Topic on Extension talk:LDAP Authentication

MediaWiki with LDAP and Active Directory

3 comments • 18:34, 24 October 2014 9 years ago
3
37.24.33.102 (talkcontribs)

I have installed MediaWiki on a Debian Wheezy System, and Active Directory on Windows Server 2008 R2. Now I am trying to implement a LDAP authentication. I have already tried many tutorials but none of them worked. I have downloaded the newest LDAP extension and edited my LocalSettings.php with these entries:

# Enable LDAP Authentication
require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "AD" );
$wgLDAPServerNames = array( "AD" => "xxx.AD.de" );
$wgLDAPSearchStrings = array( "AD" => "AD\\USER-NAME" );
$wgLDAPEncryptionType = array( "AD.net" => "clear" );
$wgLDAPUseLocal = false;
$wgMinimalPasswordLength = 1;
$wgLDAPBaseDNs = array( "AD" => "dc=AD,dc=de" );
$wgLDAPSearchAttributes = array( "AD" => "sAMAccountName" );
$wgLDAPPreferences = array( "AD" => "true" );
$wgLDAPDebug = 3; //for debugging LDAP
$wgDebugLogGroups["ldap"] = "/tmp/ldapdebug.log" ; //for debugging LDAP
$wgShowExceptionDetails = true; //for debugging MediaWiki

The name of my Domain is "wikidom.de". I have already tried to subsitute all the AD fields with "wikidom.de" and also only with "wikidom". Both do not work.

Do I need to change other settings on the Windows Server?

Reply Edited by Florianschmidtwelzow 21:42, 15 August 2014 9 years ago
37.24.33.102 (talkcontribs)

nobody can help?

the ldapdebug log says:

username is an ip not munging

...

Failed to bind as ...

Reply 16:11, 21 August 2014 9 years ago
50.200.149.118 (talkcontribs)

There must be something missing in this documentation. My installation of this extension is not connecting to my LDAP server, It's trying to use the local database. Is there some other plugin or an LDAP service that I need to make this work?

Environment: Windows Server 2008 R2 Bitnami distribution of WikiMedia Windows Active Directory


Here is a snippet of the debug log.


Start request POST /mediawiki/index.php?title=Special:UserLogin&action=submitlogin&type=login&returnto=Main+Page HTTP HEADERS: ACCEPT: text/html, application/xhtml+xml, */* REFERER: http://wiki.mydomain.com/mediawiki/index.php?title=Special:UserLogin&action=submitlogin&type=login&returnto=Main+Page ACCEPT-LANGUAGE: en-US USER-AGENT: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) CONTENT-TYPE: application/x-www-form-urlencoded ACCEPT-ENCODING: gzip, deflate HOST: wiki.mydomain.com CONTENT-LENGTH: 126 CONNECTION: Keep-Alive CACHE-CONTROL: no-cache COOKIE: bitnami_mediawiki_session=84f04d4a7df01594facfd6c899904170; bitnami_mediawikiUserName=Root [caches] main: EmptyBagOStuff, message: SqlBagOStuff, parser: SqlBagOStuff [caches] LocalisationCache: using store LCStoreDB Fully initialised Connected to database 0 at 127.0.0.1:3306 IP: 172.16.59.155 Connected to database 0 at 127.0.0.1:3306 MessageCache::load: Loading en... got from global cache Unstubbing $wgParser on call of $wgParser::firstCallInit from MessageCache::getParser Parser: using preprocessor: Preprocessor_DOM Unstubbing $wgLang on call of $wgLang::_unstub from ParserOptions::__construct User::getBlockedStatus: checking... LoginForm::attemptAutoCreate: $wgAuth->authenticate() returned false, aborting OutputPage::sendCacheControl: private caching; ** LoadBalancer::reuseConnection: this connection was not opened as a foreign connection Request ended normally


Here's the relevant config from localsettings.php:

require_once 'c:\program files\mediawiki\apps\mediawiki\htdocs\extensions\LdapAuthentication\LdapAuthentication.php'; require_once 'c:\program files\mediawiki\apps\mediawiki\htdocs\includes\AuthPlugin.php'; $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPDomainNames = array( 'MyDomain','MyDomain.com'); $wgLDAPServerNames = array( 'MyDomain' => 'ut-dc1.MyDomain.com ut-dc2.MyDomain.com',); $wgLDAPUseLocal = false; $wgLDAPAutoAuthDomain = 'MyDomain.com -auto'; $wgLDAPEncryptionType = array( 'MyDomain' => 'TLS',); $wgLDAPPort = array( 'MyDomain' => 389,); $wgLDAPProxyAgent = array( 'MyDomain' => 'cn=wikildap,ou=MyDomain services,dc=MyDomain,dc=com',); $wgLDAPProxyAgentPassword = array( 'MyDomain' => 'xxxxxxxxxxxxxxxxxxxx'); $wgLDAPSearchAttributes = array( 'MyDomain' => 'sAMAccountName'); $wgLDAPSearchStrings = array("MyDomain" => "MyDomain\\USER-NAME" ); $wgLDAPBaseDNs = array( 'MyDomain' => 'ou=MyDomain,dc=MyDomain,dc=com',); $wgLDAPPreferences = array( 'MyDomain' =>'true'); $wgShowExceptionDetails = true;

Reply 18:34, 24 October 2014 9 years ago
Reply to "MediaWiki with LDAP and Active Directory"
Retrieved from "https://www.mediawiki.org/wiki/Topic:S0hetyiqp28itzfe#flow-post-s0hetyyade9u0mev"