[Mediawiki-l] LDAP & Windows AD Authentication

SHane Parkinson shanep at sydneygang.com
Mon Oct 23 12:06:08 UTC 2006

Can anybody help with some fresh ideas on how to get mediawiki to
authenticate users against a windows 2003 AD using the
LdapAuthentication.php patch?



*	AD is single domain, "home.local"
*	Has only one ou=wiki
*	OU contains a test user with uid=test1


The following debug messages with $wgLDAPDebug = 3 are generated and all
attempts/combinations fail to bind during a straight bind or a proxy bind


Entering validDomain<br>

User is using a valid domain<br>

Entering getCanonicalName<br>

Munged username: Administrator<br>

Entering userExists<br>

Entering Connect<br>

Entering Connect<br>

Using servers:  ldap://Home.Local<br>

Connected successfully<br>

Entering getSearchString<br>

Doing a straight bind<br>

userdn is: Home\Administrator<br>

Binding as the user<br>

Failed to bind as Home\Administrator<br>


Also fails to bind with the following proxy agent settings:


#$wgLDAPProxyAgent =  "cn=Tester1, dc=Home,dc=Local";

#$wgLDAPProxyAgentPassword = "password"; //You should also be able to use a


I have tried the following search strings and search attributes settings
(without the #) as well as a proxy agent setting


*	$wgLDAPSearchStrings =
array("Home"=>"uid=USER-NAME,CN=Users,dc=Home,dc=Local" );
*	$wgLDAPSearchAttributes = array( "Home"=>"sAMAccountName" );
*	$wgLDAPSearchAttributes = array( "Home"=>"uid" );
*	$wgLDAPSearchStrings = array( "Home"=>"Home\\USER-NAME" );


I have proved that PHP can connect to the Ad via LDAP using a PHP script I
found to test the connection. 


Can anybody assist with what I'm missing here and apply a fresh pair of eyes
to this problem?



More information about the MediaWiki-l mailing list