[Mediawiki-l] Help with LDAP Configuration and Windows 2003 Active Directory

SHane Parkinson shanep at sydneygang.com
Sun Oct 22 11:43:53 UTC 2006



I am by no means an expert in either PHP, LDAP, Active Directory or a
Windows 2003 Administration but I'm trying to set up a proof of concept in a
Windows 2003 Active Directory domain which is configured as a domain name of
"HOME" with DNS = "home.local" (dns forwarders are configured on this


I have read the pages on LDAP
(http://meta.wikimedia.org/wiki/LDAP_Authentication) and LDAP Configuration
and I am in "learning sponge mode" trying to understand the details to get
this running. 


The configuration required is to disallow anonymous users to read the
content pages of the wiki as the wiki will operate in an extranet style
configuration. A large percentage of staff are working remotely or
externally to the company's infrastructure. To reduce the number of
username/passwords staff have to remember I'm trying to have users
authenticate against the Windows Active Directory. 


As a first attempt to understand the rather steep learning curve in
LDAP/AD/PHP I followed the examples provided in the LDAP Authentication
Configuration examples and customised for the pilot network I'm using (see
below). These setting we copied into the localSettings.php and the


require_once( "includes/LdapAuthentication.php" );

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array( "Home" );

$wgLDAPServerNames = array( "HOME"=>"sydaapms37-pede.home.local" );

$wgLDAPSearchStrings = array( "Home"=>"HOME\\USER-NAME" );

$wgLDAPUseSSL = true; //not recommended but OK for testing

$wgLDAPUseLocal = false;

$wgMinimalPasswordLength = 1;

$wgLDAPRetrievePrefs = false;


I have created a domain user called "tester1" and added this user to a group
called "Wiki" although I don't think I have created any configuration
entries related to this user group.


The domain name is displayed as "HOME" on the login page but all user
accounts tested (including the windows administrator account) generate the
following error: The password you entered is incorrect (or missing). Please
try again. 


I've also got behaviour where after hitting the login button, I receive a
blank page, i.e. it returned nothing, no error message etc, simply a blank


I have reached the limits of my knowledge as to where to look/investigate
why I cannot log in correctly. The passwords are correct and test accounts
cannot be locked out. I have tried changing the $wgLDAPUseSSL from false to
true but this makes no difference and I haven't, as far as I'm aware enabled


If anybody can assist reducing this newbie's learning curve, your assistance
would be greatly appreciated





More information about the MediaWiki-l mailing list