I am looking for a method of authenticating against Active Directory and possibly group
permissions. Is this do-able? Does anybody have any experience making MediaWiki
authenticate against Microsoft Active Directory? If so does it work well? Will this
"deactivate" all ready existing MediaWiki accounts?
I have looked into and tried implementing the LDAP Authentication plugin and I am
receiving errors. I am using WAMP (Windows, Apache 2.2.4, MySQL 5.0.45, PHP 5.2.3) and
MediaWiki 1.10.1.
I have already done the following:
1. Copied LdapAuthentication.php to /extensions
2. Added the following to LocalSettings.php:
#
# Active Directory Authentication
#
require_once( "extensions/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "XORANTECH" );
$wgLDAPServerNames = array( "XORANTECH"=>"dcxoran.xorantech.local"
);
$wgLDAPEncryptionType = array( "XORANTECH"=>"ssl" );
$wgLDAPRetrievePrefs = array( "XORANTECH"=>true ); //<- this is how to do
it
$wgMinimalPasswordLength = 1;
$wgLDAPSearchStrings = array( "XORANTECH"=>"XORANTECH\\USER-NAME"
);
$wgLDAPDebug = 3; //for debugging
$wgShowExceptionDetails = true; //for debugging MediaWiki
3. Copied the following files from the PHP directory to the Windows System directory
(C:\%windir%\system32)
o libeay32.dll
o ssleay32.dll
4. Uncomment the following lines in php.ini:
o extension=php_ldap.dll
o extension=php_openssl.dll
5. Created directory C:\OpenLDAP\sysconf and created file named ldap.conf. In this File
added "TLS_REQCERT never" in the first line.
When I try logging in using domain username/password I get the following debug:
Entering validDomain
User is using a valid domain.
Setting domain as: XORANTECH
Entering getCanonicalName
Username isn't empty.
Munged username: jspirko
Entering userExists
Entering authenticate
Entering Connect
Using SSL
Using servers: ldaps://dcxoran.xorantech.local
Then is just stops there with a blank white screen with the above debug info on it. Any
ideas??
Thanks.
-----------------------------------
Jason Spirko
Systems Administrator
Xoran Technologies
....................................................................................
This message (including any attachments) contains confidential and proprietary
information intended only for the addressee. If you are not the intended recipient,
please notify the sender immediately by responding to this e-mail, and delete
this message and attachments from your system. If you have any questions
about this e-mail please notify the sender immediately. Any unauthorized
disclosure, copying, distribution or reliance on the contents of this information
is strictly prohibited and may constitute a violation of law.