Topic on Extension talk:Auth remoteuser

LDAP AutoLogon with Windows user (but get logged in as "daemon")

3 comments • 09:17, 9 October 2022 1 year ago
3
Alenkei (talkcontribs)

I am running MediaWiki 1.38.2 on Debian 5.10.120-1:

MediaWiki 1.38.2

PHP 7.4.30 (fpm-fcgi)

MariaDB 10.6.8-MariaDB

ICU 67.1


With the following extensions:


VisualEditor        0.1.2

CategoryTree        –

ParserFunctions  1.6.0

TreeAndMenu        4.2.5, 2021-10-31

Auth_remoteuser     2.1.1 (7155b49)

CollapsibleVector    0.1.11

LDAPAuthentication 2 1.0.3

LDAPProvider        1.0.5

PluggableAuth        5.7


After much trial-and-errorI got LDAP Authentication to work.

Now I would like to get auto-login to work.


My apache runs as "daemon".

When I turn on Auth_remoteuser with:

wfLoadExtension( 'Auth_remoteuser' );

$wgAuthRemoteuserUserName =  getenv( 'USER' );


I do get automatically logged on but the user is "daemon" which is the user Apache is running I am guessing (which is a bit weird in and of itself because "daemon" is not present in LDAP...)


How can I tell it to use the requester's windows user?


Best regards,

Andrei

Reply Edited 09:40, 26 August 2022 1 year ago
Ciencia Al Poder (talkcontribs)

getenv( 'USER' ) is the user running the webserver.

Look at the details of $wgAuthRemoteuserUserName for configuration examples.

Note that your apache should be configured to authenticate against Windows, and this probably requires installing an NTLM apache module and a working samba client configured on the system). Once that works (for example, requiring a valid user and displaying an error page if the user is not valid/provided/detected) you should know at which server variable is that user stored, and use it to set $wgAuthRemoteuserUserName

Reply 20:15, 28 August 2022 1 year ago
This post was hidden by ~aanzx (history)
Reply to "LDAP AutoLogon with Windows user (but get logged in as "daemon")"
Retrieved from "https://www.mediawiki.org/wiki/Topic:X1y0rt3f3f09ysuh"