Topic on Extension talk:LDAP Authentication

Ldap Configuration Help

14 comments 12:36, 7 November 2016 7 years ago
14
Summary last edited by Sufs2000 12:04, 7 November 2016 7 years ago

all done

81.144.34.196 (talkcontribs)

Hi I am struggling to get Ldap working on my verision of mediawiki 1.15 and Ldap plugin version 1.2d. My code is below...

#Ldap Authentication
require_once("/opt/app/apache2.2.8/htdocs/aspirewiki/extensions/LdapAuthentication/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDebug = 3;
$wgDebugLogGroups["ldap"] = "/opt/app/apache2.2.8/htdocs/aspirewiki/debug1.log";
$wgLDAPDomainNames=array( "work" );
$wgLDAPServerNames = array("work" => "work.net" );
$wgUseLocal = false;
$wgLDAPEncryptionType = array("work.net" => "clear");
$wgLDAPProxyAgent = array("work"=>"cn[work.net],ou=[work.net],ou=[work.net],DC=[work.net],DC=[work.net],DC=[work.net]");
$wgLDAPProxyAgentPassword = array("work"=>"[work.net]");
$wgLDAPBaseDNs = array("OU=[work.net],OU=[work.net],dc=[work.net],dc=[work.net],dc=[work.net]");
$wgLDAPSearchAttributes = array( "work.net" => "uid" );
$wgLDAPSearchStrings = array( "work.net" => "USER-NAME@work.net" );

The debug errors are below:

2011-06-08 09:13:10  wikidb: Entering validDomain
2011-06-08 09:13:10  wikidb: User is using a valid domain.
2011-06-08 09:13:10  wikidb: Setting domain as: hmrcmis
2011-06-08 09:13:10  wikidb: Entering getCanonicalName
2011-06-08 09:13:10  wikidb: Username isn't empty.
2011-06-08 09:13:10  wikidb: Munged username: Cg10223
2011-06-08 09:13:10  wikidb: Entering userExists
2011-06-08 09:13:10  wikidb:
2011-06-08 09:13:10  wikidb: Entering authenticate
2011-06-08 09:13:10  wikidb:
2011-06-08 09:13:10  wikidb: Entering Connect
2011-06-08 09:13:10  wikidb: It looks like you are issing LDAP support; please ensure you have either compiled LDAP support in, or have enabled the module. If the authentication is working for you, the plugin isn't properly detecting the LDAP module, and you can safely ignore this message.
2011-06-08 09:13:10  wikidb: Failed to connect
2011-06-08 09:13:10  wikidb: Entering allowPasswordChange
2011-06-08 09:13:10  wikidb: Entering modifyUITemplate
LIVE hzzq29@8915MN0W-VM009:/opt/app/apache2.2.8/htdocs/aspirewiki>

Can anyone help with this? I think I have not properly enabled Ldap but the Ldap plugin is installed and called so Im not sure what else I can do? Any help would be great.

Thanks! :)

Edited by Wargo 21:34, 12 October 2013 10 years ago
Ryan lane (talkcontribs)

The debug output says you are missing ldap support in php. You'll need to install that for anything else to work. On ubuntu you need to "apt-get install php5-ldap", on fedora, centos, or RHEL, you need to "yum install php-ldap".

17:35, 9 June 2011 12 years ago
81.144.34.196 (talkcontribs)

Hi Ryan, thanks for the respone. My Skills are very basic, would you be able to explain a little further how I would follow through with "apt-get install php5-ldap"? Do I just type this into my command prompt via putty? Thanks.

Asif.

12:45, 13 June 2011 12 years ago
Ryan lane (talkcontribs)

yeah. type that in as root.

00:23, 14 June 2011 12 years ago
81.144.34.196 (talkcontribs)

Hi I get another error in my putty terminal when i sign in as root an enter apt-get install php5-ldap. The error is: "bash: apt-get: command not found". Any ideas how to get around this? Thanks.

08:30, 14 June 2011 12 years ago
81.144.34.196 (talkcontribs)

Is this error to do with the flavour of Linux I am running on? I am on Sles 10, is that why the apt-get command is not recognised?

10:29, 14 June 2011 12 years ago
Ryan lane (talkcontribs)

This is way outside of the scope of the help I can give. You need to get a Linux admin book, or ask on the forums or support contract of your distro. Sorry.

21:24, 21 June 2011 12 years ago
81.144.34.196 (talkcontribs)

Hi I have now managed to get past the previous problem but I am now encountering errors with the bind, any ideas what I could do? Thanks

require_once(/opt/app/apache2.2.8/htdocs/aspirewiki/extensions/LdapAuthentication/LdapAuthentication.php”);
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDebug = 5;
$wgDebugLogGroups["ldap"] = /opt/app/apache2.2.8/htdocs/aspirewiki/debug11.log”;
$wgLDAPDomainNames=array( “domain” );
$wgLDAPServerNames = array(“domain” => “adserver.domain.net” );
$wgUseLocal = false;
$wgLDAPEncryptionType = array(“domain” => “clear”);
#$wgLDAPProxyAgent = array(“domain”=>”cn=[domain.net],ou=[domain.net],ou=[domain.net],DC=[domain.net],DC=[domain.net],DC=[domain.net]“);
$wgLDAPBaseDNs = array(“OU=[domain.net],OU=[domain.net],dc=[domain.net],dc=[domain.net],dc=[domain.net]);
$wgLDAPSearchAttributes = array( “domain.net” => ‘sAMAccountName’);
#$wgLDAPSearchStrings = array( “domain” => “USER-NAME@domain.net” );
$wgLdapSearchStrings = array( “domain.net” => “domain\\USER-NAME” );

Debug Log

2011-06-30 13:26:30 wikidb: 1.2e Entering validDomain
2011-06-30 13:26:30 wikidb: 1.2e User is using a valid domain (domain).
2011-06-30 13:26:30 wikidb: 1.2e Setting domain as: domain
2011-06-30 13:26:30 wikidb: 1.2e Entering getCanonicalName
2011-06-30 13:26:30 wikidb: 1.2e Username isn’t empty.
2011-06-30 13:26:30 wikidb: 1.2e Munged username: Cg10223
2011-06-30 13:26:30 wikidb: 1.2e Entering userExists
2011-06-30 13:26:30 wikidb: 1.2e
2011-06-30 13:26:30 wikidb: 1.2e Entering authenticate
2011-06-30 13:26:30 wikidb: 1.2e
2011-06-30 13:26:30 wikidb: 1.2e Entering Connect
2011-06-30 13:26:30 wikidb: 1.2e Using TLS or not using encryption.
2011-06-30 13:26:30 wikidb: 1.2e Using servers: ldap://adserver.domain.net
2011-06-30 13:26:30 wikidb: 1.2e Connected successfully
2011-06-30 13:26:30 wikidb: 1.2e Entering getSearchString
2011-06-30 13:26:30 wikidb: 1.2e Doing an anonymous bind
2011-06-30 13:26:30 wikidb: 1.2e Failed to bind as
2011-06-30 13:26:30 wikidb: 1.2e with password:
2011-06-30 13:26:30 wikidb: 1.2e Failed to bind
2011-06-30 13:26:30 wikidb: 1.2e User DN is blank
2011-06-30 13:26:30 wikidb: 1.2e Entering allowPasswordChange
2011-06-30 13:26:30 wikidb: 1.2e Entering modifyUITemplate
2011-06-30 13:26:35 wikidb: 1.2e Entering validDomain
2011-06-30 13:26:35 wikidb: 1.2e User is using a valid domain (domain).
2011-06-30 13:26:35 wikidb: 1.2e Setting domain as: domain
2011-06-30 13:26:35 wikidb: 1.2e Entering getCanonicalName
2011-06-30 13:26:35 wikidb: 1.2e Username isn’t empty.
2011-06-30 13:26:35 wikidb: 1.2e Munged username: Cg10223
2011-06-30 13:26:35 wikidb: 1.2e Entering userExists
2011-06-30 13:26:35 wikidb: 1.2e
2011-06-30 13:26:35 wikidb: 1.2e Entering authenticate
2011-06-30 13:26:35 wikidb: 1.2e
2011-06-30 13:26:35 wikidb: 1.2e Entering Connect
2011-06-30 13:26:35 wikidb: 1.2e Using TLS or not using encryption.
2011-06-30 13:26:35 wikidb: 1.2e Using servers: ldap://adserver.domain.net
2011-06-30 13:26:35 wikidb: 1.2e Connected successfully
2011-06-30 13:26:35 wikidb: 1.2e Entering getSearchString
2011-06-30 13:26:35 wikidb: 1.2e Doing an anonymous bind
2011-06-30 13:26:35 wikidb: 1.2e Failed to bind as
2011-06-30 13:26:35 wikidb: 1.2e with password:
2011-06-30 13:26:35 wikidb: 1.2e Failed to bind
2011-06-30 13:26:35 wikidb: 1.2e User DN is blank
2011-06-30 13:26:35 wikidb: 1.2e Entering allowPasswordChange
2011-06-30 13:26:35 wikidb: 1.2e Entering modifyUITemplate
Edited by Wargo 21:27, 12 October 2013 10 years ago
Ryan lane (talkcontribs)

Remove or comment the line with $wgLDAPSearchAttributes

20:26, 6 July 2011 12 years ago
81.144.34.196 (talkcontribs)

I did that so the code now looks like the following. Have I set up the Proxy agent and BaseDNs incorrectly? A user has logged in as xx12345@domain.net? Thanks.

#Change Authoruthentication
require_once("/opt/app/apache2.2.8/htdocs/aspirewiki/extensions/LdapAuthentication/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDebug = 5;
$wgDebugLogGroups["ldap"] = "/opt/app/apache2.2.8/htdocs/aspirewiki/debug11.log";
$wgLDAPDomainNames=array( "hmrcmis" );
$wgLDAPServerNames = array("hmrcmis" => "adserver.hmrcmis.net" );
$wgUseLocal = false;
$wgLDAPEncryptionType = array("hmrcmis" => "clear");
$wgLDAPProxyAgent = array("hmrcmis"=>"cn=[hmrcmis.net],ou=[hmrcmis.net],DC=[hmrcmis.net]");
$wgLDAPBaseDNs = array('hmrcmis' => 'ou=Users,dc=hmrcmis,dc=net');
$wgLDAPSearchStrings = array( "hmrcmis" => "USER-NAME@hmrcmis.net" );

and the debug says:

2011-07-08 09:29:13  wikidb: 1.2e Entering validDomain
2011-07-08 09:29:13  wikidb: 1.2e User is using a valid domain (hmrcmis).
2011-07-08 09:29:13  wikidb: 1.2e Setting domain as: hmrcmis
2011-07-08 09:29:13  wikidb: 1.2e Entering getCanonicalName
2011-07-08 09:29:13  wikidb: 1.2e Username isn't empty.
2011-07-08 09:29:13  wikidb: 1.2e Munged username: Cg10223
2011-07-08 09:29:13  wikidb: 1.2e Entering userExists
2011-07-08 09:29:13  wikidb: 1.2e
2011-07-08 09:29:13  wikidb: 1.2e Entering authenticate
2011-07-08 09:29:13  wikidb: 1.2e
2011-07-08 09:29:13  wikidb: 1.2e Entering Connect
2011-07-08 09:29:13  wikidb: 1.2e Using TLS or not using encryption.
2011-07-08 09:29:13  wikidb: 1.2e Using servers:  ldap://adserver.hmrcmis.net
2011-07-08 09:29:13  wikidb: 1.2e Connected successfully
2011-07-08 09:29:13  wikidb: 1.2e Entering getSearchString
2011-07-08 09:29:13  wikidb: 1.2e Doing a proxy bind
2011-07-08 09:29:13  wikidb: 1.2e Failed to bind as cn=[hmrcmis.net],ou=[hmrcmis.net],DC=[hmrcmis.net]
2011-07-08 09:29:13  wikidb: 1.2e with password:
2011-07-08 09:29:13  wikidb: 1.2e Failed to bind
2011-07-08 09:29:13  wikidb: 1.2e User DN is blank
2011-07-08 09:29:13  wikidb: 1.2e Entering allowPasswordChange
2011-07-08 09:29:13  wikidb: 1.2e Entering modifyUITemplate
Edited by Wargo 21:28, 12 October 2013 10 years ago
Ryan lane (talkcontribs)

If you want to use a proxyagent, you need to also set the proxyagent password.

19:45, 11 July 2011 12 years ago
81.144.34.196 (talkcontribs)

I have now commented out the proxy agent but still the same error? I have tried to modify the code again.

require_once("/opt/app/apache2.2.8/htdocs/aspirewiki/extensions/LdapAuthentication/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDebug = 5;
$wgDebugLogGroups["ldap"] = "/opt/app/apache2.2.8/htdocs/aspirewiki/debug11.log";
$wgLDAPDomainNames=array( "domain" );
$wgLDAPServerNames = array("domain" => "domain.net:389" );
$wgUseLocal = false;
$wgLDAPEncryptionType = array("domain" => "clear");
#$wgLDAPProxyAgent = array("domain"=>"cn=[domain.net],ou=[domain.net],DC=[domain.net]");
$wgLDAPBaseDNs = array('domain' => 'ou=End User,dc=domain,dc=net');
#$wgLDAPSearchAttributes = array( "domain" => 'sAMAccountName');
$wgLDAPSearchStrings = array( "domain" => "USER-NAME@domain.net" );
#$wgLdapSearchStrings = array( "domain.net" => "domain\\USER-NAME" );
2011-07-12 09:38:09  wikidb: 1.2e Entering validDomain
2011-07-12 09:38:09  wikidb: 1.2e User is using a valid domain (domain).
2011-07-12 09:38:09  wikidb: 1.2e Setting domain as: domain
2011-07-12 09:38:09  wikidb: 1.2e Entering getCanonicalName
2011-07-12 09:38:09  wikidb: 1.2e Username isn't empty.
2011-07-12 09:38:09  wikidb: 1.2e Munged username: Cg10223
2011-07-12 09:38:09  wikidb: 1.2e Entering userExists
2011-07-12 09:38:09  wikidb: 1.2e
2011-07-12 09:38:09  wikidb: 1.2e Entering authenticate
2011-07-12 09:38:09  wikidb: 1.2e
2011-07-12 09:38:09  wikidb: 1.2e Entering Connect
2011-07-12 09:38:09  wikidb: 1.2e Using TLS or not using encryption.
2011-07-12 09:38:09  wikidb: 1.2e Using servers:  ldap://domain.net:389
2011-07-12 09:38:09  wikidb: 1.2e Connected successfully
2011-07-12 09:38:09  wikidb: 1.2e Entering getSearchString
2011-07-12 09:38:09  wikidb: 1.2e Doing a straight bind
2011-07-12 09:38:09  wikidb: 1.2e userdn is: Cg10223@domain.net
2011-07-12 09:38:09  wikidb: 1.2e
2011-07-12 09:38:09  wikidb: 1.2e Binding as the user
2011-07-12 09:38:09  wikidb: 1.2e Failed to bind as Cg10223@domain.net
2011-07-12 09:38:09  wikidb: 1.2e with password: Pakistan00
2011-07-12 09:38:09  wikidb: 1.2e Entering allowPasswordChange
2011-07-12 09:38:09  wikidb: 1.2e Entering modifyUITemplate
09:43, 12 July 2011 12 years ago
81.144.34.196 (talkcontribs)

Still no luck with this, any ideas what to do next? Thnx.

12:35, 27 July 2011 12 years ago
193.61.220.3 (talkcontribs)

Yes, SLES is an RPM-based distro, not Debian based.

On .deb Linux systems the command would be:

apt-get install php5-ldap

On RPM-based Linux systems, the command would be:

yum install php-ldap

(or php53-ldap if you're running PHP5.3)

09:03, 7 July 2011 12 years ago
Retrieved from "https://www.mediawiki.org/wiki/Topic:Q0fjkns42fhwhu1v"