Manual talk:Active Directory Integration

Jump to navigation Jump to search

About this board

Is there any way to test is user is logged on in LocalSetting.php

2
Awatkins1966 (talkcontribs)

You may ask why, but having problem with VisualEditor in latest 1.35 MediaWiki, since it does not like Private mediawiki sites. You have to log on to view site "$wgGroupPermissions['*']['read'] = false;". (Ref: Topic:Vuonx6s9lxsy1xew)

With such sites you can not edit pages (like I am doing now). Currently the only real workaround is to test IP address in LocalSetting.php but no help if you want to access site from many clients. This is why I am asking if there is something I can add in LocalSettings.php which test if Username/password is valid, so then I can set $wgGroupPermissions['*']['read'] = true;"

Thanks

Mushu0mushu (talkcontribs)

See what server environment variables are set, find one that is set to the current logged in user and test for that.

Reply to "Is there any way to test is user is logged on in LocalSetting.php"

How to enable automatic login using AD authentication so user doesn't have to click the Log In button?

6
Mushu0mushu (talkcontribs)

Windows Server 2012R2

MediaWiki 1.35.1
PHP 7.4.14 (cgi-fcgi)
MySQL 5.7.13-log

LDAPAuthentication2 1.0.2 (58e281c) 07:04, 7 January 2021

Auth_remoteuser 2.1.1 (a448e28) 23:55, 7 May 2021

LDAPAuthorization 1.1.0 (e037664) 19:38, 9 July 2020

LDAPProvider 1.0.5 (ca854c1) 07:54, 14 December 2020

LDAPUserInfo 1.0.0 (39cca83) 19:58, 9 July 2020

PluggableAuth 5.7 (2a465ae) 15:07, 10 July 2020

I have proper modules installed as far as I can tell, but MW requires me to click the login button and enter a password. How can I automate this so it logs in automagically and uses perms via groups?

Xdaveyx (talkcontribs)

I ended up using Auth_remoteuser for automatic login. I also had to disable LDAPAuthentication2 for that to work. Everything else seems to be okay so far. I am still testing.

Mushu0mushu (talkcontribs)

Thanks for that. I disabled the load of LDAPAuthentication2 but it still leaves me at the main wiki page not logged in. Were there any other settings you changed in your LocalSettings.php file related to this?

Xdaveyx (talkcontribs)

Sorry, that I didn't see your question until now.


Here's the other relevant bits from my localsettings file:


$LDAPProviderDomainConfigs = $ldapJsonFile;

$LDAPProviderDefaultDomain = "DOMAIN";

$LDAPProviderCacheType = CACHE_MEMCACHED; #*

$LDAPProviderCacheTime = 8 * 60 * 60;


$wgPluggableAuth_EnableAutoLogin = true;

$wgPluggableAuth_EnableLocalLogin = true;

*Obviously use your own caching method here. I went through the pain of setting up memcached. It seems to make the difference since I am using a lot of nested templates.


I hope that helps!

Mushu0mushu (talkcontribs)

I got it to finally auto-login but only if the account exists in the user tables in the database. I have the createaccount and autocreateaccount set to true but the accounts are never added to the table. Plus those people get server Error 500 and no event log entries are generated, plus no MW extension log files are written to. However for anyone who is already in the user table everything works great, no errors are thrown, and they are auto-logged in. Thoughts?

Xdaveyx (talkcontribs)

Are you using IIS, or another web server? I'd be digging down a bit more with LDAPAuthorization.

Enable and check any logs you can. There were a couple of good posts about logging with examples that I found in the posts on these plugin talk pages and some other related pages.

Profiling, and the process monitor software were really helpful too. Though it took me some time to figure out.

I am on a domain system with Windows defender enabled by my admin. Since I put the website and PHP in non-standard folders I had to add exclusions to defender to help with some speed (+10 seconds) and permissions( related to image uploading, I think). There was some sort of locking issue.

Reply to "How to enable automatic login using AD authentication so user doesn't have to click the Log In button?"

How to bind ldap groups the either View Only, Edit and Admin

1
159.46.196.36 (talkcontribs)

Hi,


After a lot of trail and error I finally can log in properly and that a you must login, but I can't figure out how to implemented the following:

  • Viewers (read only obviously) (CN=WIKI_VIEWERS,OU=groups,DC=mydomain,DC=local)
  • Editors (CN=WIKI_USERS,OU=groups,DC=mydomain,DC=local)
  • Admins (CN=WIKI_ADMINS,OU=groups,DC=mydomain,DC=local)


I tired fiddling with the mappings but does not seems to do anything (my partial json):


"groupsync": {

"mapping": {

"VIEWERS" : "CN=WIKI_VIEWERS,OU=groups,DC=mydomain,DC=local",

"EDITORS" : "CN=WIKI_USERS,OU=groups,DC=mydomain,DC=local",

"ADMINS" : "CN=WIKI_ADMINS,OU=groups,DC=mydomain,DC=local"

}

}


I started testing with viewers like so:, but when I login with a user that is in that group the user test can edit and create new pages.. But more explanation or some examples would be most helpfull


$wgGroupPermissions['VIEWERS']['edit'] = false;

$wgGroupPermissions['VIEWERS']['createpage'] = false;


Thanks in advance.

Reply to "How to bind ldap groups the either View Only, Edit and Admin"

Setup Doesn't work from MediaWiki WebSite

1
47.26.146.98 (talkcontribs)

Setup configuration as explained in article and ran update.php


When attempting to login from the GUI the following error is thrown:

[X4hn3AICGN7jXCch3jl1rAAAAI4] /wiki/index.php?title=Special:PluggableAuthLogin MWException from line 169 of /var/www/mediawiki-1.35.0/extensions/LDAPProvider/src/Client.php: Could not bind to LDAP: (-1) Can't contact LDAP server

Backtrace:

#0 /var/www/mediawiki-1.35.0/extensions/LDAPProvider/src/Client.php(92): MediaWiki\Extension\LDAPProvider\Client->establishBinding()

#1 /var/www/mediawiki-1.35.0/extensions/LDAPProvider/src/Client.php(329): MediaWiki\Extension\LDAPProvider\Client->init()

#2 /var/www/mediawiki-1.35.0/extensions/LDAPAuthentication2/src/PluggableAuth.php(81): MediaWiki\Extension\LDAPProvider\Client->canBindAs(string, string)

#3 /var/www/mediawiki-1.35.0/extensions/PluggableAuth/includes/PluggableAuthLogin.php(36): MediaWiki\Extension\LDAPAuthentication2\PluggableAuth->authenticate(NULL, string, NULL, NULL, NULL)

#4 /var/www/mediawiki-1.35.0/includes/specialpage/SpecialPage.php(600): PluggableAuthLogin->execute(NULL)

#5 /var/www/mediawiki-1.35.0/includes/specialpage/SpecialPageFactory.php(635): SpecialPage->run(NULL)

#6 /var/www/mediawiki-1.35.0/includes/MediaWiki.php(307): MediaWiki\SpecialPage\SpecialPageFactory->executePath(Title, RequestContext)

#7 /var/www/mediawiki-1.35.0/includes/MediaWiki.php(940): MediaWiki->performRequest()

#8 /var/www/mediawiki-1.35.0/includes/MediaWiki.php(543): MediaWiki->main()

#9 /var/www/mediawiki-1.35.0/index.php(53): MediaWiki->run()

#10 /var/www/mediawiki-1.35.0/index.php(46): wfIndexMain()

#11 {main}


Tested configuration with the following scripts which all worked:

php extensions/LDAPProvider/maintenance/ShowUserInfo.php --domain YourDomain --username SomeUser

php extensions/LDAPProvider/maintenance/ShowUserGroups.php --domain YourDomain --username SomeUser

php extensions/LDAPProvider/maintenance/CheckLogin.php --domain YourDomain --username SomeUser


However as noted the web interface does not work when attempting login.

Reply to "Setup Doesn't work from MediaWiki WebSite"
There are no older topics