[Mediawiki-l] Active Directory Authentication

Jason Spirko jspirko at xorantech.com
Mon Aug 6 18:06:00 UTC 2007

I am looking for a method of authenticating against Active Directory and possibly group permissions. Is this do-able? Does anybody have any experience making MediaWiki authenticate against Microsoft Active Directory? If so does it work well? Will this "deactivate" all ready existing MediaWiki accounts?

I have looked into and tried implementing the LDAP Authentication plugin and I am receiving errors. I am using WAMP (Windows, Apache 2.2.4, MySQL 5.0.45, PHP 5.2.3) and MediaWiki 1.10.1.

I have already done the following:

1. Copied LdapAuthentication.php to /extensions
2. Added the following to LocalSettings.php:
	# Active Directory Authentication
	require_once( "extensions/LdapAuthentication.php" );
	$wgAuth = new LdapAuthenticationPlugin();
	$wgLDAPDomainNames = array( "XORANTECH" );
	$wgLDAPServerNames = array( "XORANTECH"=>"dcxoran.xorantech.local" );
	$wgLDAPEncryptionType = array( "XORANTECH"=>"ssl" );
	$wgLDAPRetrievePrefs = array( "XORANTECH"=>true ); //<- this is how to do it
	$wgMinimalPasswordLength = 1;
	$wgLDAPSearchStrings = array( "XORANTECH"=>"XORANTECH\\USER-NAME" );
	$wgLDAPDebug = 3; //for debugging
	$wgShowExceptionDetails = true;  //for debugging MediaWiki 

3. Copied the following files from the PHP directory to the Windows System directory (C:\%windir%\system32)
   	o libeay32.dll
      o ssleay32.dll
4. Uncomment the following lines in php.ini:
      o extension=php_ldap.dll
      o extension=php_openssl.dll

5. Created directory C:\OpenLDAP\sysconf and created file named ldap.conf. In this File added "TLS_REQCERT never" in the first line.

When I try logging in using domain username/password I get the following debug:

	Entering validDomain
	User is using a valid domain.
	Setting domain as: XORANTECH
	Entering getCanonicalName
	Username isn't empty.
	Munged username: jspirko
	Entering userExists
	Entering authenticate
	Entering Connect
	Using SSL
	Using servers: ldaps://dcxoran.xorantech.local

Then is just stops there with a blank white screen with the above debug info on it. Any ideas??


Jason Spirko
Systems Administrator
Xoran Technologies

This message (including any attachments) contains confidential and proprietary
information intended only for the addressee. If you are not the intended recipient, 
please notify the sender immediately by responding to this e-mail, and delete 
this message and attachments from your system. If you have any questions 
about this e-mail please notify the sender immediately. Any unauthorized 
disclosure, copying, distribution or reliance on the contents of this information 
is strictly prohibited and may constitute a violation of law. 

More information about the MediaWiki-l mailing list