Hi!
I'd like to authenticate users against a kerberos server. Apache
serving this mediawiki is already authenticating users using
kerberos. This works. But ...
None of the users known to LDAP do have access to the wiki. All are
prompted to authenticate before changing pages (but all are
authenticated already, because the whole server forces SSL/TLS and
authentication via kerberos before access to any page hosted).
Now:
- how can I verify my LDAP configuration?
I can access ldap using
ldapsearch -Y GSSAPI
the groups allowed access are found. I've entered into
LocalSettings.php:
require_once( "$IP/extensions/LdapAuthentication\
/LdapAutoAuthentication.php" );
require_once( "$IP/extensions/LdapAuthentication\
/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();
# Connect to LDAP server
$wgLDAPDomainNames = array( "EX" );
$wgLDAPServerNames = array( "EX" => "srv.example.com" );
$wgLDAPBaseDNs = array( "EX"=>"dc=EX,dc=de" );
$wgLDAPSearchStrings = array( "EX" => \
"uid=USER-NAME,ou=Users,dc=EX,dc=de" );
$wgLDAPSearchAttributes = array( "EX" => "uid" );
$wgLDAPEncryptionType = array( "EX" => "clear" );
# Group based access
$wgLDAPGroupsUseMemberOf = array( "EX" => true );
$wgLDAPRequiredGroups = array( "EX" =>
array("cn=wiki,ou=Groups,dc=EX,dc=de") );
$wgLDAPGroupUseFullDN = array( "EX" => true );
$wgLDAPGroupObjectClass = array( "EX" => "posixGroup" );
$wgLDAPGroupAttribute = array( "EX" => "memberUid" );
$wgLDAPGroupNameAttribute = array( "EX" => "cn" );
$wgLDAPGroupSearchNestedGroups = array( "EX" => false );
# Permissions
$wgLDAPUseLDAPGroups = array( "EX" => true );
$wgGroupPermissions['wiki-edit']['edit'] = true;
$wgGroupPermissions['wiki-admin'] = $wgGroupPermissions['sysop'];
# Retrive preferences from LDAP
$wgLDAPRetrievePrefs = array( "EX" => true );
$wgLDAPPreferences = array( "EX" => array( "email" => \
"mail", "realname" => "cn", "nickname" =>
"uid" ) );
# Auth against
$wgLDAPAutoAuthDomain = "EX";
$wgLDAPAutoAuthUsername = preg_replace( '/@.*/', '',\
$_SERVER["REMOTE_USER"] );
AutoAuthSetup();
--
Thomas