[Mediawiki-l] difficulty configuring LDAP extension

Tim McGeary tmm8 at Lehigh.EDU
Mon Jul 9 20:29:15 UTC 2007 

I've tried two other configurations.  Here are the three total 
configurations I've tried and the three subsequent results.  Let me know 
what you think might be wrong:

Configuration:

## This is the LDAP method
require_once( 'LdapAuthentication.php' );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "LehighLDAP" );
$wgLDAPServerNames = array( "LehighLDAP"=>"ad.lehigh.edu"  );
$wgLDAPSearchStrings = array( 
"LehighLDAP"=>"cn=USER-NAME,ou=f-s,ou=ir,dc=ad,dc=lehigh,dc=edu"  );
$wgLDAPUseSSL = false;
$wgLDAPEncryptionType = array( "LehighLDAP"=>"" );
$wgMinimalPasswordLength = 1;

Result:

Entering validDomain
User is using a valid domain.
Setting domain as: LehighLDAP
Entering validDomain
User is using a valid domain.
Entering userExists
Entering authenticate
Entering Connect
Using TLS or not using encryption.
Using servers: ldap://ad.lehigh.edu
Connected successfully
Entering getSearchString
Doing a straight bind
userdn is: cn=tmm8,ou=f-s,ou=ir,dc=ad,dc=lehigh,dc=edu
Binding as the user
Failed to bind as cn=tmm8,ou=f-s,ou=ir,dc=ad,dc=lehigh,dc=edu
Entering modifyUITemplate

-------------------------------------------------------------------------

Configuration:

## This is the AD method
require_once( 'LdapAuthentication.php' );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "LehighUniversityAD" );
$wgLDAPServerNames = array( "LehighUniversityAD"=>"ad.lehigh.edu"  );
$wgLDAPSearchStrings = array( 
"LehighUniversityAD"=>"ad.lehigh.edu\\USER-NAME"  );
$wgLDAPUseSSL = false;
$wgLDAPEncryptionType = array( "LehighUniversityAD"=>"" );
$wgLDAPUseLocal = false;
$wgMinimalPasswordLength = 1;


Result:

Entering validDomain
User is using a valid domain.
Setting domain as: LehighUniversityAD
Entering validDomain
User is using a valid domain.
Entering userExists
Entering authenticate
Entering Connect
Using TLS or not using encryption.
Using servers: ldap://ad.lehigh.edu
Connected successfully
Entering getSearchString
Doing a straight bind
userdn is: ad.lehigh.edu\tmm8
Binding as the user
Failed to bind as ad.lehigh.edu\tmm8
Entering modifyUITemplate

-------------------------------------------------------------------------

Configuration:

require_once( 'LdapAuthentication.php' );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "LehighLDAP2" );
$wgLDAPServerNames = array( "LehighLDAP2"=>"ad.lehigh.edu"  );
$wgLDAPSearchAttributes = array( "LehighLDAP2"=>"cn" );
$wgLDAPBaseDNs = array( 
"LehighLDAP2"=>"ou=f-s,ou=ir,dc=ad,dc=lehigh,dc=edu" );
$wgLDAPUseSSL = false;
$wgLDAPEncryptionType = array( "LehighLDAP2"=>"" );
$wgMinimalPasswordLength = 1;


Result:

Entering validDomain
User is using a valid domain.
Setting domain as: LehighLDAP2
Entering validDomain
User is using a valid domain.
Entering userExists
Entering authenticate
Entering Connect
Using TLS or not using encryption.
Using servers: ldap://ad.lehigh.edu
Connected successfully
Entering getSearchString
Doing an anonymous bind
Entering getUserDN
Created a regular filter: (cn=tmm8)
Using base: ou=f-s,ou=ir,dc=ad,dc=lehigh,dc=edu
Couldn't find an entry
userdn is:
User DN is blank
Entering modifyUITemplate


Tim McGeary '99, '06G
Senior Systems Specialist
Lehigh University
610-758-4998
tim.mcgeary at lehigh.edu


Tim McGeary wrote:
> Ok, I'm trying to authentication to an AD server.  We can use it as an 
> LDAP server and not straight AD.  So I'm doing the following configuration:
> 
> ## This is the LDAP method
> require_once( 'LdapAuthentication.php' );
> $wgAuth = new LdapAuthenticationPlugin();
> $wgLDAPDomainNames = array( "LehighLDAP" );
> $wgLDAPServerNames = array( "LehighLDAP"=>"ad.lehigh.edu"  );
> $wgLDAPSearchStrings = array( 
> "LehighLDAP"=>"cn=USER-NAME,ou=f-s,ou=ir,dc=ad,dc=lehigh,dc=edu"  );
> $wgLDAPUseSSL = false;
> $wgLDAPEncryptionType = array( "LehighLDAP"=>"" );
> $wgMinimalPasswordLength = 1;
> 
> I'm trying to create a Mediawiki account, because my username isn't in 
> the DB, yet.  So when I fill out the username, password, pw-confirm, and 
> real name, the result of the log output is the following:
> 
> Entering validDomain
> User is using a valid domain.
> Setting domain as: LehighLDAP
> Entering validDomain
> User is using a valid domain.
> Entering userExists
> Entering authenticate
> Entering Connect
> Using TLS or not using encryption.
> Using servers: ldap://ad.lehigh.edu
> Connected successfully
> Entering getSearchString
> Doing a straight bind
> userdn is: cn=tmm8,ou=f-s,ou=ir,dc=ad,dc=lehigh,dc=edu
> Binding as the user
> Failed to bind as cn=tmm8,ou=f-s,ou=ir,dc=ad,dc=lehigh,dc=edu
> Entering modifyUITemplate
> 
> I'm definitely using the correct password, and I've confirm with the AD 
> admin that cn=tmm8,ou=f-s,ou=ir,dc=ad,dc=lehigh,dc=edu is the correct 
> information.  What am I missing?
> 
> Thanks,
> Tim
> 
> Tim McGeary '99, '06G
> Senior Systems Specialist
> Lehigh University
> 610-758-4998
> tim.mcgeary at lehigh.edu
> 
> 
> Lane, Ryan wrote:
>> That error comes from MediaWiki, not the plugin.
>>
>> Set:
>>
>> 	$wgLDAPDebug = 3; 
>>
>> V/r,
>>
>> Ryan Lane
>>
>>> -----Original Message-----
>>> From: mediawiki-l-bounces at lists.wikimedia.org 
>>> [mailto:mediawiki-l-bounces at lists.wikimedia.org] On Behalf Of 
>>> Tim McGeary
>>> Sent: Monday, July 09, 2007 1:20 PM
>>> To: mediawiki-l at lists.wikimedia.org
>>> Subject: [Mediawiki-l] difficulty configuring LDAP extension
>>>
>>> Hi all,
>>>
>>> I've been trying to configure the LDAP Extension and during 
>>> my testing, I am getting an error within Mediawiki that says:
>>>
>>> "Login error: Incorrect password entered. Please try again."
>>>
>>> The problem I am having is that there is no such error in the 
>>> LDAP extension code and no error logs being produced, so I 
>>> have no clue what part of my configuration is wrong.  Am I 
>>> not finding the ldap server, am I not connecting, am I not 
>>> binding, am I failing in a search for the user?
>>>
>>> Anyone know how I can find out what the real error is?
>>>
>>> Thanks,
>>> Tim McGeary
>>>
>>> --
>>> Tim McGeary '99, '06G
>>> Senior Systems Specialist
>>> Lehigh University
>>> 610-758-4998
>>> tim.mcgeary at lehigh.edu
>>>
>>> _______________________________________________
>>> MediaWiki-l mailing list
>>> MediaWiki-l at lists.wikimedia.org
>>> http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>>>
>> _______________________________________________
>> MediaWiki-l mailing list
>> MediaWiki-l at lists.wikimedia.org
>> http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>>
> 
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at lists.wikimedia.org
> http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>

More information about the MediaWiki-l mailing list