[Mediawiki-l] Help with LDAP upper first letter

Jean Carlos Coelho tec.jeancarlos at gmail.com
Wed Mar 14 23:32:59 UTC 2012


Hello I am trying to configure authentication with ldap zimbra I log
in normally but I'm not getting the usergroups the ldap plugin always
set the first letter of the username in upper case due to this, can't
find the groups, is there a way to fix this?


require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array("domain.com.br");
$wgLDAPDebug = 3; $wgDebugLogGroups["ldap"] = "/tmp/ldap.log" ;
$wgLDAPBaseDNs = array("domain.com.br" => "ou=people,dc=domain,dc=com,dc=br");
$wgLDAPServerNames = array("domain.com.br" => "xxx.xxx.xxx.xxx");
$wgLDAPSearchAttributes = array("domain.com.br" => "uid");
//$wgLDAPSearchAttributes = array("domain.com.br" => "memberUid");
$wgLDAPEncryptionType = array("domain.com.br" => "clear");
//$wgLDAPProxyAgent = array("domain.com.br" =>
"uid=wiki,ou=People,dc=domain,dc=com,dc=br");
$wgLDAPProxyAgent = array("domain.com.br" => "cn=config");
//$wgLDAPProxyAgentPassword = array("domain.com.br" => "PaSSWoRd");
$wgLDAPProxyAgentPassword = array("domain.com.br" => "PaSSwORD");
//$wgLDAPGroupObjectclass = array("domain.com.br" => "posixGroup");
//$wgLDAPUseLocal = array("domain.com.br") => "false");
$wgLDAPUseLocal = false;
$wgLDAPRetrievePrefs = false;
$wgLDAPGroupAttribute = array("domain.com.br" => "memberUid" );
$wgLDAPGroupSearchNestedGroups = array("domain.com.br" => "false");
$wgLDAPGroupNameAttribute = array("domain.com.br" => "cn");
$wgLDAPGroupBaseDNs = array("domain.com.br" =>
"ou=groups,dc=domain,dc=com,dc=br");
$wgLDAPUseLDAPGroups = array("domain.com.br" => "true");
$wgLDAPLocallyManagedGroups = array("domain.com.br" => array(
"cn=telefonia,ou=groups,dc=domain,dc=com,dc=br ",
"cn=diretoria,ou=groups,dc=domain,dc=com,dc=br ",
"cn=comercial,ou=groups,dc=domain,dc=com,dc=br ",
"cn=implantacao,ou=groups,dc=domain,dc=com,dc= br",
"cn=administrativo,ou=groups,dc=domain,dc=com,dc=b r",
"cn=financeiro,ou=groups,dc=domain,dc=com,dc=b r",
"cn=qualidade,ou=groups,dc=domain,dc=com,dc=br ",
"cn=infra,ou=groups,dc=domain,dc=com,dc=br"
),
);
#$wgLDAPRequiredGroups = array("domain.com.br" => array(
# "cn=telefonia,ou=groups,dc=domain,dc=com,dc=br ",
# "cn=diretoria,ou=groups,dc=domain,dc=com,dc=br ",
# "cn=comercial,ou=groups,dc=domain,dc=com,dc=br ",
# "cn=implantacao,ou=groups,dc=domain,dc=com,dc= br",
# "cn=administrativo,ou=groups,dc=domain,dc=com,dc=b r",
# "cn=financeiro,ou=groups,dc=domain,dc=com,dc=b r",
# "cn=qualidade,ou=groups,dc=domain,dc=com,dc=br ",
# "cn=infra,ou=groups,dc=domain,dc=com,dc=br"
# ),
#);
#


Ok, in the log i See..

2012-03-14 23:10:52 wikidb: Entering validDomain
2012-03-14 23:10:52 wikidb: User is using a valid domain.
2012-03-14 23:10:52 wikidb: Setting domain as: domain.com.br
2012-03-14 23:10:52 wikidb: Entering getCanonicalName
2012-03-14 23:10:52 wikidb: Username isn't empty.
2012-03-14 23:10:52 wikidb: Munged username: Username
2012-03-14 23:10:52 wikidb: Entering userExists
2012-03-14 23:10:52 wikidb:
2012-03-14 23:10:52 wikidb: Entering authenticate
2012-03-14 23:10:52 wikidb:
2012-03-14 23:10:52 wikidb: Entering Connect
2012-03-14 23:10:52 wikidb: Using TLS or not using encryption.
2012-03-14 23:10:52 wikidb: Using servers: ldap://xxx.xxx.xxx.xxx
2012-03-14 23:10:52 wikidb: Connected successfully
2012-03-14 23:10:52 wikidb: Entering getSearchString
2012-03-14 23:10:52 wikidb: Doing a proxy bind
2012-03-14 23:10:52 wikidb: Entering getUserDN
2012-03-14 23:10:52 wikidb: Created a regular filter: (uid=Username)
2012-03-14 23:10:52 wikidb: Entering getBaseDN
2012-03-14 23:10:52 wikidb: basedn is not set for this type of entry,
trying to get the default basedn.
2012-03-14 23:10:52 wikidb: Entering getBaseDN
2012-03-14 23:10:52 wikidb: basedn is ou=people,dc=domain,dc=com,dc=br
2012-03-14 23:10:52 wikidb: Using base: ou=people,dc=domain,dc=com,dc=br
2012-03-14 23:10:52 wikidb: Fetched username is not a string (check
your hook code...). This message can be safely ignored if you do not
have the SetUsernameAttributeFromLDAP hook defined.
2012-03-14 23:10:52 wikidb: userdn is:
2012-03-14 23:10:52 wikidb: User DN is blank
2012-03-14 23:10:52 wikidb: Entering allowPasswordChange
2012-03-14 23:10:52 wikidb: Entering modifyUITemplate

at zimbra server.. check the username with low letters:

zimbra at server:~$ ldapsearch -h xxx.xxx.xxx.xx -W -x -LL -D cn=config
memberUid=username ou=groups,dc=domain,dc=com,dc=br
Enter LDAP Password:
version: 1

dn: cn=users,ou=groups,dc=domain,dc=com,dc=br
dn: cn=telefonia,ou=groups,dc=domain,dc=com,dc=br


if check with upper first letter:

zimbra at server:~$ ldapsearch -h xxx.xxx.xxx.xxx -W -x -LL -D cn=config
memberUid=Username ou=groups,dc=domain,dc=com,dc=br
Enter LDAP Password:
version: 1

zimbra at server:~$


Now we know why is not resolving any groups, but where to fix it ?
-- 
[]'s

Jean Carlos Coelho
tec.jeancarlos at gmail.com



More information about the MediaWiki-l mailing list