Hi Ryan/All,
Thanks for your prompt response.
Based on your comments I've decided to start a fresh using code
snippets directly from mediawiki.org.
I'm trying to produce some meaningful debug logs, I've added the
following to my localsettings.php file:
$wgLDAPDebug = 3;
$wgDebugLogFile = 'C:\LDAPDebug.log';
require_once ('extensions/LdapAuthentication.php');
$wgAuth = new LdapAuthenticationPlugin();
//LDAP Code from "Single Domain Requiring Search Before Binding"
Including proxy settings.
The only thing I'm getting from LDAPDebug.log is:
LoginForm::attemptAutoCreate: $wgAuth->authenticate() returned false, aborting
And nothing specificly relating to the LDAP. Any pointers as to how I
can generate more meaningful debug logs?
Thanks
David
On Tue, Feb 1, 2011 at 7:34 PM, Ryan Lane <[email protected]> wrote:
>> I know what a lot of people are going to say.... "google it". I have,
>> but there are many different configuration settings and examples for
>> different versions of the plugin and different versions of mediawiki,
>> I've yet to have any success with them, hence why I'm now asking here.
>>
>
> This is why I tell people to only use the official documentation on
> mediawiki.org. It's always up to date, and it's fairly in depth
> (improvements welcome).
>
>> Below is what I've got so far, but it's not a lot. I've disabled
>> anonymous access via IIS and enabled windows authentication, but I'm not
>> getting any single sign on functionality. However, if anyone has
>> accomplished at least the first two objectives listed above and would be
>> able to provide me with a "template" of their config (sensitive data
>> obviously omitted) then I would really appreciate it.
>>
>
> Are you sure the authentication is working?
>
>> //
>> //LDAP Authentication Configuration
>> //
>>
>> require_once( "/extensions/LdapAuthentication.php" );
>> require_once( "/extensions/LdapAutoAuthentication.php" );
>>
>> //the domain name is any arbitrary name that you will use as a variable
>>
>> $wgLDAPDomainNames = array("localdomain.local");
>>
>> //define the fully qualified name of your AD domain
>>
>> $wgLDAPServerNames = array("localdomain.local"=>"DC1.localdomain.local
>> DC2.localdomain.local");
>> $wgLDAPEncryptionType = array("localdomain.local"=>"ssl");
>>
>> //this is the short name of your domain, not the arbitrary variable
>> mentioned below
>>
>> $wgLDAPAutoAuthDomain = "localdomain.local";
>>
>> //this is how you get the wiki user to be username as opposed to
>> DOMAIN\username
>>
>> list($dom,$userid)=split('[\]',$_SERVER['REMOTE_USER']);
>> $wgLDAPAutoAuthUsername = $userid;
>> $wgLDAPBaseDNs =
>> array("localdomain.local"=>"ou=Users,DC=localdomain,dc=local");
>> $wgLDAPSearchAttributes = array("localdomain.local" => "sAMAccountName");
>> $wgMinimalPasswordLength = 1;
>>
>> //Group Configuration
>>
>> $wgLDAPGroupUseFullDN = array( "localdomain.local"=>true );
>> $wgLDAPGroupObjectclass = array( "localdomain.local"=>"group" );
>> $wgLDAPGroupAttribute = array( "localdomain.local"=>"member" );
>> $wgLDAPGroupSearchNestedGroups = array( "localdomain.local"=>false );
>> $wgLDAPUseLDAPGroups = array( "localdomain.local"=>true );
>> $wgLDAPGroupNameAttribute = array(
>> "localdomain.local"=>"cn=sysop,ou=Users,dc=localdomain,dc=local" );
>> $wgLDAPGroupNameAttribute = array( "localdomain.local"=>"sysop" );
>> AutoAuthSetup();
>>
>> //this is where you define the credentials necessary to read information
>> from AD
>> //you only need this if you want to pull the name, email address and
>> groups from AD
>>
>> $wgLDAPProxyAgent = array('localdomain.local'
>> =>'CN=MediaWikiLDAPSearcher,OU=Users,DC=localdomain,DC=local');
>> $wgLDAPProxyAgentPassword = array('localdomain.local' =>
>> 'MyLDAPSearcherPassword');
>> $wgLDAPPreferences =
>> array("localdomain.local"=>array("email"=>"mail","realname"=>"cn","nickname"=>"givenName"));
>>
>
> I don't see any issues with the configuration. You should enable
> debugging and reply with the debug log with sensitive stuff snipped
> out.
>
> - Ryan Lane
>
> _______________________________________________
> MediaWiki-l mailing list
> [email protected]
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
_______________________________________________
MediaWiki-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
