[Mediawiki-l] difficulty configuring LDAP extension

Lane, Ryan Ryan.Lane at ocean.navo.navy.mil
Mon Jul 9 21:08:59 UTC 2007


> $wgLDAPUseSSL = false;
> $wgLDAPEncryptionType = array( "LehighLDAP"=>"" );

These are not correct. I have no idea where everyone keeps getting
"$wgLDAPUseSSL = false;" from, that hasn't been a config option in over
a year :). If you don't want to use encryption, use:

	$wgLDAPEncryptionType = array( "LehighLDAP"=>"clear" );

See:
http://www.mediawiki.org/wiki/Extension:LDAP_Authentication#Domain.2C_se
rver_and_connection_configuration_options for more information on
encryption.

However, notice that AD, by default, is configured to require encryption
when binding to the server. Unless your admin specifically turned that
off, you may need to use encryption (either TLS, or SSL). You'll need to
ensure the AD server has an SSL certificate installed that is signed by
a CA your server trusts.

Also, are you using an older version of the plugin? I coulda swore the
plugin fails when TLS doesn't start properly. I can't find it in the
changelog, so I can't tell you the exact version I fixed that in...

V/r,

Ryan Lane

> 
> I'm trying to create a Mediawiki account, because my username 
> isn't in the DB, yet.  So when I fill out the username, 
> password, pw-confirm, and real name, the result of the log 
> output is the following:
> 
> Entering validDomain
> User is using a valid domain.
> Setting domain as: LehighLDAP
> Entering validDomain
> User is using a valid domain.
> Entering userExists
> Entering authenticate
> Entering Connect
> Using TLS or not using encryption.
> Using servers: ldap://ad.lehigh.edu
> Connected successfully
> Entering getSearchString
> Doing a straight bind
> userdn is: cn=tmm8,ou=f-s,ou=ir,dc=ad,dc=lehigh,dc=edu
> Binding as the user
> Failed to bind as cn=tmm8,ou=f-s,ou=ir,dc=ad,dc=lehigh,dc=edu
> Entering modifyUITemplate
> 
> I'm definitely using the correct password, and I've confirm 
> with the AD admin that 
> cn=tmm8,ou=f-s,ou=ir,dc=ad,dc=lehigh,dc=edu is the correct 
> information.  What am I missing?
> 
> Thanks,
> Tim
> 
> Tim McGeary '99, '06G
> Senior Systems Specialist
> Lehigh University
> 610-758-4998
> tim.mcgeary at lehigh.edu
> 
> 
> Lane, Ryan wrote:
> > That error comes from MediaWiki, not the plugin.
> > 
> > Set:
> > 
> > 	$wgLDAPDebug = 3;
> > 
> > V/r,
> > 
> > Ryan Lane
> > 
> >> -----Original Message-----
> >> From: mediawiki-l-bounces at lists.wikimedia.org
> >> [mailto:mediawiki-l-bounces at lists.wikimedia.org] On Behalf Of Tim 
> >> McGeary
> >> Sent: Monday, July 09, 2007 1:20 PM
> >> To: mediawiki-l at lists.wikimedia.org
> >> Subject: [Mediawiki-l] difficulty configuring LDAP extension
> >>
> >> Hi all,
> >>
> >> I've been trying to configure the LDAP Extension and during my 
> >> testing, I am getting an error within Mediawiki that says:
> >>
> >> "Login error: Incorrect password entered. Please try again."
> >>
> >> The problem I am having is that there is no such error in the LDAP 
> >> extension code and no error logs being produced, so I have no clue 
> >> what part of my configuration is wrong.  Am I not finding the ldap 
> >> server, am I not connecting, am I not binding, am I failing in a 
> >> search for the user?
> >>
> >> Anyone know how I can find out what the real error is?
> >>
> >> Thanks,
> >> Tim McGeary
> >>
> >> --
> >> Tim McGeary '99, '06G
> >> Senior Systems Specialist
> >> Lehigh University
> >> 610-758-4998
> >> tim.mcgeary at lehigh.edu
> >>
> >> _______________________________________________
> >> MediaWiki-l mailing list
> >> MediaWiki-l at lists.wikimedia.org
> >> http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> >>
> > 
> > _______________________________________________
> > MediaWiki-l mailing list
> > MediaWiki-l at lists.wikimedia.org
> > http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> > 
> 
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at lists.wikimedia.org
> http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> 



More information about the MediaWiki-l mailing list