I am looking for a method of authenticating against Active Directory and possibly group permissions. Is this do-able? Does anybody have any experience making MediaWiki authenticate against Microsoft Active Directory? If so does it work well? Will this "deactivate" all ready existing MediaWiki accounts?
I have looked into and tried implementing the LDAP Authentication plugin and I am receiving errors. I am using WAMP (Windows, Apache 2.2.4, MySQL 5.0.45, PHP 5.2.3) and MediaWiki 1.10.1.
I have already done the following:
1. Copied LdapAuthentication.php to /extensions 2. Added the following to LocalSettings.php: # # Active Directory Authentication # require_once( "extensions/LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPDomainNames = array( "XORANTECH" ); $wgLDAPServerNames = array( "XORANTECH"=>"dcxoran.xorantech.local" ); $wgLDAPEncryptionType = array( "XORANTECH"=>"ssl" ); $wgLDAPRetrievePrefs = array( "XORANTECH"=>true ); //<- this is how to do it $wgMinimalPasswordLength = 1; $wgLDAPSearchStrings = array( "XORANTECH"=>"XORANTECH\USER-NAME" ); $wgLDAPDebug = 3; //for debugging $wgShowExceptionDetails = true; //for debugging MediaWiki
3. Copied the following files from the PHP directory to the Windows System directory (C:%windir%\system32) o libeay32.dll o ssleay32.dll
4. Uncomment the following lines in php.ini: o extension=php_ldap.dll o extension=php_openssl.dll
5. Created directory C:\OpenLDAP\sysconf and created file named ldap.conf. In this File added "TLS_REQCERT never" in the first line.
When I try logging in using domain username/password I get the following debug:
Entering validDomain User is using a valid domain. Setting domain as: XORANTECH Entering getCanonicalName Username isn't empty. Munged username: jspirko Entering userExists Entering authenticate Entering Connect Using SSL Using servers: ldaps://dcxoran.xorantech.local
Then is just stops there with a blank white screen with the above debug info on it. Any ideas??
Thanks.
----------------------------------- Jason Spirko Systems Administrator Xoran Technologies
.................................................................................... This message (including any attachments) contains confidential and proprietary information intended only for the addressee. If you are not the intended recipient, please notify the sender immediately by responding to this e-mail, and delete this message and attachments from your system. If you have any questions about this e-mail please notify the sender immediately. Any unauthorized disclosure, copying, distribution or reliance on the contents of this information is strictly prohibited and may constitute a violation of law.
I am looking for a method of authenticating against Active Directory
and
possibly group permissions. Is this do-able? Does anybody have any experience making MediaWiki authenticate against Microsoft Active Directory? If so does it work well? Will this "deactivate" all ready existing MediaWiki accounts?
I've heard many accounts of it working pretty well, even under WAMP w/AD.
I have looked into and tried implementing the LDAP Authentication
plugin
and I am receiving errors. I am using WAMP (Windows, Apache 2.2.4,
MySQL
5.0.45, PHP 5.2.3) and MediaWiki 1.10.1.
I have already done the following:
Copied LdapAuthentication.php to /extensions
Added the following to LocalSettings.php:
# # Active Directory Authentication # require_once( "extensions/LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPDomainNames = array( "XORANTECH" ); $wgLDAPServerNames = array(
"XORANTECH"=>"dcxoran.xorantech.local"
); $wgLDAPEncryptionType = array( "XORANTECH"=>"ssl" ); $wgLDAPRetrievePrefs = array( "XORANTECH"=>true ); //<- this is
how
to do it $wgMinimalPasswordLength = 1; $wgLDAPSearchStrings = array(
"XORANTECH"=>"XORANTECH\USER-NAME" );
$wgLDAPDebug = 3; //for debugging $wgShowExceptionDetails = true; //for debugging MediaWiki
You don't have group syncing or restriction enabled, but the settings look fine for authentication and preference pulling.
- Copied the following files from the PHP directory to the Windows
System
directory (C:%windir%\system32) o libeay32.dll o ssleay32.dll
- Uncomment the following lines in php.ini: o extension=php_ldap.dll o extension=php_openssl.dll
Do these exist anywhere by default or do they need to be installed separately (does openssl have to be installed?)? I'm not terribly familiar with WAMP.
- Created directory C:\OpenLDAP\sysconf and created file named
ldap.conf.
In this File added "TLS_REQCERT never" in the first line.
I remember hearing something about openldap hard coding a path to ldap.conf on windows, although this is probably the right path, it may be worth double checking.
Also, notice that although it'll be easier to get the plugin working with "TLS_REQCERT never", you are turning off a legitimate security check. I don't know if this works with WAMP or not, but if you can get it working with this security check enabled, you probably should. Truth be told, if you trust your network isn't susceptible to man in the middle attacks, it is probably alright to leave it like this.
When I try logging in using domain username/password I get the
following
debug:
Entering validDomain User is using a valid domain. Setting domain as: XORANTECH Entering getCanonicalName Username isn't empty. Munged username: jspirko Entering userExists Entering authenticate Entering Connect Using SSL Using servers: ldaps://dcxoran.xorantech.local
Then is just stops there with a blank white screen with the above
debug
info on it. Any ideas??
It is either a problem with php_ldap, or php_openssl; try doing clear-text authentication (please for all that is holy don't leave it like this though). If mediawiki doesn't crash, it is php_openssl and/or php_ldap, if mediawiki does crash, it is php_ldap.
It may be possible to put explicit checks in, and have the plugin fail gracefully if those modules aren't available. I may have to check on this (adding to the todo list).
V/r,
Ryan Lane
Hello MediaWiki gurus,
I have a contributor/user who reports that external links are loading in the same page as the wiki for him. They don't for me, but I'm assuming this has to do with his browser settings. Yet, other sites he visits do load external links into new browsers.
Is there a way I can force external links to open in a new browser or tab using either the mediawiki link syntax, or in the config settings?
Thanks, Scott http://pipedia.org
mediawiki-l@lists.wikimedia.org