Topic on Extension talk:LDAP Authentication

LDAPv3 with Kerberos Authentication

2 comments • 21:21, 8 August 2017 6 years ago
2
Tim Wharton (talkcontribs) 
Hi,
We are using Mediawiki 1.26wmf1 with LdapAuthentication 1.24.
Centos 6.2.
We are trying to authenticate against a Kerberos realm, pulling users from a LDAP v3 directory.
Server apache Kerberos setup is OK. PHP bind to LDAP server works too tested separately.
Configuration /debug follows.
The wiki will not authenticate.
It appears that adding the AutoAuthDomain bit removes the domain chooser. Can't make it work either way.
Must be missing something. Any help appreciated. FYI have tried other encryption types.
Best regards,
Tim.
require_once "$IP/extensions/LdapAuthentication/LdapAutoAuthentication.php";
require_once "$IP/extensions/LdapAuthentication/LdapAuthentication.php";
$wgLDAPDomainNames = array( "rushesfx" );
$wgLDAPServerNames = array( "rushesfx" => "ldap0.rushesfx.co.uk", "rushesfx-kerberos" => "kerberos0.rushesfx.co.uk" );
$wgLDAPEncryptionType = array( "rushesfx" => "clear" );
$wgLDAPSearchStrings = array( "rushesfx" => "uid=USER-NAME,ou=people,dc=rushesfx,dc=co,dc=uk" );
$wgLDAPLowerCaseUsername = array( "rushesfx" => true );
$wgLDAPAutoAuthDomain = "rushesfx-kerberos";
$wgLDAPSearchAttributes = array( "rushesfx" => "uid", "rushesfx-kerberos" => "samaccountname" );
$wgLDAPBaseDNs = array( "rushesfx" => "dc=rushesfx,dc=co,dc=uk", "rushesfx-kerberos" => "dc=rushesfx,dc=co,dc=uk" );
$wgLDAPUseLocal = false;
AutoAuthSetup();
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 User is not using a valid domain ().
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Setting domain as: rushesfx
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getCanonicalName
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Username is: Twharton
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Munged username: Twharton
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getCanonicalName
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Username is an IP, not munging.
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getCanonicalName
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Username is an IP, not munging.
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering userExists
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering authenticate for username Twharton
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering Connect
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Using TLS or not using encryption.
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Using servers:  ldap://ldap0.rushesfx.co.uk:389
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getSearchString
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Doing a straight bind
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 userdn is: uid=twharton,ou=people,dc=rushesfx,dc=co,dc=uk
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Binding as the user
2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Failed to bind as uid=twharton,ou=people,dc=rushesfx,dc=co,dc=uk
Reply Edited 17:44, 10 April 2015 9 years ago
ZFerrini (talkcontribs)

Does anyone even answer these anymore? 2 years is not good response

Reply 21:21, 8 August 2017 6 years ago
Reply to "LDAPv3 with Kerberos Authentication"
Retrieved from "https://www.mediawiki.org/wiki/Topic:Sf5c6qtz1u9z5m5k"