Extension talk:Windows NTLM LDAP Auto Auth

From MediaWiki.org
Jump to navigation Jump to search

group mapping for version 1.12[edit]

this works for me but changes does not effect! Insert near line 215.

// Check user is in securty group
   $securityFlag = false;
      $i = 0;
   foreach ($wgWinLDAPGroupMapExternal as $securityGroup) {
      foreach ($wgWinLDAPGroupMembership as $userGroup) {
         if ($userGroup == $securityGroup) {
            $securityFlag = true;
+               $dbr = wfGetDB( DB_SLAVE );
+               $user_id = $dbr->selectField( 'user', 'user_id', array( 'user_real_name' => $wgWinLDAPUserReal ), __METHOD__ );
+               $dbw = wfGetDB( DB_MASTER );
+               $dbw->insert( 'user_groups', array( 'ug_user' => $user_id, 'ug_group' => $wgWinLDAPGroupMapInternal[$i],), 'User::addGroup', array( 'IGNORE' ) );
+               $this->debugme("Security group check passed added User $wgWinLDAPUserReal ID $user_id to group $wgWinLDAPGroupMapInternal[$i]");

have fun ! hkl

next[edit]

Anybody know how this compares/differs from Extension:LDAP_Authentication?--Tempmantemp 09:21, 2 February 2009 (UTC)

Is it possible to Port that one to Apache/Linux? I want Single-Sign-On on my Network and Default Auth from outside... -- plvoy 21:27, 8 March 2010 (GMT)

Due to updates in file SpecialUserlogin.php in 1.15.3. this extension doesn't work. Workaround is to use (less secure) SpecialUserlogin.php from 1.15.2. instead -- Honza 1:29, 8 April 2010 (CEST)

empty mail and error mapping[edit]

(Sorry for my very bad english)

Problems:

  1. If user are not email, this line fail : $wgWinLDAPUserEmail = $records[$i]["mail"][0];
  2. I add this lines in LocalSettings.php :


  • $wgWinLDAPGroupMapExternal = array("CN=MySuperGroup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr","CN=MySuperGroup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr","CN=MyUserGoup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr");
  • $wgWinLDAPGroupMapInternal = array("sysop","bureaucrat","user");


After connection, in my debug file I found :

  • Debug : Group membership [3]
  • Debug : Group membership [CN=****,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr]
  • Debug : Group membership [CN=MySuperGroup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr]
  • Debug : Group membership [CN=****,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr]
  • Debug : Security group check passed added to group [sysop]
  • Debug : Security group check passed added to group [bureaucrat]


The mapping seems to work but the user is not connected to groups sysop and bureaucrat (he stay just user)

What's the problem ?

Linux and IIS 7[edit]

Is this extension useable within the Linux environment without using IIS for authentication?

Also, it says this has been tested up to IIS 5, what about IIS 7?

1.20 Installation[edit]

  • As the extension does not use passwords, you must set $wgMinimalPasswordLength = 0; in LocalSettings.php (same 1.16 Installation notes)
  • LocalSettings.php change

change line:

require_once('AuthPlugin.php');

to:

require_once('includes/AuthPlugin.php');
  • WinNTLMLDAPAutoAuth.php cahnge

change Line62-Line77:

    // Submit a fake login form to authenticate the user.
    $username = $wgWinLDAPGCServerValue;
    $params = new FauxRequest(array(
            'wpName' => $username,
            'wpPassword' => '',
            'wpDomain' => '',
            'wpRemember' => ''
            )); 
 
    // Authenticate user data will automatically create new users.
    $loginForm = new LoginForm($params);
    $result = $loginForm->authenticateUserData();
    if ($result != LoginForm::SUCCESS) {
        error_log('Unexpected authentication failure.');
        return;
    } 

to:

    // Submit a fake login form to authenticate the user.
    $username = $wgWinLDAPGCServerValue;

    $token = '';
    $firsttry = true;
    do {
    	$retry = false;
        $params = new FauxRequest(array(
                'wpName' => $username,
                'wpPassword' => '',
                'wpDomain' => '',
                'wpRemember' => '',
                'wpLoginToken' => $token
                ));

        // Authenticate user data will automatically create new users.
        $loginForm = new LoginForm($params);
        $result = $loginForm->authenticateUserData();
        
        if (firsttry && $result == LoginForm::NEED_TOKEN) {
            $token = $loginForm->getLoginToken();
            $retry = true;
        }elseif ($result != LoginForm::SUCCESS) {
            error_log('Unexpected authentication failure.');
            return;
        } 
        $firsttry = false;

    } while ( $retry );

change Line337:

function addUser($user, $password)

to:

function addUser($user, $password, $email='', $realname='')

change Line367:

function initUser(&$user)

to:

function initUser(&$user, $autocreate=false)

change Line382:

function modifyUITemplate(&$template)

to:

function modifyUITemplate(&$template, &$type)