Hi
I am trying to implement a mediawiki for our organisation, but have hit a problem that I am unable (so far) to remedy. Your online documentation has been an absolute god send.
I have an implementation in a Virtual Environment that has no restrictions as far as Firewall or Networking is concerned. Using your documentation as a baseline for the LDAP Plugin I have managed to get authentication working using LDAP when setting $wgLDAPEncryptionType = array('internalwiki' => 'clear');. However, when trying to use SSL I hit a problem.
We know that LDAP works on 389 and 636 between the two servers as we have used "LDAP.exe" to connect and bind.
At this point I should provide details on our environment:
DMZ Server
* Windows 2003 R2 32bit
* IIS6.0
* fcgisetup_1.5_rtw_x86.msi
* mysql-essential-5.1.44-win32.msi
* php-5.2.12-nts-win32-installer.msi
* MediaWiki 1.15.2
* LDAPAuthentication Plugin 1.2b
* Root Certificate installed and trusted on the Server
Separate Domain Server
* Windows 2003 R2 Active Directory (Root CA)
My LDAPAuthentication.php file has the following settings:
<?php
require_once("$IP/extensions/LdapAuthentication/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array(' vDomain ');
$wgLDAPServerNames = array('vmdomain' => 'vmad.vDomain.local');
$wgLDAPSearchStrings = array('vmdomain' => 'vmDomain\\USER-NAME');
$wgLDAPEncryptionType = array('vmdomain' => 'ssl');
$wgLDAPGroupUseFullDN = array( "vmdomain"=>true );
$wgLDAPBaseDNs = array( "vmdomain"=>"dc=vmDomain,dc=local" );
$wgLDAPSearchAttributes = array( "vmdomain" => "sAMAccountName");
$wgLDAPGroupObjectclass = array( "vmdomain"=>"group" );
$wgLDAPGroupAttribute = array( "vmdomain"=>"member" );
$wgLDAPGroupNameAttribute = array( "vmdomain"=>"cn" );
$wgLDAPRequiredGroups = array( "vmdomain"=>array("cn=wiki users,ou=application security groups,ou=security,ou=groups,dc=vDomain,dc=local") );
# Enable the "local" option on the login page. Enabled initially so we can use the WikiSysop user. Set to false to remove.
$wgLDAPUseLocal = true;
$wgMinimalPasswordLength = 1;
# Debug options - uncomment to enable detailed debugging
$wgDebugLogGroups["ldap"] = "D:\Logfile\LDAP.log";
$wgLDAPDebug = 6;
?>
These are the results that I get when I try and authenticate.
Clear
2010-05-12 04:08:17 mediawiki: Entering validDomain
2010-05-12 04:08:17 mediawiki: User is using a valid domain.
2010-05-12 04:08:17 mediawiki: Setting domain as: vDomain
2010-05-12 04:08:17 mediawiki: Entering getCanonicalName
2010-05-12 04:08:17 mediawiki: Username isn't empty.
2010-05-12 04:08:17 mediawiki: Munged username: Aadams
2010-05-12 04:08:17 mediawiki: Entering authenticate
2010-05-12 04:08:17 mediawiki:
2010-05-12 04:08:17 mediawiki: Entering Connect
2010-05-12 04:08:17 mediawiki: Using TLS or not using encryption.
2010-05-12 04:08:17 mediawiki: Using servers: ldap://vmad.vDomain.local
2010-05-12 04:08:17 mediawiki: Connected successfully
2010-05-12 04:08:17 mediawiki: Entering getSearchString
2010-05-12 04:08:17 mediawiki: Doing a straight bind
2010-05-12 04:08:17 mediawiki: userdn is: vDomain\Aadams
2010-05-12 04:08:17 mediawiki:
2010-05-12 04:08:17 mediawiki: Binding as the user
2010-05-12 04:08:17 mediawiki: Bound successfully
2010-05-12 04:08:17 mediawiki: Entering getUserDN
2010-05-12 04:08:17 mediawiki: Created a regular filter: (sAMAccountName=Aadams)
2010-05-12 04:08:17 mediawiki: Entering getBaseDN
2010-05-12 04:08:17 mediawiki: basedn is not set for this type of entry, trying to get the default basedn.
2010-05-12 04:08:17 mediawiki: Entering getBaseDN
2010-05-12 04:08:17 mediawiki: basedn is dc=vDomain,dc=local
2010-05-12 04:08:17 mediawiki: Using base: dc=vDomain,dc=local
2010-05-12 04:08:17 mediawiki: Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2010-05-12 04:08:17 mediawiki: Pulled the user's DN: CN=aadams,OU=External,DC=vDomain,DC=local
2010-05-12 04:08:17 mediawiki: Entering getGroups
2010-05-12 04:08:17 mediawiki: Retrieving LDAP group membership
2010-05-12 04:08:17 mediawiki: Searching for the groups
2010-05-12 04:08:17 mediawiki: Entering searchGroups
2010-05-12 04:08:17 mediawiki: Entering getBaseDN
2010-05-12 04:08:17 mediawiki: basedn is not set for this type of entry, trying to get the default basedn.
2010-05-12 04:08:17 mediawiki: Entering getBaseDN
2010-05-12 04:08:17 mediawiki: basedn is dc=vDomain,dc=local
2010-05-12 04:08:17 mediawiki: Search string: (&(member=CN=aadams,OU=External,DC=vDomain,DC=local)(objectclass=group))
2010-05-12 04:08:17 mediawiki: Returned groups: cn=Appl-sec,ou=citrix security groups,ou=security,ou=groups,dc=vDomain,dc=local::cn=wiki users,ou=application security groups,ou=security,ou=groups,dc=vDomain,dc=local
2010-05-12 04:08:17 mediawiki: Entering checkGroups
2010-05-12 04:08:17 mediawiki: Checking for (new style) group membership
2010-05-12 04:08:17 mediawiki: Required groups: cn=wiki users,ou=application security groups,ou=security,ou=groups,dc=vDomain,dc=local
2010-05-12 04:08:17 mediawiki: Checking against: cn=Appl-sec,ou=citrix security groups,ou=security,ou=groups,dc=vDomain,dc=local
2010-05-12 04:08:17 mediawiki: Checking against: cn=wiki users,ou=application security groups,ou=security,ou=groups,dc=vDomain,dc=local
2010-05-12 04:08:17 mediawiki: Found user in a group.
2010-05-12 04:08:17 mediawiki: Entering getPreferences
2010-05-12 04:08:17 mediawiki: Entering synchUsername
2010-05-12 04:08:17 mediawiki: Authentication passed
2010-05-12 04:08:17 mediawiki: Entering updateUser
SSL
2010-05-12 04:09:42 mediawiki: Entering validDomain
2010-05-12 04:09:42 mediawiki: User is not using a valid domain.
2010-05-12 04:09:42 mediawiki: Setting domain as: invaliddomain
2010-05-12 04:09:42 mediawiki: Entering allowPasswordChange
2010-05-12 04:09:42 mediawiki: Entering modifyUITemplate
2010-05-12 04:09:42 mediawiki: Allowing the local domain, adding it to the list.
2010-05-12 04:09:47 mediawiki: Entering validDomain
2010-05-12 04:09:47 mediawiki: User is using a valid domain.
2010-05-12 04:09:47 mediawiki: Setting domain as: vDomain
2010-05-12 04:09:47 mediawiki: Entering getCanonicalName
2010-05-12 04:09:47 mediawiki: Username isn't empty.
2010-05-12 04:09:47 mediawiki: Munged username: Aadams
2010-05-12 04:09:47 mediawiki: Entering authenticate
2010-05-12 04:09:47 mediawiki:
2010-05-12 04:09:47 mediawiki: Entering Connect
2010-05-12 04:09:47 mediawiki: Using SSL
2010-05-12 04:09:47 mediawiki: Using servers: ldaps://vmAD.vDomain.local
2010-05-12 04:09:47 mediawiki: Connected successfully
2010-05-12 04:09:47 mediawiki: Entering getSearchString
2010-05-12 04:09:47 mediawiki: Doing a straight bind
2010-05-12 04:09:47 mediawiki: userdn is: vDomain\Aadams002
2010-05-12 04:09:47 mediawiki:
2010-05-12 04:09:47 mediawiki: Binding as the user
2010-05-12 04:09:47 mediawiki: Failed to bind as vDomain\Aadams
2010-05-12 04:09:47 mediawiki: Entering strict.
2010-05-12 04:09:47 mediawiki: Returning false in strict().
2010-05-12 04:09:47 mediawiki: Entering allowPasswordChange
2010-05-12 04:09:47 mediawiki: Entering modifyUITemplate
2010-05-12 04:09:47 mediawiki: Allowing the local domain, adding it to the list.
Any help that you can provide would be greatly appreciated
Ian Diston
idiston(a)linz.govt.nz
______________________________________________________________________________________________________
This message contains information, which is confidential and may be subject to legal privilege.
If you are not the intended recipient, you must not peruse, use, disseminate, distribute or copy this message.
If you have received this message in error, please notify us immediately (Phone 0800 665 463 or info(a)linz.govt.nz) and destroy the original message.
LINZ accepts no responsibility for changes to this email, or for any attachments, after its transmission from LINZ.
Thank you.
______________________________________________________________________________________________________
Would someone be willing to comment on what activity currently exists on creating tests for the MW software? I notice the "t" directory no longer exists and the "tests" directory had been moved to maintenance. Furthermore, there appears to be more tests in the "tests" directory than there was 9-12 months ago. Is that an indication that someone is working on test development?
Thanks,
Dan Nessett
I have a template with this in it:
'''{{{foo}}}'''
So foo should be bold. If foo has no value, guess what appears?
' <---------
--
MK <halfcountplus(a)intergate.com>
Saludos,
Agradecemos mucho la ayuda prestada por *Platonides*,
Efectivamente, en *upload_tmp_dir* de *php.ini* no estaba ningun directorio
predeterminado, asi que agregamos uno de nuestra conveniencia y todo
perfecto.
Muchas gracias
Message: 4
Date: Tue, 11 May 2010 23:28:12 +0200
From: Platonides <Platonides(a)gmail.com>
Subject: Re: [Mediawiki-l] Error al subir archivos.
To: mediawiki-l(a)lists.wikimedia.org
Message-ID: <hsci3f$ara$1(a)dough.gmane.org>
Content-Type: text/plain; charset=ISO-8859-1
El 11/05/10 18:54, Desarrolladores Uifce escribi?:
> Saludos comunidad Mediawiki,
>
> Estamos implementando Mediawiki, pero cuando lo montamos en el servidor,
> hasta ahora todo funciona correctamente, con excepcion de que no se puede
> subir archivos, el mensaje que nos sale es el siguiente:
>
> Titulo de la p?gina: Error interno
>
> Mensaje:
>
> No se pudo encontrar el archivo "C:\WINDOWS\Temp\php3E.tmp".
>
> A quien nos pueda colaborar con esto le quedar?amos muy agradecidos.
>
> Gracias,
>
> Desarrolladores UIFCE
(Wiki gives Internal error, "C:\WINDOWS\Temp\php3E.tmp" not found on upload)
Parece un problema al subir archivos con PHP.
?El servidor web / usuario bajo el que corre php tiene permisos de
escritura en C:\WINDOWS\Temp\? (pod?is cambiar la carpeta a la que sube
los ficheros en php.ini)
?Os funciona la subida de archivos desde un php b?sico?
Hello Mediawiki list,
I posted this question *in more detail at the Wikipedia Reference
Desk*<http://en.wikipedia.org/wiki/Wikipedia:Reference_desk/Computing#Can_I_custo…>,
and the answerer suggested I forward it here. If this is not the right
place to ask this question, please let me know where to go next? Here is
what I posted at the reference desk:
*I'm on the student senate at my school, and we want to customize our
> mediawiki install so it only lets someone create an account (i.e. edit) if
> their email address ends in @[school_name].edu. We also want to force their
> username to be the [first].[last]@ from their email address. Later, we might
> expand this to more schools, so we would want the flexibility to add other
> @[school_name].edu's to have the ability to create accounts.*
>
> *Question 1: Is that possible?*
> *Question 2: Howso? Thanks! *
>
Thanks!
Andrew
I'm currently transforming a single language wiki into a multilingual
wiki and I need the files which were already uploaded in the single
language wiki in the pool wiki. Any suggestions on how to do that?
Perhaps this isn't the forum for this, but I wanted to pose it to you
all anyway to spark some debate and discussion. I understand this may
not be popular with some...
Why isn't Wikimedia or some other non-profit organization creating the
"library" as Jimmy Wales likes to describe Wikia? Aren't the sites on
Wikia knowledge and information just like Wikimedia's sites?...while
you could argue that Wikimedia's sites are more easily classified as
educational, the sites on Wikia do have information that educates on
specific topics.
Why then should we let a commercial company control the "library"
instead of a non-profit? I understand some will argue that the fact
that Wikia is copyleft means they are the good guy in the fight, but I
would argue that they have no skin in the game to make their content
easily accessible for other purposes and make their content easily
digested without a bevy of ads in order to pay for the servers.
Wondering what your thoughts are on this topic.
Bobby
I have a really hard time reading recent changes easily. It is just very chaotic. I wanted to make it more readable, and was sad to see that a lot of what was needed to just apply some css to make it readable was missing.
I was wondering if there is an extension to do this. Right now, I had to make some minor changes to changesList.php to do this.
This is what I wanted as a final result
http://wiki.bildr.org/index.php/Special:RecentChanges
But it would be nice if I didnt have to edit changesList.php to do so.
Hello listmates,
Just wodnering if it is possible to set a Wiki in such a way that some
selected pages (like the login page, for instance) could only be
accessed via the secure interface (HTTPS)?
Thanks,
Boris.