Hi,
What are the lines needed for getting Active Directory groups as MW groups? IS that possible? In such a case will the AD groups co-exist with already existing MW groups?
Regards,
Jack Eapen ----------------------------------------------------------------
"People forget how fast you did a job - but they remember how well you did it"
-----Original Message----- From: mediawiki-l-bounces@lists.wikimedia.org [mailto:mediawiki-l-bounces@lists.wikimedia.org] On Behalf Of Lane, Ryan Sent: Thursday, October 18, 2007 6:33 PM To: MediaWiki announcements and site admin list Subject: Re: [Mediawiki-l] How to enable ldap authentication in mediawiki?
$wgLDAPUseSSL = array( "exchangetest"=>"ssl");
This should be:
$wgLDAPEncryptionType = array("exchangetest"=>"ssl");
As of right now you are actually using start_tls, and not ldaps (as the plugin defaults to start_tls for user protection purposes). If you have an SSL cert installed on your AD server, it should have the same effect, but they use different ports, and the encryption is slightly different; notice that not all AD servers are set up to use start_tls. By default AD doesn't use ldaps or start_tls, you are required to install a certificate.
If you have a certificate installed, you may have a certficate trust issue. If you use:
$wgLDAPEncryptionType = array("exchangetest"=>"clear");
and it works, you know this is an SSL issue. I strongly recommend against leaving this as "clear" though.
$wgLDAPUseLocal = false; $wgLDAPDisableAutoCreate = array("exchangetest"=>"false");
These two default to false (pretty much everything defaults to false).
Set:
$wgLDAPDebug = 3;
That will give you debugging info. If you can't figure out the problem, post your debug info with sensitive stuff snipped out.
V/r,
Ryan Lane
_______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
This electronic mail (including any attachment thereto) may be confidential and privileged and is intended only for the individual or entity named above. Any unauthorized use, printing, copying, disclosure or dissemination of this communication may be subject to legal restriction or sanction. Accordingly, if you are not the intended recipient, please notify the sender by replying to this email immediately and delete this email (and any attachment thereto) from your computer system...Thank You
What are the lines needed for getting Active Directory groups as MW groups? IS that possible? In such a case will the AD groups co-exist with already existing MW groups?
See:
http://www.mediawiki.org/wiki/Extension:LDAP_Authentication#Group_option s http://www.mediawiki.org/wiki/Extension:LDAP_Authentication#Group_based_ restrictions_.28NEW.29 http://www.mediawiki.org/wiki/Extension:LDAP_Authentication#Group_synchr onization
It is possible, and the groups will be controlled via LDAP (AD) except for a list of groups you specify.
V/r,
Ryan Lane
mediawiki-l@lists.wikimedia.org