Extension talk:Windows NTLM LDAP Auto Auth
Contents |
[edit] group mapping for version 1.12
this works for me but changes does not effect! Insert near line 215.
// Check user is in securty group $securityFlag = false; $i = 0; foreach ($wgWinLDAPGroupMapExternal as $securityGroup) { foreach ($wgWinLDAPGroupMembership as $userGroup) { if ($userGroup == $securityGroup) { $securityFlag = true; + $dbr = wfGetDB( DB_SLAVE ); + $user_id = $dbr->selectField( 'user', 'user_id', array( 'user_real_name' => $wgWinLDAPUserReal ), __METHOD__ ); + $dbw = wfGetDB( DB_MASTER ); + $dbw->insert( 'user_groups', array( 'ug_user' => $user_id, 'ug_group' => $wgWinLDAPGroupMapInternal[$i],), 'User::addGroup', array( 'IGNORE' ) ); + $this->debugme("Security group check passed added User $wgWinLDAPUserReal ID $user_id to group $wgWinLDAPGroupMapInternal[$i]");
have fun ! hkl
[edit] next
Anybody know how this compares/differs from Extension:LDAP_Authentication?--Tempmantemp 09:21, 2 February 2009 (UTC)
Is it possible to Port that one to Apache/Linux? I want Single-Sign-On on my Network and Default Auth from outside... -- plvoy 21:27, 8 March 2010 (GMT)
Due to updates in file SpecialUserlogin.php in 1.15.3. this extension doesn't work. Workaround is to use (less secure) SpecialUserlogin.php from 1.15.2. instead -- Honza 1:29, 8 April 2010 (CEST)
[edit] empty mail and error mapping
(Sorry for my very bad english)
Problems:
- If user are not email, this line fail : $wgWinLDAPUserEmail = $records[$i]["mail"][0];
- I add this lines in LocalSettings.php :
- $wgWinLDAPGroupMapExternal = array("CN=MySuperGroup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr","CN=MySuperGroup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr","CN=MyUserGoup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr");
- $wgWinLDAPGroupMapInternal = array("sysop","bureaucrat","user");
After connection, in my debug file I found :
- Debug : Group membership [3]
- Debug : Group membership [CN=****,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr]
- Debug : Group membership [CN=MySuperGroup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr]
- Debug : Group membership [CN=****,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr]
- Debug : Security group check passed added to group [sysop]
- Debug : Security group check passed added to group [bureaucrat]
The mapping seems to work but the user is not connected to groups sysop and bureaucrat (he stay just user)
What's the problem ?
[edit] Linux and IIS 7
Is this extension useable within the Linux environment without using IIS for authentication?
Also, it says this has been tested up to IIS 5, what about IIS 7?
