I am trying to get the LDAPAuthentication extension working.
I have samba authenticating against my Windows PDC, so the basic setup works.
Now I need to get mediawiki to authenticate against the same PDC.
I have tried following several different guides:
http://www.pickysysadmin.ca/2013/05/13/how-to-configure-mediawiki-to-authent...
http://www.mediawiki.org/wiki/Extension:LDAP_Authentication/AD_Configuration...
and my logins always fail.
What's worse is that there's nothing pertaining to this in any log file that I can find, so I have no idea what is failing.
Does anyone have AD authentication working?
My latest attempt:
require_once ("$IP/extensions/LdapAuthentication/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( 'HPM' );
$wgLDAPServerNames = array( 'HPM' => 'xxx.hpm.yyy' );
$wgLDAPSearchAttributes = array( 'HPM' => 'sAMAccountName' );
$wgLDAPBaseDNs = array( 'HPM' => 'dc=hpm,dc=yyy' );
$wgLDAPEncryptionType = array( 'HPM' => 'ssl' );
$wgMinimalPasswordLength = 1;
yan@seiner.com writes:
I am trying to get the LDAPAuthentication extension working. My latest attempt:...
Here are some other configuration variables you might need.
// Search string for username, if you're using domain\user format in AD $wgLDAPSearchStrings = array( 'HPM' => "HPM\USER-NAME" );
// MediaWiki uses capitalized usernames; perhaps AD uses lowercase? $wgLDAPLowerCaseUsername = array( 'HPM' => true );
// If you're connecting to AD via SSL $wgLDAPEncryptionType = array( 'HPM' => "ssl" );
DanB
yan@seiner.com writes:
I am trying to get the LDAPAuthentication extension working. My latest attempt:...
Here are some other configuration variables you might need.
// Search string for username, if you're using domain\user format in AD $wgLDAPSearchStrings = array( 'HPM' => "HPM\USER-NAME" );
// MediaWiki uses capitalized usernames; perhaps AD uses lowercase? $wgLDAPLowerCaseUsername = array( 'HPM' => true );
// If you're connecting to AD via SSL $wgLDAPEncryptionType = array( 'HPM' => "ssl" );
That worked:
require_once ("$IP/extensions/LdapAuthentication/LdapAuthentication.php"); $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPDomainNames = array( 'HPM'); $wgLDAPServerNames = array( 'HPM' => 'xxx.yyy.com'); $wgLDAPSearchAttributes = array( 'HPM' => 'sAMAccountName'); $wgLDAPBaseDNs = array( 'HPM' => 'dc=hpm,dc=net'); $wgLDAPEncryptionType = array( 'HPM' => 'ssl'); $wgLDAPSearchStrings = array( 'HPM' => "HPM\USER-NAME" ); $wgLDAPPreferences = array('HPM' => array( 'email' => 'mail','realname' => 'displayname')); $wgMinimalPasswordLength = 1;
Now, one more question:
My old users can no longer log in. This means I no longer have an admin user. Is there any way I can use both the AD users and local users?
On Fri, 07 Feb 2014 16:47:47 +0100, yan@seiner.com wrote:
My old users can no longer log in. This means I no longer have an admin user. Is there any way I can use both the AD users and local users?
No idea about this, but you can promote users to admins from command-line: https://www.mediawiki.org/wiki/Manual:CreateAndPromote.php
On Fri, 07 Feb 2014 16:47:47 +0100, yan@seiner.com wrote:
My old users can no longer log in. This means I no longer have an admin user. Is there any way I can use both the AD users and local users?
No idea about this, but you can promote users to admins from command-line: https://www.mediawiki.org/wiki/Manual:CreateAndPromote.php
OK, thanks...
On Feb 7, 2014 11:10 AM, yan@seiner.com wrote:
On Fri, 07 Feb 2014 16:47:47 +0100, yan@seiner.com wrote:
My old users can no longer log in. This means I no longer have an
admin
user. Is there any way I can use both the AD users and local users?
No idea about this, but you can promote users to admins from
command-line:
I don't think that's what you want. You just need to promote an LDAP user?
Could adapt create and promote (to just promote)
See also the docs (below)
-Jeremy
https://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Configuration_O...:
// Allow the use of the local database as well as the LDAP database. // Mostly for transitional purposes. Unless you *really* know what you are doing, // don't use this option. It will likely cause you annoying problems, and // it will cause me annoying support headaches. // Warning: Using this option will allow MediaWiki to leak LDAP passwords into // its local database. It's highly recommended that this setting not be used for // anything other than transitional purposes. // Default: false $wgLDAPUseLocal = false;
yan@seiner.com asks:
My old users can no longer log in. This means I no longer have an admin user. Is there any way I can use both the AD users and local users?
Try this:
// Allow the use of the local database as well as the LDAP database.
$wgLDAPUseLocal = true
But see the important security disclaimers about this option on https://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Configuration_O....
DanB
yan@seiner.com asks:
My old users can no longer log in. This means I no longer have an admin user. Is there any way I can use both the AD users and local users?
Try this:
// Allow the use of the local database as well as the LDAP database.
$wgLDAPUseLocal = true
But see the important security disclaimers about this option on https://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Configuration_O....
Thanks. We already jettisoned all our existing users. It's just simpler that way. :)
mediawiki-l@lists.wikimedia.org