[Mediawiki-l] Mediawiki kerberos

jack.sardin at orange-ftgroup.com jack.sardin at orange-ftgroup.com
Mon Feb 16 14:38:41 UTC 2009 

Hi


My authentication kerberos login doesn't work's, what is wrong?

Thank's for your help


Localsettings.php

require_once( "$IP/extensions/LdapAutoAuthentication.php" );
require_once "$IP/extensions/LdapAuthentication.php";
$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array('bidule');
$wgLDAPServerNames = array('bidule' => 'rd.truc.fr');
$wgLDAPSearchStrings = array('bidule' => 'USER-NAME at bidule');
$wgLDAPBaseDNs = array('bidule' => 'DC=rd,DC=francetelecom,DC=fr');
$wgLDAPUserBaseDNs = array('bidule' =>
'OU=Cptbidule,OU=Annuaire,DC=rd,DC=truc,DC=fr');
$wgLDAPSearchAttributes = array('bidule' => 'sAMAccountName');
$wgLDAPEncryptionType = array('bidule' => 'clear');
#$wgLDAPDisableAutoCreate = array("bidule"=>true);
$wgLDAPRetrievePrefs = array("bidule"=>true);
$wgLDAPUseLocal = true;


// REMOTE_USER will be in the form username at EXAMPLE.COM, if we
// just chop off @EXAMPLE.COM, we have the username. You can change
// this as needed.
$wgLDAPAutoAuthUsername = preg_replace( '/@.*/', '',
$_SERVER["REMOTE_USER"] );
// After we set all configuration options, we want to setup the Auto
Auth plugin. This will
// create an instance of LdapAuthentication as $wgAuth
AutoAuthSetup();



I found in internet an  LdapAutoAuthentication.php like:

<?php

class LdapAutoAuthentication {

    /**
     * Does the web server authentication piece of the LDAP plugin.
     *
     * @access public
     */
    static function Authenticate( $user, &$result ) {
            global $wgUser;
            global $wgAuth;
        global $wgLDAPAutoAuthUsername;
        global $wgVersion;
    
            $wgAuth->printDebug( "Entering AutoAuthentication.",
NONSENSITIVE );

        if ( version_compare( $wgVersion, '1.14.0', '<' ) ) {
            //The following section is a hack to determine whether or
not
            //the user is logged in. We need a core fix to make this
simpler.
            if ( isset( $_SESSION['wsUserID'] ) ) {
                $user->setID( $_SESSION['wsUserID'] );
                if ( $user->loadFromId() ) {
                    if ( $_SESSION['wsToken'] == $user->mToken  &&
$_SESSION['wsUserName'] == $user->mName ) {
                                $wgAuth->printDebug( "User is already
logged in.", NONSENSITIVE );
                        $result = true;
                                return true;
                        } else {
                        $user->loadDefaults();
                    }
                }
            }
        } else {
            if ( $user->isLoggedIn() ) {
                $wgAuth->printDebug( "User is already logged in.",
NONSENSITIVE );
                return true;
            }
        }
    
            $wgAuth->printDebug( "User isn't logged in, calling setup.",
NONSENSITIVE );
    
            //Let regular authentication plugins configure themselves
for auto
            //authentication chaining
            $wgAuth->autoAuthSetup();
    
            $wgAuth->printDebug( "Calling authenticate with username
($wgLDAPAutoAuthUsername).", NONSENSITIVE );
            //The user hasn't already been authenticated, let's check
them
            $authenticated = $wgAuth->authenticate(
$wgLDAPAutoAuthUsername );
            if ( !$authenticated ) {
                    //If the user doesn't exist in LDAP, there isn't
much reason to
                    //go any further.
                    $wgAuth->printDebug("User wasn't found in LDAP,
exiting.", NONSENSITIVE );
                    return false;
            }
    
            //We need the username that MediaWiki will always use, *not*
the one we
            //get from LDAP.
            $mungedUsername = $wgAuth->getCanonicalName(
$wgLDAPAutoAuthUsername );
    
            $wgAuth->printDebug( "User exists in LDAP; finding the user
by name ($mungedUsername) in MediaWiki.", NONSENSITIVE );
    
        $localId = User::idFromName( $mungedUsername );
            $wgAuth->printDebug( "Got id ($localId).", NONSENSITIVE );
    
            //Is the user already in the database?
            if( !$localId ) {
            $userAdded = self::attemptAddUser( $user, $mungedUsername );
            if ( !$userAdded ) {
                $result = false;
                return false;
            }
        } else {
                    $wgAuth->printDebug( "User exists in local database,
logging in.", NONSENSITIVE );
            $user->setID( $localId );
            $user->loadFromId();
            $user->setCookies();
            $wgAuth->updateUser( $user );
            wfSetupSession();
            $result = true;
            }

            return true;
    }

    static function attemptAddUser( $user, $mungedUsername ) {
        global $wgAuth;

        if ( !$wgAuth->autoCreate() ) {
            $wgAuth->printDebug( "Cannot automatically create
accounts.", NONSENSITIVE );
            return false;
        }

            $wgAuth->printDebug( "User does not exist in local database;
creating.", NONSENSITIVE );
    
        // Checks passed, create the user
        $user->loadDefaults( $mungedUsername );
        $user->addToDatabase();

        $wgAuth->initUser( $user, true );
            $user->setCookies();
        wfSetupSession();

        # Update user count
        $ssUpdate = new SiteStatsUpdate( 0, 0, 0, 0, 1 );
        $ssUpdate->doUpdate();

        # Notify hooks (e.g. Newuserlog)
        wfRunHooks( 'AuthPluginAutoCreate', array( $user ) );

        return true;
    }

    /* No logout link in MW */
    static function NoLogout( &$personal_urls, $title ) {
            global $wgAuth;
            $wgAuth->printDebug( "Entering NoLogout.", NONSENSITIVE );
    
            $personal_urls['logout'] = null;
    
            return true;
    }
}


?>

More information about the MediaWiki-l mailing list