Hello I am trying to configure authentication with ldap zimbra I log
in normally but I'm not getting the usergroups the ldap plugin always
set the first letter of the username in upper case due to this, can't
find the groups, is there a way to fix this?
require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array("domain.com.br");
$wgLDAPDebug = 3; $wgDebugLogGroups["ldap"] = "/tmp/ldap.log" ;
$wgLDAPBaseDNs = array("domain.com.br" =>
"ou=people,dc=domain,dc=com,dc=br");
$wgLDAPServerNames = array("domain.com.br" => "xxx.xxx.xxx.xxx");
$wgLDAPSearchAttributes = array("domain.com.br" => "uid");
//$wgLDAPSearchAttributes = array("domain.com.br" => "memberUid");
$wgLDAPEncryptionType = array("domain.com.br" => "clear");
//$wgLDAPProxyAgent = array("domain.com.br" =>
"uid=wiki,ou=People,dc=domain,dc=com,dc=br");
$wgLDAPProxyAgent = array("domain.com.br" => "cn=config");
//$wgLDAPProxyAgentPassword = array("domain.com.br" =>
"PaSSWoRd");
$wgLDAPProxyAgentPassword = array("domain.com.br" => "PaSSwORD");
//$wgLDAPGroupObjectclass = array("domain.com.br" =>
"posixGroup");
//$wgLDAPUseLocal = array("domain.com.br") => "false");
$wgLDAPUseLocal = false;
$wgLDAPRetrievePrefs = false;
$wgLDAPGroupAttribute = array("domain.com.br" => "memberUid" );
$wgLDAPGroupSearchNestedGroups = array("domain.com.br" =>
"false");
$wgLDAPGroupNameAttribute = array("domain.com.br" => "cn");
$wgLDAPGroupBaseDNs = array("domain.com.br" =>
"ou=groups,dc=domain,dc=com,dc=br");
$wgLDAPUseLDAPGroups = array("domain.com.br" => "true");
$wgLDAPLocallyManagedGroups = array("domain.com.br" => array(
"cn=telefonia,ou=groups,dc=domain,dc=com,dc=br ",
"cn=diretoria,ou=groups,dc=domain,dc=com,dc=br ",
"cn=comercial,ou=groups,dc=domain,dc=com,dc=br ",
"cn=implantacao,ou=groups,dc=domain,dc=com,dc= br",
"cn=administrativo,ou=groups,dc=domain,dc=com,dc=b r",
"cn=financeiro,ou=groups,dc=domain,dc=com,dc=b r",
"cn=qualidade,ou=groups,dc=domain,dc=com,dc=br ",
"cn=infra,ou=groups,dc=domain,dc=com,dc=br"
),
);
#$wgLDAPRequiredGroups = array("domain.com.br" => array(
# "cn=telefonia,ou=groups,dc=domain,dc=com,dc=br ",
# "cn=diretoria,ou=groups,dc=domain,dc=com,dc=br ",
# "cn=comercial,ou=groups,dc=domain,dc=com,dc=br ",
# "cn=implantacao,ou=groups,dc=domain,dc=com,dc= br",
# "cn=administrativo,ou=groups,dc=domain,dc=com,dc=b r",
# "cn=financeiro,ou=groups,dc=domain,dc=com,dc=b r",
# "cn=qualidade,ou=groups,dc=domain,dc=com,dc=br ",
# "cn=infra,ou=groups,dc=domain,dc=com,dc=br"
# ),
#);
#
Ok, in the log i See..
2012-03-14 23:10:52 wikidb: Entering validDomain
2012-03-14 23:10:52 wikidb: User is using a valid domain.
2012-03-14 23:10:52 wikidb: Setting domain as: domain.com.br
2012-03-14 23:10:52 wikidb: Entering getCanonicalName
2012-03-14 23:10:52 wikidb: Username isn't empty.
2012-03-14 23:10:52 wikidb: Munged username: Username
2012-03-14 23:10:52 wikidb: Entering userExists
2012-03-14 23:10:52 wikidb:
2012-03-14 23:10:52 wikidb: Entering authenticate
2012-03-14 23:10:52 wikidb:
2012-03-14 23:10:52 wikidb: Entering Connect
2012-03-14 23:10:52 wikidb: Using TLS or not using encryption.
2012-03-14 23:10:52 wikidb: Using servers: ldap://xxx.xxx.xxx.xxx
2012-03-14 23:10:52 wikidb: Connected successfully
2012-03-14 23:10:52 wikidb: Entering getSearchString
2012-03-14 23:10:52 wikidb: Doing a proxy bind
2012-03-14 23:10:52 wikidb: Entering getUserDN
2012-03-14 23:10:52 wikidb: Created a regular filter: (uid=Username)
2012-03-14 23:10:52 wikidb: Entering getBaseDN
2012-03-14 23:10:52 wikidb: basedn is not set for this type of entry,
trying to get the default basedn.
2012-03-14 23:10:52 wikidb: Entering getBaseDN
2012-03-14 23:10:52 wikidb: basedn is ou=people,dc=domain,dc=com,dc=br
2012-03-14 23:10:52 wikidb: Using base: ou=people,dc=domain,dc=com,dc=br
2012-03-14 23:10:52 wikidb: Fetched username is not a string (check
your hook code...). This message can be safely ignored if you do not
have the SetUsernameAttributeFromLDAP hook defined.
2012-03-14 23:10:52 wikidb: userdn is:
2012-03-14 23:10:52 wikidb: User DN is blank
2012-03-14 23:10:52 wikidb: Entering allowPasswordChange
2012-03-14 23:10:52 wikidb: Entering modifyUITemplate
at zimbra server.. check the username with low letters:
zimbra@server:~$ ldapsearch -h xxx.xxx.xxx.xx -W -x -LL -D cn=config
memberUid=username ou=groups,dc=domain,dc=com,dc=br
Enter LDAP Password:
version: 1
dn: cn=users,ou=groups,dc=domain,dc=com,dc=br
dn: cn=telefonia,ou=groups,dc=domain,dc=com,dc=br
if check with upper first letter:
zimbra@server:~$ ldapsearch -h xxx.xxx.xxx.xxx -W -x -LL -D cn=config
memberUid=Username ou=groups,dc=domain,dc=com,dc=br
Enter LDAP Password:
version: 1
zimbra@server:~$
Now we know why is not resolving any groups, but where to fix it ?
--
[]'s
Jean Carlos Coelho
tec.jeancarlos(a)gmail.com