Thread:Extension talk:LDAP Authentication/Automatic Logon to Mediawiki Using IIS/reply (3)

Here's what I did to get my setup working...

LocalSettings.php file
Note: Absent from the config are $wgLDAPProxyAgent and $wgLDAPProxyAgentPassword. You will probably need these. I didn't for some reason, so I omitted them.

Forcing Kerberos Authentication on IIS
Helpful link: http://technet.microsoft.com/en-us/library/cc754628(WS.10).aspx

Important Quote from TechNet: ''The default setting for Windows authentication is Negotiate. This setting means that the client can select the appropriate security support provider. To force NTLM authentication, you must change the value of the  element under the  element in the ApplicationHost.config file.''

I changed my ApplicationHost.config file to look like this:

  

Configuring OpenLDAP client
Helpful link: http://www.ashleyknowles.net/2011/07/iis-php-and-ldaps-with-active-directory/

C:\OpenLDAP\sysconf\ldap.conf TLS_REQCERT never TLS_CACERT C:\openldap\sysconf\webcert.crt
 * 1) ldap.conf contains the following

To get the certificate, I just had to go to http://vw2k8-adfsmo2.DOMAIN.org/certsrv and select "Download a CA certificate, certificate chain, or CRL". Make sure it's in Base64 X.509 format. The extension was .cer but I renamed it to .crt (doesn't hurt anything).

Okay. That's all I can think of at the moment. If I feel I missed anything, I'll update this post.

-Chris