Hi,
I'm trying to add LDAP Authentication to my MediaWiki 1.6.5 server and downloaded LdapAuthentication.php v1.0h.
I'm having a lot of trouble when trying to restrict the wiki to a specific LDAP group... here's the block I've added to LocalSettings.php:
# begin LDAP authentication part require_once( 'includes/LdapAuthentication.php' ); $wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "NVIDIA.COM" ); $wgLDAPServerNames = array( "NVIDIA.COM"=>"ldap.nvidia.com" );
//$wgLDAPUseSSL = true; $wgLDAPUseSSL = false; $wgLDAPUseLocal = false; $wgMinimalPasswordLength = 1;
$wgLDAPAddLDAPUsers = false; $wgLDAPUpdateLDAP = false; $wgLDAPMailPassword = false; $wgLDAPRetrievePrefs = true; $wgLDAPDebug = 99;
//$wgLDAPSearchAttributes = array( "NVIDIA.COM"=>"sAMAccountName" );
$wgLDAPSearchStrings = array( "NVIDIA.COM"=>"NVIDIA.COM\USER-NAME" );
# testing group restriction below
$wgLDAPRequiredGroups = array( "NVIDIA.COM"=>array("cn=neteng-contractors,ou=departments,ou=distribution lists,ou=groups,dc=nvidia,dc=com") ); $wgLDAPGroupUseFullDN = array( "NVIDIA.COM"=>true ); $wgLDAPGroupObjectclass = array( "NVIDIA.COM"=>"group" ); $wgLDAPGroupAttribute = array( "NVIDIA.COM"=>"member" ); $wgLDAPGroupSearchNestedGroups = array( "NVIDIA.COM"=>false ); $wgLDAPBaseDNs = array( "NVIDIA.COM"=>"ou=groups,dc=nvidia,dc=com" );
Here is the error output that I'm getting:
{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}} {*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\f0\fs20 Entering validDomain User is using a valid domain Entering getCanonicalName Munged username: Cvo Entering Connect Entering Connect Not Using SSL Using servers: ldap://ldap.nvidia.com Connected successfully Entering getSearchString Doing a straight bind userdn is: NVIDIA.COM\Cvo Binding as the user Binded successfully Checking for (new style) group membership Entering isMemberOfRequiredLdapGroup Required groups:cn=neteng-contractors,ou=departments,ou=distribution lists,ou=groups,dc=nvidia,dc=com Entering getGroups Search string: (&(member=NVIDIA.COM\Cvo)(objectclass=group))
\par *Warning*: ldap_get_entries(): supplied argument is not a valid ldap result resource in */srv/www/htdocs/wiki/includes/LdapAuthentication.php* on line *857* \par \par *Warning*: array_shift() [function.array-shift]: The argument should be an array in */srv/www/htdocs/wiki/includes/LdapAuthentication.php* on line * 860* \par \par *Warning*: Invalid argument supplied for foreach() in * /srv/www/htdocs/wiki/includes/LdapAuthentication.php* on line *863* \par Returned groups: Couldn't find the user in any groups (1). \par \par }
If I uncomment the $wgLDAPSearchAttributes line and comment out $wgLDAPSearchStrings, I get the following:
{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}} {*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\f0\fs20 Entering validDomain User is using a valid domain Entering getCanonicalName Munged username: Cvo Entering Connect Entering Connect Not Using SSL Using servers: ldap://ldap.nvidia.com Connected successfully Entering getSearchString Doing a proxy or anonymous bind Entering getUserDN Doing an anonymous bind Created a regular filter: (sAMAccountName=Cvo) Using base: ou=groups,dc=nvidia,dc=com Couldn't find an entry userdn is: User DN is blank \par \par }
Can someone please help out? I can run dsquery on a Win2k3 server against my accountname (cvo) and it returns fine...