Hi Ryan,
Just to follow up, I took a look at the configuration examples, and picked out the Kerberos-related entries and gave it a shot. Sadly, IIS gives me a 500.
I did verify that IIS passes $_SERVER["REMOTE_USER"] for the REMOTE_USER as that is what the AutomaticREMOTE_USER extension successfully uses. I suspect the issue is with AutoAuth, as there is no LDAP traffic generated. (I am running a debug LDAP proxy that shows
Here are the relevant entries from LocalSettings.php:
# # LDAP Authentication # require_once( "extensions/LdapAutoAuthentication.php" ); require_once( "extensions/LdapAuthentication.php" );
$wgLDAPDomainNames = array("MyDomain); $wgLDAPServerNames = array("MyDomain"=>"192.168.20.212");
$wgLDAPAutoAuthDomain = "MyDomain";
$wgLDAPProxyAgent = array("MyDomain"=>"CN=Proxy User,cn=Users,dc=MyDomain,dc=com"); $wgLDAPProxyAgentPassword = array("MyDomain"=>"PASSWORD"); $wgLDAPBaseDNs = array("MyDomain"=>"dc=MyDomain,dc=com");
$wgLDAPSearchAttributes = array("MyDomain"=>"samaccountname");
$wgLDAPAutoAuthUsername = $_SERVER["REMOTE_USER"] ); AutoAuthSetup();
If you see anything wonky with my config, I'd like to hear about it. In the meanwhile, I will start Frankensteining...
I don't see anything wrong with your configuration. I haven't tested auto-auth with IIS, so that very well may be the issue. Let me know what solves your problem, and I'll see about adding the fixes to the plug-in.
V/r,
Ryan Lane