[Mediawiki-l] How to setup Auto Authentication with AD ?

gadina at hotmail.ru gadina at hotmail.ru
Fri Oct 10 09:40:03 UTC 2008 

Hello,

In the local network is AD domain - xxx.yyy.org
Domain Controllers - serv1.xxx.yyy.org and serv2.xxx.yyy.org
In the domain is a group - MWUsers, which includes several users - mwuser1, mwuser2, etc.
There MediaWiki 1.13.1.
I need to allow automatic access only to users who are in the AD group users.
I know that this can be done through LdapAuthentication and LdapAutoAuthentication, but all my attempts unsuccessful.

My LocalSettings.php:

require_once ("$IP/extensions/LdapAutoAuthentication.php");
require_once ("$IP/extensions/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array('XXX');
$wgLDAPServerNames = array('XXX' => 'serv1.xxx.yyy.org serv2.xxx.yyy.org');
$wgLDAPSearchStrings = array('XXX' => 'XXX\\USER-NAME');
$wgLDAPEncryptionType = array('XXX' => 'false');
$wgLDAPUseLocal = false;
$wgMinimalPasswordLength = 1;
$wgLDAPBaseDNs = array('XXX'=>'dc=xxx,dc=yyy,dc=org');
$wgLDAPSearchAttributes = array('XXX'=>'sAMAccountName');
$wgLDAPGroupBaseDNs = array('XXX'=>'ou=MWUsers,dc=xxx,dc=yyy,dc=org');
AutoAuthSetup();
$wgLDAPDebug = 6;

But these settings do not work as expected. Auto login is not performed.
Therefore, I choose the "Log in / create account" and enter login - mwuser1 and password
Log info:

Entering validDomain
User is using a valid domain.
Setting domain as: XXX
Entering getCanonicalName
Username isn't empty.
Munged username: mwuser1
Entering authenticate

Entering Connect
Using TLS or not using encryption.
Using servers: ldap://serv1.xxx.yyy.org ldap://serv2.xxx.yyy.org
Connected successfully
Entering getSearchString
Doing a straight bind
userdn is: XXX\mwuser1

Binding as the user
Bound successfully
Entering getUserDN
Created a regular filter: (sAMAccountName=mwuser1)
Entering getBaseDN
basedn is not set for this type of entry, trying to get the default basedn.
Entering getBaseDN
basedn is dc=xxx,dc=yyy,dc=org
Using base: dc=xxx,dc=yyy,dc=org
Fetched username is not a string (check your hook code...). 
This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
Pulled the user's DN: CN=f_name l_name,OU=MWUsers,OU=DataArt,DC=xxx,DC=yyy,DC=org
Authentication passed
Entering updateUser
WTF!?)

More information about the MediaWiki-l mailing list