Hi!
I'd like to authenticate users against a kerberos server. Apache serving this mediawiki is already authenticating users using kerberos. This works. But ...
None of the users known to LDAP do have access to the wiki. All are prompted to authenticate before changing pages (but all are authenticated already, because the whole server forces SSL/TLS and authentication via kerberos before access to any page hosted).
Now: - how can I verify my LDAP configuration?
I can access ldap using
ldapsearch -Y GSSAPI
the groups allowed access are found. I've entered into LocalSettings.php:
require_once( "$IP/extensions/LdapAuthentication\ /LdapAutoAuthentication.php" ); require_once( "$IP/extensions/LdapAuthentication\ /LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin();
# Connect to LDAP server $wgLDAPDomainNames = array( "EX" ); $wgLDAPServerNames = array( "EX" => "srv.example.com" ); $wgLDAPBaseDNs = array( "EX"=>"dc=EX,dc=de" ); $wgLDAPSearchStrings = array( "EX" => \ "uid=USER-NAME,ou=Users,dc=EX,dc=de" ); $wgLDAPSearchAttributes = array( "EX" => "uid" ); $wgLDAPEncryptionType = array( "EX" => "clear" );
# Group based access $wgLDAPGroupsUseMemberOf = array( "EX" => true ); $wgLDAPRequiredGroups = array( "EX" => array("cn=wiki,ou=Groups,dc=EX,dc=de") ); $wgLDAPGroupUseFullDN = array( "EX" => true ); $wgLDAPGroupObjectClass = array( "EX" => "posixGroup" ); $wgLDAPGroupAttribute = array( "EX" => "memberUid" ); $wgLDAPGroupNameAttribute = array( "EX" => "cn" ); $wgLDAPGroupSearchNestedGroups = array( "EX" => false );
# Permissions $wgLDAPUseLDAPGroups = array( "EX" => true ); $wgGroupPermissions['wiki-edit']['edit'] = true; $wgGroupPermissions['wiki-admin'] = $wgGroupPermissions['sysop'];
# Retrive preferences from LDAP $wgLDAPRetrievePrefs = array( "EX" => true ); $wgLDAPPreferences = array( "EX" => array( "email" => \ "mail", "realname" => "cn", "nickname" => "uid" ) );
# Auth against $wgLDAPAutoAuthDomain = "EX";
$wgLDAPAutoAuthUsername = preg_replace( '/@.*/', '',\ $_SERVER["REMOTE_USER"] );
AutoAuthSetup();