Ryan,
If you're using wfDebugLog (and not just wfDebug) as per http://www.mediawiki.org/wiki/How_to_debug#Logging, then I suggest you try changing the log file location to somewhere below htdocs as in the example on that page - my experience in this area is limited, but I'm not sure whether an arbitrary location is OK.
/Sam
-----Original Message----- From: mediawiki-l-bounces@lists.wikimedia.org [mailto:mediawiki-l-bounces@lists.wikimedia.org] On Behalf Of Lane, Ryan Sent: 12 August 2009 18:27 To: MediaWiki announcements and site admin list Subject: Re: [Mediawiki-l] MediaWiki/LDAP Authentication/encryption problem
I guess you are referring to the debug file. I have tried this, but still no exit
-rw-rw-r-- 1 apache apache 0 2009-08-12 17:43 debug.log
[snip]
I ahve enabled LocalSettings.php in order to get debug info with:
$wgLDAPDebug=3; $wgDebugLogGroups["ldap"]="/tmp/debug.log";
but the debug.log file is not created
There could be a number of issues with the log not being created. I can't really tell why without more info...
Which version of the plugin are you using? Are you adding these options to the bottom of LocalSettings.php? When you go to the Log in page, does it have a domain list drop down box? Does the LDAP plugin show up as an extension in Special:Version?
The configuration in LocalSettins.php is:
require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "domain" ); $wgLDAPServerNames = array( "domain" => "127.0.0.1" ); #$wgLDAPPasswordHash = array ( "domain" => "ssl" ); $wgLDAPSearchStrings = array( "domain" => "uid=USER-NAME,ou=People,dc=genomica,dc=imppc,dc=org"); $wgLDAPSearchAttributes = array( "domain" => "uid" ); $wgLDAPBaseDNs =
array( "domain" => "dc=domain,dc=foo,dc=org" );
$wgLDAPEncryptionType = array( "domain" => "ssl" );
Have you checked your directory server access logs to see if MediaWiki is trying to connect? When you check your logs, is the system connecting, then immediately disconnecting?
Notice you are using SSL, but you are using an IP address for the host name of the server. This won't work by default. PHP uses the openldap client libraries, and openldap's configuration files for settings. By default openldap requires a full SSL trust. This means the hostname provided needs to match the CN field of the certificate on the LDAP server, and the DNS entry for the LDAP server. Also, openldap needs to trust the root certificate authority of your server's certificate. You can get around these requirements by setting "TLS_REQCERT never" in /etc/openldap/ldap.conf (you need to restart your web server after doing this).
I have a blog entry that goes into a bit of depth on this topic, which I feel are out of the scope of the documentation on mediawiki.org:
http://ryandlane.com/wprdl/2009/06/16/using-the-ldap-authentication-plug in-f or-mediawiki-the-basics-part-2/
That article is kind of an in depth how-to for enabling this for your kind of environment.
BTW, you don't need to set $wgLDAPSearchAttributes or $wgLDAPBaseDNs since you are using straight binds (using $wgLDAPSearchStrings).
V/r,
Ryan Lane
This email was sent to you by Thomson Reuters, the global news and information company. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Thomson Reuters.