Hi,
I´m trying to setup LdapAuthentication with MediaWiki 1.9.3 under Windows and MySQL 4.1.22 and PHP 5.2.3 But after trying to log in I just got the following debug message:
Entering validDomain User is using a valid domain. Setting domain as: mydomain Entering getCanonicalName Username isn't empty. Munged username: Ekanegae Entering authenticate Entering Connect Using TLS or not using encryption. Using servers: ldap://mydomain101.mydomain.local Connected successfully Lowercasing the username: Ekanegae Entering getSearchString Doing a straight bind userdn is: uid=ekanegae,dc=mydomain,dc=local Binding as the user Failed to bind as uid=ekanegae,dc=mydomain,dc=local Entering strict. Returning true in strict(). Entering modifyUITemplate
My configuration is set to:
require_once( "$IP/extensions/LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPDomainNames = array( "mydomain" ); $wgLDAPServerNames = array( "mydomain"=>"mydomain101.mydomain.local" ); $wgLDAPUseLocal = false; $wgLDAPEncryptionType = array( "mydomain"=>"clear" ); $wgLDAPSearchStrings = array( "mydomain"=>"uid=USER-NAME,dc=mydomain,dc=local" ); $wgLDAPSearchAttributes = array( "mydomain"=>"uid" ); $wgLDAPBaseDNs = array( "mydomain"=>"dc=mydomain,dc=local" ); $wgLDAPDisableAutoCreate = array( "mydomain"=>false ); $wgMinimalPasswordLength = 1; $wgLDAPDebug = 4; $wgLDAPLowerCaseUsername = array( "mydomain"=>true );
require_once( "$IP/extensions/LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPDomainNames = array( "mydomain" ); $wgLDAPServerNames = array( "mydomain"=>"mydomain101.mydomain.local" ); $wgLDAPUseLocal = false; $wgLDAPEncryptionType = array( "mydomain"=>"clear" ); $wgLDAPSearchStrings = array( "mydomain"=>"uid=USER-NAME,dc=mydomain,dc=local" );
Either remove $wgLDAPSearchStrings, or set it to the location where your users reside (most likely not the base). If you have this set, it will cause the plugin to ignore any search based options.
$wgLDAPSearchAttributes = array( "mydomain"=>"uid" ); $wgLDAPBaseDNs = array( "mydomain"=>"dc=mydomain,dc=local" );
If you are going to do a search, it is pretty likely you'll need some type of proxy agent to search the directory. AD, and many other directory servers disable anonymous searching.
See:
http://www.mediawiki.org/wiki/Extension:LDAP_Authentication#Proxied_or_s earch_based_bind_options
for more information.
V/r,
Ryan Lane
Hi Ryan,
Thanks for the quick reply.
I commented $wgLDAPSearchAttributes and $wgLDAPBaseDNs parameters and tried: - $wgLDAPSearchStrings = array( "USER-NAME@TDOMAIN" ); and - $wgLDAPSearchStrings = array( "TDOMAIN\USER-NAME" );
But it´s still failing to login.
best regards,
Eduardo
On 10/29/07, Lane, Ryan Ryan.Lane@ocean.navo.navy.mil wrote:
require_once( "$IP/extensions/LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPDomainNames = array( "mydomain" ); $wgLDAPServerNames = array( "mydomain"=>"mydomain101.mydomain.local" ); $wgLDAPUseLocal = false; $wgLDAPEncryptionType = array( "mydomain"=>"clear" ); $wgLDAPSearchStrings = array( "mydomain"=>"uid=USER-NAME,dc=mydomain,dc=local" );
Either remove $wgLDAPSearchStrings, or set it to the location where your users reside (most likely not the base). If you have this set, it will cause the plugin to ignore any search based options.
$wgLDAPSearchAttributes = array( "mydomain"=>"uid" ); $wgLDAPBaseDNs = array( "mydomain"=>"dc=mydomain,dc=local" );
If you are going to do a search, it is pretty likely you'll need some type of proxy agent to search the directory. AD, and many other directory servers disable anonymous searching.
See:
http://www.mediawiki.org/wiki/Extension:LDAP_Authentication#Proxied_or_s earch_based_bind_options
for more information.
V/r,
Ryan Lane
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
mediawiki-l@lists.wikimedia.org