Hi All,
I've poked through the archives, but I wasn't able to find an answer on this, but it is possible I missed it. I've been running an installation of MediaWiki with the LDAP extension for awhile for a specific department on campus, but now I have another MediaWiki installation that needs LDAP for multiple departments.
In the first installation, I could only get LDAP to work if I defined the full tree in the wgLDAPSearchStrings array. For example,
$wgLDAPSearchStrings = array( "LehighLDAP"=>"cn=USER-NAME,ou=specificdept,ou=f-s,dc=my,dc=university,dc=edu" );
What I can do in other applications is get rid of the ou elements and just leave the dc elements and it will search down. But when I do this here, it doesn't work, but returns a bad password error.
Is there a way to generalize this search string or do I need to include all of the specific search string trees? And if the latter, what is the syntax to include multiple search strings?
Thanks, Tim
$wgLDAPSearchStrings = array( "LehighLDAP"=>"cn=USER-NAME,ou=specificdept,ou=f-s,dc=my,dc=un iversity,dc=edu" );
What I can do in other applications is get rid of the ou elements and just leave the dc elements and it will search down. But when I do this here, it doesn't work, but returns a bad password error.
Is there a way to generalize this search string or do I need to include all of the specific search string trees? And if the latter, what is the syntax to include multiple search strings?
That is straight bind configuration. You need to use the search configuration (remove $wgLDAPSearchStrings from your config):
$wgLDAPSearchAttributes = array( 'LehighLDAP' => 'cn' );
$wgLDAPBaseDNs = array( 'LehighLDAP' => 'dc=my,dc=university,dc=edu' );
Notice you may need a proxy agent, because most LDAP configurations don't allow for anonymous searching:
$wgLDAPProxyAgent = array( 'exampleNonADDomain' => 'cn=proxyagent,ou=specificdept,ou=f-s,dc=my,dc=university,dc=edu' );
$wgLDAPProxyAgentPassword = array( 'exampleNonADDomain' => 'eX@mP1eP$$wRd' );
You can put the proxyagent anywhere you want; you may already have one available, or your LDAP configuration may allow anonymous searches.
V/r,
Ryan Lane
Lane, Ryan wrote:
$wgLDAPSearchStrings = array( "LehighLDAP"=>"cn=USER-NAME,ou=specificdept,ou=f-s,dc=my,dc=un iversity,dc=edu" );
What I can do in other applications is get rid of the ou elements and just leave the dc elements and it will search down. But when I do this here, it doesn't work, but returns a bad password error.
Is there a way to generalize this search string or do I need to include all of the specific search string trees? And if the latter, what is the syntax to include multiple search strings?
That is straight bind configuration. You need to use the search configuration (remove $wgLDAPSearchStrings from your config):
$wgLDAPSearchAttributes = array( 'LehighLDAP' => 'cn' );
$wgLDAPBaseDNs = array( 'LehighLDAP' => 'dc=my,dc=university,dc=edu' );
Notice you may need a proxy agent, because most LDAP configurations don't allow for anonymous searching:
$wgLDAPProxyAgent = array( 'exampleNonADDomain' => 'cn=proxyagent,ou=specificdept,ou=f-s,dc=my,dc=university,dc=edu' );
$wgLDAPProxyAgentPassword = array( 'exampleNonADDomain' => 'eX@mP1eP$$wRd' );
You can put the proxyagent anywhere you want; you may already have one available, or your LDAP configuration may allow anonymous searches.
Our AD does allow anonymous searching, and I can do it from my PC using ldp.exe. But I get an error stating "Incorrect password entered. Please try again."
So I tried it with a proxy agent that I have for another application. Adding that got the same error.
What should I try next?
Thanks, Tim
mediawiki-l@lists.wikimedia.org