Hello I am trying to configure authentication with ldap zimbra I log in normally but I'm not getting the usergroups the ldap plugin always set the first letter of the username in upper case due to this, can't find the groups, is there a way to fix this?
require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array("domain.com.br"); $wgLDAPDebug = 3; $wgDebugLogGroups["ldap"] = "/tmp/ldap.log" ; $wgLDAPBaseDNs = array("domain.com.br" => "ou=people,dc=domain,dc=com,dc=br"); $wgLDAPServerNames = array("domain.com.br" => "xxx.xxx.xxx.xxx"); $wgLDAPSearchAttributes = array("domain.com.br" => "uid"); //$wgLDAPSearchAttributes = array("domain.com.br" => "memberUid"); $wgLDAPEncryptionType = array("domain.com.br" => "clear"); //$wgLDAPProxyAgent = array("domain.com.br" => "uid=wiki,ou=People,dc=domain,dc=com,dc=br"); $wgLDAPProxyAgent = array("domain.com.br" => "cn=config"); //$wgLDAPProxyAgentPassword = array("domain.com.br" => "PaSSWoRd"); $wgLDAPProxyAgentPassword = array("domain.com.br" => "PaSSwORD"); //$wgLDAPGroupObjectclass = array("domain.com.br" => "posixGroup"); //$wgLDAPUseLocal = array("domain.com.br") => "false"); $wgLDAPUseLocal = false; $wgLDAPRetrievePrefs = false; $wgLDAPGroupAttribute = array("domain.com.br" => "memberUid" ); $wgLDAPGroupSearchNestedGroups = array("domain.com.br" => "false"); $wgLDAPGroupNameAttribute = array("domain.com.br" => "cn"); $wgLDAPGroupBaseDNs = array("domain.com.br" => "ou=groups,dc=domain,dc=com,dc=br"); $wgLDAPUseLDAPGroups = array("domain.com.br" => "true"); $wgLDAPLocallyManagedGroups = array("domain.com.br" => array( "cn=telefonia,ou=groups,dc=domain,dc=com,dc=br ", "cn=diretoria,ou=groups,dc=domain,dc=com,dc=br ", "cn=comercial,ou=groups,dc=domain,dc=com,dc=br ", "cn=implantacao,ou=groups,dc=domain,dc=com,dc= br", "cn=administrativo,ou=groups,dc=domain,dc=com,dc=b r", "cn=financeiro,ou=groups,dc=domain,dc=com,dc=b r", "cn=qualidade,ou=groups,dc=domain,dc=com,dc=br ", "cn=infra,ou=groups,dc=domain,dc=com,dc=br" ), ); #$wgLDAPRequiredGroups = array("domain.com.br" => array( # "cn=telefonia,ou=groups,dc=domain,dc=com,dc=br ", # "cn=diretoria,ou=groups,dc=domain,dc=com,dc=br ", # "cn=comercial,ou=groups,dc=domain,dc=com,dc=br ", # "cn=implantacao,ou=groups,dc=domain,dc=com,dc= br", # "cn=administrativo,ou=groups,dc=domain,dc=com,dc=b r", # "cn=financeiro,ou=groups,dc=domain,dc=com,dc=b r", # "cn=qualidade,ou=groups,dc=domain,dc=com,dc=br ", # "cn=infra,ou=groups,dc=domain,dc=com,dc=br" # ), #); #
Ok, in the log i See..
2012-03-14 23:10:52 wikidb: Entering validDomain 2012-03-14 23:10:52 wikidb: User is using a valid domain. 2012-03-14 23:10:52 wikidb: Setting domain as: domain.com.br 2012-03-14 23:10:52 wikidb: Entering getCanonicalName 2012-03-14 23:10:52 wikidb: Username isn't empty. 2012-03-14 23:10:52 wikidb: Munged username: Username 2012-03-14 23:10:52 wikidb: Entering userExists 2012-03-14 23:10:52 wikidb: 2012-03-14 23:10:52 wikidb: Entering authenticate 2012-03-14 23:10:52 wikidb: 2012-03-14 23:10:52 wikidb: Entering Connect 2012-03-14 23:10:52 wikidb: Using TLS or not using encryption. 2012-03-14 23:10:52 wikidb: Using servers: ldap://xxx.xxx.xxx.xxx 2012-03-14 23:10:52 wikidb: Connected successfully 2012-03-14 23:10:52 wikidb: Entering getSearchString 2012-03-14 23:10:52 wikidb: Doing a proxy bind 2012-03-14 23:10:52 wikidb: Entering getUserDN 2012-03-14 23:10:52 wikidb: Created a regular filter: (uid=Username) 2012-03-14 23:10:52 wikidb: Entering getBaseDN 2012-03-14 23:10:52 wikidb: basedn is not set for this type of entry, trying to get the default basedn. 2012-03-14 23:10:52 wikidb: Entering getBaseDN 2012-03-14 23:10:52 wikidb: basedn is ou=people,dc=domain,dc=com,dc=br 2012-03-14 23:10:52 wikidb: Using base: ou=people,dc=domain,dc=com,dc=br 2012-03-14 23:10:52 wikidb: Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined. 2012-03-14 23:10:52 wikidb: userdn is: 2012-03-14 23:10:52 wikidb: User DN is blank 2012-03-14 23:10:52 wikidb: Entering allowPasswordChange 2012-03-14 23:10:52 wikidb: Entering modifyUITemplate
at zimbra server.. check the username with low letters:
zimbra@server:~$ ldapsearch -h xxx.xxx.xxx.xx -W -x -LL -D cn=config memberUid=username ou=groups,dc=domain,dc=com,dc=br Enter LDAP Password: version: 1
dn: cn=users,ou=groups,dc=domain,dc=com,dc=br dn: cn=telefonia,ou=groups,dc=domain,dc=com,dc=br
if check with upper first letter:
zimbra@server:~$ ldapsearch -h xxx.xxx.xxx.xxx -W -x -LL -D cn=config memberUid=Username ou=groups,dc=domain,dc=com,dc=br Enter LDAP Password: version: 1
zimbra@server:~$
Now we know why is not resolving any groups, but where to fix it ?