I am looking for a method of authenticating against Active Directory and possibly group permissions. Is this do-able? Does anybody have any experience making MediaWiki authenticate against Microsoft Active Directory? If so does it work well? Will this "deactivate" all ready existing MediaWiki accounts?
I have looked into and tried implementing the LDAP Authentication plugin and I am receiving errors. I am using WAMP (Windows, Apache 2.2.4, MySQL 5.0.45, PHP 5.2.3) and MediaWiki 1.10.1.
I have already done the following:
1. Copied LdapAuthentication.php to /extensions 2. Added the following to LocalSettings.php: # # Active Directory Authentication # require_once( "extensions/LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPDomainNames = array( "XORANTECH" ); $wgLDAPServerNames = array( "XORANTECH"=>"dcxoran.xorantech.local" ); $wgLDAPEncryptionType = array( "XORANTECH"=>"ssl" ); $wgLDAPRetrievePrefs = array( "XORANTECH"=>true ); //<- this is how to do it $wgMinimalPasswordLength = 1; $wgLDAPSearchStrings = array( "XORANTECH"=>"XORANTECH\USER-NAME" ); $wgLDAPDebug = 3; //for debugging $wgShowExceptionDetails = true; //for debugging MediaWiki
3. Copied the following files from the PHP directory to the Windows System directory (C:%windir%\system32) o libeay32.dll o ssleay32.dll
4. Uncomment the following lines in php.ini: o extension=php_ldap.dll o extension=php_openssl.dll
5. Created directory C:\OpenLDAP\sysconf and created file named ldap.conf. In this File added "TLS_REQCERT never" in the first line.
When I try logging in using domain username/password I get the following debug:
Entering validDomain User is using a valid domain. Setting domain as: XORANTECH Entering getCanonicalName Username isn't empty. Munged username: jspirko Entering userExists Entering authenticate Entering Connect Using SSL Using servers: ldaps://dcxoran.xorantech.local
Then is just stops there with a blank white screen with the above debug info on it. Any ideas??
Thanks.
----------------------------------- Jason Spirko Systems Administrator Xoran Technologies
.................................................................................... This message (including any attachments) contains confidential and proprietary information intended only for the addressee. If you are not the intended recipient, please notify the sender immediately by responding to this e-mail, and delete this message and attachments from your system. If you have any questions about this e-mail please notify the sender immediately. Any unauthorized disclosure, copying, distribution or reliance on the contents of this information is strictly prohibited and may constitute a violation of law.