Hi, Ryan Lane
Thanks for your reply first.
I changed my configuration follow your directions, like below:
$wgGroupPermissions['*' ]['createaccount'] = false;
$wgGroupPermissions['user']['createaccount'] = false;
$wgGroupPermissions['*']['read'] = true;
$wgGroupPermissions['*']['edit'] = false;
$require_once("extensions/LdapAuthentication.php");
$wgAuth= new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "exchangetest" );
$wgLDAPServerNames = array( "exchangetest"=>"
exchangetest.exchangetest.umtest.local" );
$wgLDAPProxyAgent =
array("exchangetest"=>"cn=administrator,cn=users,dc=exchangetest,dc=umtest,dc=local");
$wgLDAPProxyAgentPassword = array("exchangetest"=>"Password");
$wgLDAPSearchAttributes = array
("exchangestest"=>"sAMAccountName");
$wgLDAPBaseDNs =
array("exchangetest"=>"dc=exchangetest,dc=umtest,dc=local");
$wgLDAPEncryptionType = array("exchangetest"=>"ssl");
$wgMinimalPasswordLength = 1;
$wgLDAPDebug = 3;
then, I log on wiki, can find the debug messages:
Entering validDomain
User is using a valid domain.
Setting domain as: exchangetest
Entering getCanonicalName
Username isn't empty.
Munged username: Jma
Entering authenticate
Entering Connect
Using SSL
Using servers: ldaps://137.134.68.117
Connected successfully
Entering getSearchString
Doing a proxy bind
Failed to bind as
cn=administrator,cn=users,dc=exchangetest,dc=umtest,dc=local
Failed to bind
User DN is blank
Entering strict.
Returning true in strict().
Entering modifyUITemplate
I am not clear why bind administrator failed. My environment are AD server
(windows) and wiki server(linux).
I check log file which in /var/log/httpd/ssl_error_log on wiki server, can
find messages :
[Sat Jun 13 13:44:41 2015] [warn] RSA server certificate is a CA certificate
(BasicConstraints: CA == TRUE !?)
[Sat Jun 13 13:44:41 2015] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
Could certificate on AD server cause binding error ?
2007/10/18, Lane, Ryan <Ryan.Lane(a)ocean.navo.navy.mil>il>:
$wgLDAPUseSSL = array(
"exchangetest"=>"ssl");
This should be:
$wgLDAPEncryptionType = array("exchangetest"=>"ssl");
As of right now you are actually using start_tls, and not ldaps (as the
plugin defaults to start_tls for user protection purposes). If you have
an SSL cert installed on your AD server, it should have the same effect,
but they use different ports, and the encryption is slightly different;
notice that not all AD servers are set up to use start_tls. By default
AD doesn't use ldaps or start_tls, you are required to install a
certificate.
If you have a certificate installed, you may have a certficate trust
issue. If you use:
$wgLDAPEncryptionType = array("exchangetest"=>"clear");
and it works, you know this is an SSL issue. I strongly recommend
against leaving this as "clear" though.
$wgLDAPUseLocal = false;
$wgLDAPDisableAutoCreate = array("exchangetest"=>"false");
These two default to false (pretty much everything defaults to false).
Set:
$wgLDAPDebug = 3;
That will give you debugging info. If you can't figure out the problem,
post your debug info with sensitive stuff snipped out.
V/r,
Ryan Lane
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l