Hello all!
This is my first post, and I need help to do authenticate mediawiki with my Active Directory.
Windows Server 2008 with AD 2008.
Today, I have the authentication with my ldap samba, but, we are change to Active Directory...
I try this lines in the LocalSettings.conf
// LDAP integration - http://www.mediawiki.org/wiki/Extension:LDAP_Authentication require_once( "$IP/extensions/LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPDomainNames = array("corp.com"); $wgLDAPServerNames =array("corp.com" => "serverAD01 serverAD02"); $wgLDAPSearchStrings = array("corp.com" => "uid=USER-NAME,ou=MyUsers,dc=corp,dc=com"); $wgLDAPEncryptionType = array("corp.com" => "ssl"); $wgMinimalPasswordLength = 1; $wgLDAPBaseDNs = array("corp.com" => "ou=MyUsers,dc=corp,dc=com"); $wgLDAPSearchAttributes = array("corp.com" => "sAMAccountName"); $wgLDAPProxyAgent = array("corp.com" => "cn=read_ad,ou=People,dc=corp,dc=com"); $wgLDAPProxyAgentPassword = array("corp.com" => '$passofreadad.,');
Anyone can help me?
Thanks anyway
This is my first post, and I need help to do authenticate mediawiki with my Active Directory.
Windows Server 2008 with AD 2008.
Today, I have the authentication with my ldap samba, but, we are change to Active Directory...
I try this lines in the LocalSettings.conf
// LDAP integration - http://www.mediawiki.org/wiki/Extension:LDAP_Authentication require_once( "$IP/extensions/LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPDomainNames = array("corp.com"); $wgLDAPServerNames =array("corp.com" => "serverAD01 serverAD02"); $wgLDAPSearchStrings = array("corp.com" => "uid=USER-NAME,ou=MyUsers,dc=corp,dc=com"); $wgLDAPEncryptionType = array("corp.com" => "ssl"); $wgMinimalPasswordLength = 1; $wgLDAPBaseDNs = array("corp.com" => "ou=MyUsers,dc=corp,dc=com"); $wgLDAPSearchAttributes = array("corp.com" => "sAMAccountName"); $wgLDAPProxyAgent = array("corp.com" => "cn=read_ad,ou=People,dc=corp,dc=com"); $wgLDAPProxyAgentPassword = array("corp.com" => '$passofreadad.,');
Does your AD server have SSL enabled? By default it isn't enabled. If you do have it enabled, you should check to see if the SSL trust is ok. You should also enable the debug log, so that you can more easily find what is breaking.
- Ryan
Hey, I did it works now....
// LDAP integration - http://www.mediawiki.org/wiki/Extension:LDAP_Authentication require_once ( "$IP/extensions/LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array('corp.com'); $wgLDAPServerNames = array('corp.com' => server01 server02'); $wgLDAPEncryptionType = array('corp.com' => 'clear'); $wgLDAPUseLocal = false; $wgMinimalPasswordLength = 1; $wgLDAPBaseDNs = array('corp.com' => 'OU=Users,DC=corp,DC=com'); $wgLDAPSearchAttributes = array('corp.com' => 'sAMAccountName'); $wgLDAPGroupDN = "CN=Wiki_Access,OU=Group,DC=corp,DC=com"; $wgLDAPProxyAgent = array('corp.com' => "CN=read_ad,OU=People,DC=corp,DC=com"); $wgLDAPProxyAgentPassword = array('corp.com' => 'password'); $wgLDAPRequireAuthAttribute = array('corp.com' => true); $wgLDAPAuthAttribute = array('corp.com' => '!(userAccountControl:1.2.840.113556.1.4.803:=2)');
With this, I can set members of Wiki_Access group by AD and just members os this group can login in the wiki.
Thanks anyway
Diego
________________________________________ De: mediawiki-l-bounces@lists.wikimedia.org [mediawiki-l-bounces@lists.wikimedia.org] em nome de Ryan Lane [rlane32@gmail.com] Enviado: quarta-feira, 29 de dezembro de 2010 14:52 Para: MediaWiki announcements and site admin list Assunto: Re: [Mediawiki-l] auth with AD server 2008
This is my first post, and I need help to do authenticate mediawiki with my Active Directory.
Windows Server 2008 with AD 2008.
Today, I have the authentication with my ldap samba, but, we are change to Active Directory...
I try this lines in the LocalSettings.conf
// LDAP integration - http://www.mediawiki.org/wiki/Extension:LDAP_Authentication require_once( "$IP/extensions/LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPDomainNames = array("corp.com"); $wgLDAPServerNames =array("corp.com" => "serverAD01 serverAD02"); $wgLDAPSearchStrings = array("corp.com" => "uid=USER-NAME,ou=MyUsers,dc=corp,dc=com"); $wgLDAPEncryptionType = array("corp.com" => "ssl"); $wgMinimalPasswordLength = 1; $wgLDAPBaseDNs = array("corp.com" => "ou=MyUsers,dc=corp,dc=com"); $wgLDAPSearchAttributes = array("corp.com" => "sAMAccountName"); $wgLDAPProxyAgent = array("corp.com" => "cn=read_ad,ou=People,dc=corp,dc=com"); $wgLDAPProxyAgentPassword = array("corp.com" => '$passofreadad.,');
Does your AD server have SSL enabled? By default it isn't enabled. If you do have it enabled, you should check to see if the SSL trust is ok. You should also enable the debug log, so that you can more easily find what is breaking.
- Ryan
_______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
-- Esta mensagem foi verificada pelo sistema de antivirus e acredita-se estar livre de perigo.
$wgLDAPDomainNames = array('corp.com'); $wgLDAPServerNames = array('corp.com' => server01 server02'); $wgLDAPEncryptionType = array('corp.com' => 'clear');
You *really* want to get this working with SSL. With this set to clear, you are sending usernames and passwords across the network in clear text. It's a bad idea.
- Ryan
Yes, you are correctly...
My AD uses ssl, but, I set do ssl and it doesn´t work...
I guess that I need to do anything else...
Maybe my apache needs to use ssl?
Any idea?
Thanks ________________________________________ De: mediawiki-l-bounces@lists.wikimedia.org [mediawiki-l-bounces@lists.wikimedia.org] em nome de Ryan Lane [rlane32@gmail.com] Enviado: quarta-feira, 29 de dezembro de 2010 17:58 Para: MediaWiki announcements and site admin list Assunto: Re: [Mediawiki-l] RES: auth with AD server 2008
$wgLDAPDomainNames = array('corp.com'); $wgLDAPServerNames = array('corp.com' => server01 server02'); $wgLDAPEncryptionType = array('corp.com' => 'clear');
You *really* want to get this working with SSL. With this set to clear, you are sending usernames and passwords across the network in clear text. It's a bad idea.
- Ryan
_______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
-- Esta mensagem foi verificada pelo sistema de antivirus e acredita-se estar livre de perigo.
Yes, you are correctly...
My AD uses ssl, but, I set do ssl and it doesn´t work...
I guess that I need to do anything else...
Maybe my apache needs to use ssl?
Well, you definitely want to use ssl for Apache too. There isn't much point in using ssl for ldap if you aren't doing ssl for apache as well. However, that won't fix your ldap/ssl problem. See:
http://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Requirements#Cer...
For how to resolve certificate trust issues.
- Ryan
mediawiki-l@lists.wikimedia.org