The ldap bind test passed, but i'm still having a problem. attached is the file your requested. thanks for helping. Lou
Hi Batti,
Regarding your LocalSettings.php, there seems to be more there than you need and I did not see $wgUseLDAP set. Also, you do not need to create the LdapAuthenticationPlugin as the $wgUseLDAP flag will take care of that. Try the following for the LDAP settings (I'm assuming you don't need the ADdomain):
#----- start ------ $wgUseLDAP = true; $wgLDAPDomainNames = array( "testLDAPdomain" ); $wgLDAPServerNames = array( "testLDAPdomain"=>"osxdev2.cecom.com" ); $wgLDAPSearchStrings = array( "testLDAPdomain"=>"uid=USER-NAME,cn=users,dc=cecom,dc=com" ); $wgLDAPUseSSL = false; //Recommended!! $wgLDAPUseLocal = false; //Allow the use of the local database as well as the LDAP database $wgMinimalPasswordLength = 1; #If using mediawiki 1.5. Note: 1 is the minimum, feel free to go higher
$wgLDAPUpdateLDAP = false; //if true WikiDN and WikiPassword must be set //In Version 1.0 for writing to the directory $wgLDAPWriterDN = "admin"; //Please use a user with limited access, NOT your directory manager $wgLDAPWriterPassword = "admin_pw_here"; //You are able to use clear text passwords, but please try not to
//In Version 1.0 for search filter $wgLDAPSearchAttributes = array( "testLDAPdomain"=>"uid" ); $wgLDAPBaseDNs = array( "testLDAPdomain"=>"cn=users,dc=cecom,dc=com" );
//In Version 1.0 for mailing temporary passwords to users //(notice, this will store the temporary password in the local directory // if you cannot write LDAP passwords because writing is turned off, // this probably won't help you much since users will not be able to change // their password) $wgLDAPMailPassword = true;
//In Version 1.0 for allowing the retreival of user preferences from LDAP //Only pulls a small amount of info currently $wgLDAPRetrievePrefs = true;
#----end----
Hope this helps.
Still no luck, even after I did what you suggested. It seems that mediawiki doesn't even attempt to "talk" to ldap even when it's directed to do so with the $wgUseLDAP = true;
I've just about given up on mediawiki and would rather use MAMBO, it seems MUCH easier to use and a lot less "GEEKY". It seems that Mediawiki lack in feature set as well, for example, no wysiwyg editor and the performance is really bad.
Thanks for your effort non the less, Lou
On Oct 15, 2005, at 4:16 AM, Christopher Chan wrote:
The ldap bind test passed, but i'm still having a problem. attached is the file your requested. thanks for helping. Lou
Hi Batti,
Regarding your LocalSettings.php, there seems to be more there than you need and I did not see $wgUseLDAP set. Also, you do not need to create the LdapAuthenticationPlugin as the $wgUseLDAP flag will take care of that. Try the following for the LDAP settings (I'm assuming you don't need the ADdomain):
#----- start ------ $wgUseLDAP = true; $wgLDAPDomainNames = array( "testLDAPdomain" ); $wgLDAPServerNames = array( "testLDAPdomain"=>"osxdev2.cecom.com" ); $wgLDAPSearchStrings = array( "testLDAPdomain"=>"uid=USER-NAME,cn=users,dc=cecom,dc=com" ); $wgLDAPUseSSL = false; //Recommended!! $wgLDAPUseLocal = false; //Allow the use of the local database as well as the LDAP database $wgMinimalPasswordLength = 1; #If using mediawiki 1.5. Note: 1 is the minimum, feel free to go higher
$wgLDAPUpdateLDAP = false; //if true WikiDN and WikiPassword must be set //In Version 1.0 for writing to the directory $wgLDAPWriterDN = "admin"; //Please use a user with limited access, NOT your directory manager $wgLDAPWriterPassword = "admin_pw_here"; //You are able to use clear text passwords, but please try not to
//In Version 1.0 for search filter $wgLDAPSearchAttributes = array( "testLDAPdomain"=>"uid" ); $wgLDAPBaseDNs = array( "testLDAPdomain"=>"cn=users,dc=cecom,dc=com" );
//In Version 1.0 for mailing temporary passwords to users //(notice, this will store the temporary password in the local directory // if you cannot write LDAP passwords because writing is turned off, // this probably won't help you much since users will not be able to change // their password) $wgLDAPMailPassword = true;
//In Version 1.0 for allowing the retreival of user preferences from LDAP //Only pulls a small amount of info currently $wgLDAPRetrievePrefs = true;
#----end----
Hope this helps.
-- Christopher Chan SpikeSource, Inc. cchan@spikesource.com http://developer.spikesource.com _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Batti Lou wrote:
Still no luck, even after I did what you suggested. It seems that mediawiki doesn't even attempt to "talk" to ldap even when it's directed to do so with the $wgUseLDAP = true;
I've just about given up on mediawiki and would rather use MAMBO, it seems MUCH easier to use and a lot less "GEEKY". It seems that Mediawiki lack in feature set as well, for example, no wysiwyg editor and the performance is really bad.
MediaWiki is written specifically for Wikipedia and sites like it. I would recommend against using MediaWiki for an internal company wiki; if something else suits your needs please feel free to use it.
(You should probably try other options which target this market before trying MediaWiki.)
-- brion vibber (brion @ pobox.com)
MediaWiki is written specifically for Wikipedia and sites like it. I
would recommend against using MediaWiki for an internal company wiki; if something else suits your needs please feel free to use it. <<
We use mostly MediaWiki here at Intuit and have successfully integrated LDAP and other auth methods. I suspect that Batti Lou needs to disable all firewalls and other restrictions on his (her?) HTTP box. If Linux, turn off iptables as well as SELinux. Then re-enable firewalls until it breaks again - then you'll know what's causing it.
- MHart
----- Original Message ----- From: "Brion Vibber" brion@pobox.com To: "MediaWiki announcements and site admin list" mediawiki-l@Wikimedia.org Sent: Wednesday, October 19, 2005 2:38 PM Subject: Re: [Mediawiki-l] Mediawiki 1.5 and LDAP Authentication
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
thanks for the response MHart. I'm glad to hear someone has it working and that i'm the screw up (not the first time).
I'm actually in a corporate environment and doing everything on the internal side of the corporate firewall. I know I have access from the mediawiki server to the LDAP server as both anonymous or Admin. We are a creative company and hence, we use OSX servers for almost everything. I'm running mediawiki on one server and connected to an OpenLDAP server. I'm actually in the process of evaluating Tikiwiki, however, I'm curious to resolve the problem with mediawiki and ldap authentication. What did you have to do to get it to connect? I assume the only thing you had to do was cut/paste code into the localsettings.php file and change the values to point to your directory??? If so, can you provide the code you cut and pasted, to include the changes you made.
thanks in advance, Lou
On Oct 20, 2005, at 10:01 AM, MHart wrote:
MediaWiki is written specifically for Wikipedia and sites like it. I
would recommend against using MediaWiki for an internal company wiki; if something else suits your needs please feel free to use it. <<
We use mostly MediaWiki here at Intuit and have successfully integrated LDAP and other auth methods. I suspect that Batti Lou needs to disable all firewalls and other restrictions on his (her?) HTTP box. If Linux, turn off iptables as well as SELinux. Then re- enable firewalls until it breaks again - then you'll know what's causing it.
- MHart
----- Original Message ----- From: "Brion Vibber" brion@pobox.com To: "MediaWiki announcements and site admin list" <mediawiki- l@Wikimedia.org> Sent: Wednesday, October 19, 2005 2:38 PM Subject: Re: [Mediawiki-l] Mediawiki 1.5 and LDAP Authentication
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
assume the only thing you had to do was cut/paste code into the localsettings.php file and change the values to point to your directory??? If so, can you provide the code you cut and pasted, to include the changes you made.
The issue was the SSL connection (ldaps). Open /usr/local/etc/openldap/ldap.conf (or locate ldap.conf) and instruct the client to NOT request the certificate.
# Instruct client to NOT request a server's cert. TLS_REQCERT never
You can also run Windows XP certificate manager and export your certificate (base64) and copy it to /usr/local/openssl/certs and run c_rehash. But I don't think this step is necessary - just config ldap to not request the cert should do it.
(This was done by a co-worker, not me, so I don't know all the answers)
- MHart
mediawiki-l@lists.wikimedia.org