Hi Ryan/All,
Thanks for your prompt response.
Based on your comments I've decided to start a fresh using code
snippets directly from
.
I'm trying to produce some meaningful debug logs, I've added the
following to my localsettings.php file:
$wgLDAPDebug = 3;
$wgDebugLogFile = 'C:\LDAPDebug.log';
require_once ('extensions/LdapAuthentication.php');
$wgAuth = new LdapAuthenticationPlugin();
//LDAP Code from "Single Domain Requiring Search Before Binding"
Including proxy settings.
The only thing I'm getting from LDAPDebug.log is:
LoginForm::attemptAutoCreate: $wgAuth->authenticate() returned false, aborting
And nothing specificly relating to the LDAP. Any pointers as to how I
can generate more meaningful debug logs?
Thanks
David
On Tue, Feb 1, 2011 at 7:34 PM, Ryan Lane <rlane32(a)gmail.com> wrote:
I know what a
lot of people are going to say.... "google it". I have,
but there are many different configuration settings and examples for
different versions of the plugin and different versions of mediawiki,
I've yet to have any success with them, hence why I'm now asking here.
This is why I tell people to only use the official documentation on
mediawiki.org. It's always up to date, and it's fairly in depth
(improvements welcome).
Below is what I've got so far, but it's
not a lot. I've disabled
anonymous access via IIS and enabled windows authentication, but I'm not
getting any single sign on functionality. However, if anyone has
accomplished at least the first two objectives listed above and would be
able to provide me with a "template" of their config (sensitive data
obviously omitted) then I would really appreciate it.
Are you sure the authentication is working?
//
//LDAP Authentication Configuration
//
require_once( "/extensions/LdapAuthentication.php" );
require_once( "/extensions/LdapAutoAuthentication.php" );
//the domain name is any arbitrary name that you will use as a variable
$wgLDAPDomainNames = array("localdomain.local");
//define the fully qualified name of your AD domain
$wgLDAPServerNames = array("localdomain.local"=>"DC1.localdomain.local
DC2.localdomain.local");
$wgLDAPEncryptionType = array("localdomain.local"=>"ssl");
//this is the short name of your domain, not the arbitrary variable
mentioned below
$wgLDAPAutoAuthDomain = "localdomain.local";
//this is how you get the wiki user to be username as opposed to
DOMAIN\username
list($dom,$userid)=split('[\]',$_SERVER['REMOTE_USER']);
$wgLDAPAutoAuthUsername = $userid;
$wgLDAPBaseDNs =
array("localdomain.local"=>"ou=Users,DC=localdomain,dc=local");
$wgLDAPSearchAttributes = array("localdomain.local" =>
"sAMAccountName");
$wgMinimalPasswordLength = 1;
//Group Configuration
$wgLDAPGroupUseFullDN = array( "localdomain.local"=>true );
$wgLDAPGroupObjectclass = array( "localdomain.local"=>"group" );
$wgLDAPGroupAttribute = array( "localdomain.local"=>"member" );
$wgLDAPGroupSearchNestedGroups = array( "localdomain.local"=>false );
$wgLDAPUseLDAPGroups = array( "localdomain.local"=>true );
$wgLDAPGroupNameAttribute = array(
"localdomain.local"=>"cn=sysop,ou=Users,dc=localdomain,dc=local"
);
$wgLDAPGroupNameAttribute = array( "localdomain.local"=>"sysop"
);
AutoAuthSetup();
//this is where you define the credentials necessary to read information
from AD
//you only need this if you want to pull the name, email address and
groups from AD
$wgLDAPProxyAgent = array('localdomain.local'
=>'CN=MediaWikiLDAPSearcher,OU=Users,DC=localdomain,DC=local');
$wgLDAPProxyAgentPassword = array('localdomain.local' =>
'MyLDAPSearcherPassword');
$wgLDAPPreferences =
array("localdomain.local"=>array("email"=>"mail","realname"=>"cn","nickname"=>"givenName"));
I don't see any issues with the configuration. You should enable
debugging and reply with the debug log with sensitive stuff snipped
out.
- Ryan Lane
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l