // handles the debug output to a debug file function debugme($input) { global $wgWinLDAPDebug; global $wgWinLDAPDebugLogFile; if ($wgWinLDAPDebug) { $f = fopen($wgWinLDAPDebugLogFile, "a+"); fputs($f, "Debug : " . $input . "\r\n"); fclose($f); } } }
User contributions [edit]
1.16 Installation notes [edit]
- Replace /includes/specials/SpecialUserLogin.php with the file from Mediawiki 1.15.2 (see Honza's note on the Talk/Discussion page)
- As the extension does not use passwords, you must set $wgMinimalPasswordLength = 0; in LocalSettings.php
Other recommendations [edit]
Whilst developing this auth plugin we also looked at changing the skin to suit a more professional environment. We came across the GuMax Skin which with a few tweaks to the colors then suited our internal look and feel.
Visit Paul Gu's wiki at [1]
See also [edit]
- Extension:Realnames to display realnames instead of/in addition to usernames
- Extension:AutomaticREMOTE_USER
- Extension:LDAP_Authentication
Questions [edit]
Question (zamoth) : it is said above that PHP Isapi module is used ... [edit]
I just installed the component while installing php, but did not configure anything. I don't know if this is enough, or if there is anything to do.
Answer (crushKing) : it is said above that PHP Isapi module is used ... [edit]
Yes you need to set the php to work via Isapi and add to the php the ldap extension (I added also mysql for my sql server) After setting php to use the isapi you need to set the mediawiki virtual folder to use the isapi filter (direct it to <php install path>\php5isapi.dll), this is as far as those settings go.
What I Did (zamoth) [edit]
I just re installed php, and told it to use ISAPI instead of CGI. I edited php.ini and made the following changes : - fixed path, as said in MediaWiki installation, (upload_tmp_dir="C:\PHP\uploadtemp" & session.save_path="C:\PHP\sessiondata") - Installed : php_ldap + php_mcrypt + php_mhash + php_mysql + php_openssl (all are in php.ini at the bottom) I hope this is the correct installation - I copied php.ini to my %windir% directory ... else it was not working
Question (zamoth) : Some accounts were not mail enabled ... and searching was not perfect [edit]
Answer (zamoth) : this is the original ldap search request : [edit]
$filter = "(&(|(mail=" . $NTLMusername . "*)(anr=" . $NTLMusername . "))(mailnickname=*)(objectCategory=person)(objectClass=user))";
The search query is kind of awekward. I changed it by using sAMAccountName, wich is more accurate ... It has also the benefit of having only one answer in an Active Directory architecture
$filter = "(&(sAMAccountName=" . $NTLMusername . ")(objectCategory=person)(objectClass=user))";
Question (zamoth) : unsing media Wiki 1.14 + this plugin only ... I have groups problems [edit]
- Groups don't get updated ... if I change AD rights, wikimedia do not update rights
- groups:permissions does not work anymore. I get a Enter a user name but it does not work afterwards ...
Note (zamoth) [edit]
I do not experience these problemes anymore ... and I have done noting !!?!!
Minor bug fix [edit]
you should change the line:
header("Location: http://" . $_SERVER['SERVER_NAME'] . "/index.php?title=Main_Page");
to:
header("Location: http://" . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF']);
this path was invalid in my configuration. this should, and does in mine, go back to whatever the default home page is in whatever folder its in.
Question (nim278) : Usernames without domain [edit]
I need to set this up so that the domain does not pass through to the username. Any suggestions how I could modify the code so that the user in the wiki is "username" rather than "DOMAIN\username"?
67.97.209.36 20:04, 4 June 2009 (UTC)
Answer (tomv564) [edit]
You will need to make the following changes to WinNTLMLDAPAutoAuth.php:
- In the hook, before a FauxRequest is created for the LoginForm (line 63) you will want to remove the domain from $username - something like:
$pos = strpos($temp, '\\'); $username = substr($temp, $pos);
- The extension's getCanonicalName function (line 391) reformats the $username once again to title case (eg. FLastname -> Flastname).
You can remove line 426:
$pos = strpos($username, chr(92)) - 1;
And use 0 for $pos on the following lines:
for ($i = 0; $i < (strlen($username) - 1); $i++) {
if ($i <= 0) {
$username[$i] = strtoupper($username[$i]);
} else {
$username[$i] = strtolower($username[$i]);
}
}
Question (nvr8981) : All users considered a Restricted User [edit]
I have configured the LDAP settings just as the directions have asked, however the site does not pick up the AD rights of any of the groups. They are all considered Restricted Users. Anyone have any ideas?
Question (Gaurave.Sehgal) : Settings on IIS7 [edit]
I installed php for IIS7 as Fast CGI and tried to configure it on IIS7. It does not work. Can someone point out the steps to make it work with IIS7.
Question (Gayantha) : I want to create multiple wikis using this plugin... [edit]
I want to create multiple wikis automatically using this plugin. Anyone can help me for this query?
Question (TobiasH) : Is IIS required? [edit]
I want to use this plugin on a Linux server using Apache. Is this possible?
