Re: [Mediawiki-enterprise] issues with ldap authentication v. 1.0honmw 1.8.2

Any luck?

From: mediawiki-enterprise-bounces@mail.wikimedia.org [mailto:mediawiki-enterprise-bounces@mail.wikimedia.org] On Behalf Of Isaac Gonzalez
Sent: Wednesday, December 06, 2006 11:55 AM
To: mediawiki-enterprise@mail.wikimedia.org
Subject: RE: [Mediawiki-enterprise] issues with ldap authentication v. 1.0honmw 1.8.2

Hi Ryan,

thanks for responding.

I am getting the pop-up window that asks for username/password.

Yes my spaces are just a typo since i needed to hide my actual domain. I'll make sure that their are no spaces anyhow. Similar issue for proxyagent.

Actually iis has "integrated authentication" ticked off as well as anonymous access. I will untick the "integrated authentication" which is ticked by default off and let you know my results.

I'm actually thinking of moving the wiki to apache to see if that helps if i can't solve the issue.

I'll keep you posted.

-Isaac

From: mediawiki-enterprise-bounces@mail.wikimedia.org on behalf of Lane, Ryan
Sent: Wed 12/6/2006 6:55 AM
To: mediawiki-enterprise@mail.wikimedia.org
Subject: Re: [Mediawiki-enterprise] issues with ldap authentication v. 1.0honmw 1.8.2

> It works fine to log me in using my ad username/username password.
>
> However, when saving a page, intermittently I get a windows login prompt, which accepts my ad user/password.
>

When you say you get a windows login prompt, do you mean a pop-up window that asks for username/password, or do you mean it brings you back to mediawiki's login page?

> I would prefer to only authenticate once to the wiki.
>
> Here is my ldap code in localsettings.php:
>
>
> /* Ldap Authentication
> */
> require_once( "includes/LdapAuthentication.php" );
> $wgAuth = new LdapAuthenticationPlugin();
> $wgLDAPDomainNames = array( "MYDOMAIN" );
> $wgLDAPServerNames = array( " MYDOMAIN "=>"dc1.mydomain.com" );
> //$wgLDAPSearchStrings = array( " MYDOMAIN "=>" MYDOMAIN \\USER-NAME" );
> $wgLDAPSearchAttributes = array( " MYDOMAIN "=>"sAMAccountName" );
> $wgLDAPBaseDNs = array( " MYDOMAIN "=>"dc=mydomain,dc=com" );
> $wgLDAPProxyAgent = "cn=aduser,ou=Services,ou=Users ,dc=mydomain,dc=com";
> $wgLDAPProxyAgentPassword = "Mypassword"; //You should also be able to use a hash!
> $wgLDAPUseSSL = false; //not recommended but OK for testing
> $wgLDAPUseLocal = true;
> $wgMinimalPasswordLength = 1;
> $wgLDAPRetrievePrefs = false;
> $wgLDAPAddLDAPUsers = false;
> $wgLDAPUpdateLDAP = false;
> $wgLDAPMailPassword = false;
>

Your configuration looks ok, except the domain name doesn't match everywhere (the spaces are just a typo right?), and the proxyagent has a space after "ou=Users"

> I'm using iis 5 webserver/php 5.1.2/my domain is windows server 2003/ldap plugin v. 1.0h.
>
> Any help would be appreciated.

Is your webserver configured to do any authentication? If you are getting a pop-up window asking for a username/password I would guess your problem is webserver authentication. If the mediawiki login window keeps coming up, I'd imagine you are having session problems.

V/r,

Ryan Lane
_______________________________________________
Mediawiki-enterprise mailing list
Mediawiki-enterprise@mail.wikimedia.org
http://mail.wikimedia.org/mailman/listinfo/mediawiki-enterprise