Hi,
Thanks for the reply. Yes, I did all those stuff already, and what I
found was that, though I'm getting the error if the user don't exist in
MW table, if I refresh the browser, everything is ok and I can log in.
Also, when you say ldap group synchronization, preference pulling,etc.,
Does it mean that in the userright page we'll get the user groups that
exist in AD to select for a user to add to? Or the user_group table will
be populated with the usernames and groups as in AD?
What are correct setting for that? Mine is MW 193
Regards,
Jack
-----Original Message-----
From: mediawiki-l-bounces(a)lists.wikimedia.org
[mailto:mediawiki-l-bounces@lists.wikimedia.org] On Behalf Of Lane, Ryan
Sent: Wednesday, June 13, 2007 10:32 PM
To: MediaWiki announcements and site admin list
Subject: Re: [Mediawiki-l] Problem with LDAP Authentication plugin
I'm using LDAP authentication plugin with MW 193.
If a
username does not exist in the MW user table, when that user
logs in, he/she can't. The error displayed is
"There was either an external authentication database error
or you are not allowed to update your external account"
So I have to add all the users existing in the AD to MW table
as well. But this is not practical as new users are added to
AD quite often.
I'm guessing you are using MediaWiki 1.9.x? If so, please look here:
http://www.mediawiki.org/wiki/Extension_talk:LDAP_Authentication#Officia
l_workaround
A small change needs to be made for the plugin to work with MediaWiki
1.9. Upgrading to MediaWiki 1.10 should also fix the problem.
Here's my settings for ldapauthentication plugin:
[snip]
$wgLDAPUseLocal = true;
You probably don't want this. This is meant mostly for transitional
periods, where you originally had a local database, and you are moving
to an LDAP backend. This has security hazards associated with it, such
as possibly storing your LDAP account passwords in the local database.
[snip]
$wgLDAPDebug = 0;
0 is actually the default, so you don't really need to define this one.
V/r,
Ryan Lane
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
This electronic mail (including any attachment thereto) may be confidential and privileged
and is intended only for the individual or entity named above. Any unauthorized use,
printing, copying, disclosure or dissemination of this communication may be subject to
legal restriction or sanction. Accordingly, if you are not the intended recipient, please
notify the sender by replying to this email immediately and delete this email (and any
attachment thereto) from your computer system...Thank You