Folks,
I am by no means an expert in either PHP, LDAP, Active Directory or a Windows 2003 Administration but I'm trying to set up a proof of concept in a Windows 2003 Active Directory domain which is configured as a domain name of "HOME" with DNS = "home.local" (dns forwarders are configured on this domain)
I have read the pages on LDAP (http://meta.wikimedia.org/wiki/LDAP_Authentication) and LDAP Configuration Examples (http://meta.wikimedia.org/wiki/LDAP_Authentication_Configuration_Examples) and I am in "learning sponge mode" trying to understand the details to get this running.
The configuration required is to disallow anonymous users to read the content pages of the wiki as the wiki will operate in an extranet style configuration. A large percentage of staff are working remotely or externally to the company's infrastructure. To reduce the number of username/passwords staff have to remember I'm trying to have users authenticate against the Windows Active Directory.
As a first attempt to understand the rather steep learning curve in LDAP/AD/PHP I followed the examples provided in the LDAP Authentication Configuration examples and customised for the pilot network I'm using (see below). These setting we copied into the localSettings.php and the DefaultSettings.PHP
require_once( "includes/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "Home" );
$wgLDAPServerNames = array( "HOME"=>"sydaapms37-pede.home.local" );
$wgLDAPSearchStrings = array( "Home"=>"HOME\USER-NAME" );
$wgLDAPUseSSL = true; //not recommended but OK for testing
$wgLDAPUseLocal = false;
$wgMinimalPasswordLength = 1;
$wgLDAPRetrievePrefs = false;
I have created a domain user called "tester1" and added this user to a group called "Wiki" although I don't think I have created any configuration entries related to this user group.
The domain name is displayed as "HOME" on the login page but all user accounts tested (including the windows administrator account) generate the following error: The password you entered is incorrect (or missing). Please try again.
I've also got behaviour where after hitting the login button, I receive a blank page, i.e. it returned nothing, no error message etc, simply a blank page.
I have reached the limits of my knowledge as to where to look/investigate why I cannot log in correctly. The passwords are correct and test accounts cannot be locked out. I have tried changing the $wgLDAPUseSSL from false to true but this makes no difference and I haven't, as far as I'm aware enabled SSL.
If anybody can assist reducing this newbie's learning curve, your assistance would be greatly appreciated
Regards
Shane