[Mediawiki-l] LDAP & Windows AD Authentication

SHane Parkinson shanep at sydneygang.com
Mon Oct 23 12:06:08 UTC 2006


Can anybody help with some fresh ideas on how to get mediawiki to
authenticate users against a windows 2003 AD using the
LdapAuthentication.php patch?

 

Details

*	AD is single domain, "home.local"
*	Has only one ou=wiki
*	OU contains a test user with uid=test1

 

The following debug messages with $wgLDAPDebug = 3 are generated and all
attempts/combinations fail to bind during a straight bind or a proxy bind

 

Entering validDomain<br>

User is using a valid domain<br>

Entering getCanonicalName<br>

Munged username: Administrator<br>

Entering userExists<br>

Entering Connect<br>

Entering Connect<br>

Using servers:  ldap://Home.Local<br>

Connected successfully<br>

Entering getSearchString<br>

Doing a straight bind<br>

userdn is: Home\Administrator<br>

Binding as the user<br>

Failed to bind as Home\Administrator<br>

 

Also fails to bind with the following proxy agent settings:

 

#$wgLDAPProxyAgent =  "cn=Tester1, dc=Home,dc=Local";

#$wgLDAPProxyAgentPassword = "password"; //You should also be able to use a
hash!

 

I have tried the following search strings and search attributes settings
(without the #) as well as a proxy agent setting

 

*	$wgLDAPSearchStrings =
array("Home"=>"uid=USER-NAME,CN=Users,dc=Home,dc=Local" );
*	$wgLDAPSearchAttributes = array( "Home"=>"sAMAccountName" );
*	$wgLDAPSearchAttributes = array( "Home"=>"uid" );
*	$wgLDAPSearchStrings = array( "Home"=>"Home\\USER-NAME" );

 

I have proved that PHP can connect to the Ad via LDAP using a PHP script I
found to test the connection. 

 

Can anybody assist with what I'm missing here and apply a fresh pair of eyes
to this problem?

 

Shane




More information about the MediaWiki-l mailing list