Topic on Extension talk:LDAP Authentication

Blank Page on wiki on trying LDAPAuthentication Plugin

4 comments • 00:16, 15 May 2012 11 years ago
4
130.194.81.1 (talkcontribs)

Hey Guys

New to mediawiki

Using version : mediawiki-1.16.5 (Due to old PHP on server, cannot modify that)

Purpose: Trying to use the plugin so that only people who can authenticate using LDAP can SEE and EDIT the wiki. I can do that right? Or perhaps base the wiki on a group which can edit / see / access??

What I did :

  1. Installed php-ldap on RHEL
  2. Downloaded LdapAuthentication-master-de08928.tar.gz
  3. Copied content to extensions/LdapAuthentication/
extensions/LdapAuthentication/README
extensions/LdapAuthentication/LdapAuthentication.i18n.php
extensions/LdapAuthentication/LdapAutoAuthentication.php
extensions/LdapAuthentication/.gitreview
extensions/LdapAuthentication/LdapAuthentication.php
  1. Edited LocalSettings.php
  2. Put the following at the END of the file
require_once '$IP/extensions/LdapAuthentication/LdapAuthentication.php';

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array(
 'exampleNonADDomain'
);

$wgLDAPServerNames = array(
 'exampleNonADDomain' => 'directory.XXXXXXXX.com'
);

$wgLDAPSearchAttributes = array(
 'exampleNonADDomain' => 'uid'
);

$wgLDAPBaseDNs = array(
 'exampleNonADDomain' => 'ou=abcd, o=efgh, c=com'
);

$wgLDAPEncryptionType = array(
 'exampleNonADDomain' => 'clear'
);

I also Tried

$wgLDAPProxyAgent =  array(
 'exampleNonADDomain' => 'cn=Manager'
);

$wgLDAPProxyAgentPassword = array(
 'exampleNonADDomain' => 'eX@mP1eP$$wRd'
);

But didn't help Now when I open the wiki page, it comes up BLANK. Without the above code it works fine

I want to do the following

  1. Wiki users can ONLY login via authenticating against LDAP server. No one else can register or use wiki. ALL users are in many subtrees under "ou=abcd, o=efgh, c=com"
  2. Probably control access to a group on LDAP (if it can be done).. so only those users IN THAT GROUP, can edit / view wiki

Please help.. new to all of this..

Cheers

Reply Edited by 27.32.193.38 11:30, 14 May 2012 11 years ago
130.194.236.111 (talkcontribs)

Ok.. Now I have got passed the blank page..

But now it does not authenticate

debug.log

2012-05-14 08:51:17  wiki-wiki: 2.0a Entering validDomain
2012-05-14 08:51:17  wiki-wiki: 2.0a User is using a valid domain (testLDAPdomain).
2012-05-14 08:51:17  wiki-wiki: 2.0a Setting domain as: testLDAPdomain
2012-05-14 08:51:17  wiki-wiki: 2.0a Entering getCanonicalName
2012-05-14 08:51:17  wiki-wiki: 2.0a Username is: testuser
2012-05-14 08:51:17  wiki-wiki: 2.0a Munged username: testuser
2012-05-14 08:51:17  wiki-wiki: 2.0a Entering userExists
2012-05-14 08:51:17  wiki-wiki: 2.0a
2012-05-14 08:51:17  wiki-wiki: 2.0a Entering authenticate for username testuser
2012-05-14 08:51:17  wiki-wiki: 2.0a
2012-05-14 08:51:17  wiki-wiki: 2.0a Entering Connect
2012-05-14 08:51:17  wiki-wiki: 2.0a It looks like you are missing LDAP support; please ensure you have either compiled LDAP support in, or have enabled the module. If the  authentication is working for you, the plugin isn't properly detecting the LDAP module, and you can safely ignore this message.
2012-05-14 08:51:17  wiki-wiki: 2.0a Entering allowPasswordChange
2012-05-14 08:51:17  wiki-wiki: 2.0a Entering modifyUITemplate

BUT

I have installed php-ldap on RHEL5

cat /etc/php.d/ldap.ini 
; Enable ldap extension module
extension=ldap.so
php -v
PHP 5.1.6 (cli) (built: May  3 2012 17:38:00) 
yum install php-ldap
Loaded plugins: rhnplugin, security
Setting up Install Process
Package php-ldap-5.1.6-34.el5_8.x86_64 already installed and latest version
Nothing to do

Here is the LocalSettings.php

#Ldap Authentication Plugin
require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array(
 "testLDAPdomain"
 );
$wgLDAPServerNames = array(
 "testLDAPdomain"=>"DIRECTORY.com"
 );
$wgLDAPEncryptionType = array(
 "testLDAPdomain"=>"clear"
 );
$wgLDAPSearchAttributes = array(
 "testLDAPdomain"=>"uid"
 );
$wgLDAPBaseDNs = array(
 "testLDAPdomain"=>"ou=xxx, o=xxxx, c=com"
 );
$wgLDAPDebug = 99;
$wgDebugLogGroups["ldap"] = "/tmp/debug.log" ;
$wgLocaltimezone = 'EST';


What am I doing wrong here??

Again, to reiterate..

I want to do the following

1) Wiki users can ONLY login via authenticating against LDAP server. No one else can register or use wiki. ALL users are in many subtrees under "ou=xxx, o=xxxx, c=com"

2) Probably control access to a group on LDAP (if it can be done).. so only those users IN THAT GROUP, can edit / view wiki

Please help.. new to all of this..

Reply Edited 09:03, 14 May 2012 11 years ago
Ryan lane (talkcontribs)

Until you fix the "2012-05-14 08:51:17 wiki-wiki: 2.0a It looks like you are missing LDAP support; please ensure you have either compiled LDAP support in, or have enabled the module. If the authentication is working for you, the plugin isn't properly detecting the LDAP module, and you can safely ignore this message." problem, there isn't much I can do to help you.

Reply 17:43, 14 May 2012 11 years ago
130.194.81.1 (talkcontribs)

Fixed..

I just had to restart httpd for it to refresh its php settings.. which in turn loaded the ldap.ini

for anyone else.. create a page called php.info with the following

<?php
phpinfo();
?>

The load the page in your browser.. u should be able to see the following

A ldap section on its on in the page AND
additional .ini files parsed -- having /etc/php.d/ldap.ini in it

The above is done on RHEL5 based..

Now next step is to do group wise access..

Reply Edited 00:16, 15 May 2012 11 years ago
Reply to "Blank Page on wiki on trying LDAPAuthentication Plugin"
Retrieved from "https://www.mediawiki.org/wiki/Topic:Qlin52rhtcfwyyq3"