[Mediawiki-l] LDAP & Windows AD Authentication

Lane, Ryan Ryan.Lane at ocean.navo.navy.mil
Mon Oct 23 13:53:03 UTC 2006


> Entering validDomain<br>
> 
> User is using a valid domain<br>
> 
> Entering getCanonicalName<br>
> 
> Munged username: Administrator<br>
> 
> Entering userExists<br>
> 
> Entering Connect<br>
> 
> Entering Connect<br>
> 
> Using servers:  ldap://Home.Local<br>
> 
> Connected successfully<br>
> 
> Entering getSearchString<br>
> 
> Doing a straight bind<br>
> 
> userdn is: Home\Administrator<br>
> 
> Binding as the user<br>
> 
> Failed to bind as Home\Administrator<br>

Set debug to 4 instead of 3, and if you send the info back, make sure
you snip anything sensitive out...

[snip]
 
> Can anybody assist with what I'm missing here and apply a fresh pair
of
> eyes
> to this problem?

Looks like you got past the blank page problem, so I'll ignore that
email.

Are you using SSL/TLS? What do your AD logs show? Is the user failing to
bind, or is the bind failing because the SSL connection is failing? If
AD doesn't show a bind failure, it is likely that it is the SSL
connection failing (as AD doesn't log very much). This is pretty common
when using AD. Does your AD even have an SSL cert in place? AD doesn't
use SSL by default, only Kerberos.

For more info on setting up SSL with AD read this section and its links:
http://meta.wikimedia.org/wiki/LDAP_Authentication#Trusting_self-signed_
SSL_certificates

Are you using IIS or apache?

By the way, the way you had the configuration set up in your first email
should work fine.

V/r,

Ryan Lane



More information about the MediaWiki-l mailing list