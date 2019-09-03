Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLinuxMediawiki and LDAP (active directory)


104 posts

Master Geek


# 255855 3-Sep-2019 16:59
Send private message quote this post

Hi, Has anyone on here had any success making this work?

 

Plugins I am using

 

LDAPProvider

 

LDAPAuthentication2

 

PluggableAuth

 

LDAPAuthorization

 

 

 

I cant get it to create users in the wiki from LDAP tried multiple plugins/scripts without success

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
776 posts

Ultimate Geek


  # 2310080 3-Sep-2019 17:09
Send private message quote this post

I've got quite a bit of MediaWiki admin experience. Run it at work doing authentication against O365.

Just want to confirm some things first:
* Are you using on premises active directory only?
* You need accounts to be created automatically at first login and tied to the AD account
* MediaWiki version?

You mention ldap... So let's confirm it's against AD and not another ldap provider.



104 posts

Master Geek


  # 2310203 3-Sep-2019 17:23
Send private message quote this post

nzkc: Are you using on premises active directory only?

 

On Prem Active Directory Only

 

nzkc: You need accounts to be created automatically at first login and tied to the AD account

 

That is the ideal setup yes please

 

nzkc: MediaWiki version?

 

1.33.0

nzkc: You mention ldap... So let's confirm it's against AD and not another ldap provider.

 

Against AD no other LDAP Provider

 

 

 

Thanks for your help

 

 

 
 
 
 


776 posts

Ultimate Geek


  # 2310299 3-Sep-2019 21:00
Send private message quote this post

So I'm a bit concerned that LDAP Authentication says its not compatible with 1.27.  Could be things changed and its compatible with later versions - documentation is a bit vague there.  I'll take this offline with you to discuss (cause you probably wont want to answer some of the upcoming questions here for security reasons!).

 

Edit: Or not as I cant PM you!

776 posts

Ultimate Geek


  # 2310301 3-Sep-2019 21:04
Send private message quote this post

Have you tested you can access your domain controller from your mediawiki server?  E.g. is port 389 open to it?



104 posts

Master Geek


  # 2310685 4-Sep-2019 15:38
Send private message quote this post

nzkc:

 

Have you tested you can access your domain controller from your mediawiki server?  E.g. is port 389 open to it?

 

 

Sorry for late reply

 

DC access is fine, I have the following modules installed

 

LDAPAuthentication2 - https://www.mediawiki.org/wiki/Extension:LDAPAuthentication2

 

PluggableAuth - https://www.mediawiki.org/wiki/Extension:PluggableAuth

 

LDAPProvider - https://www.mediawiki.org/wiki/Extension:LDAPProvider

 

 

 

I get "The supplied credentials are not associated with any user on this wiki" when attempting to log in, so its authenticating ok

 

also configured in LocalSettings.php 

 

$wgGroupPermissions['*']['autocreateaccount'] = true;
$wgGroupPermissions['*']['createaccount'] = false;

 

Auth_remoteuser and LDAPAuthorization I believe is the final piece of the puzzle I need to auto-create accounts but am at a road block

 

When I enable the plugin LDAPAuthorization I get "user not authorized" 

 

Thanks Again!

776 posts

Ultimate Geek


  # 2310703 4-Sep-2019 16:16
Send private message quote this post

Can you PM me the localsettings.php? Feel free to rip out sensitive info.

Want to compare to various documentation.



104 posts

Master Geek


  # 2310762 4-Sep-2019 19:08
Send private message quote this post

nzkc: Can you PM me the localsettings.php? Feel free to rip out sensitive info.

Want to compare to various documentation.

 

 

 

No probs, its all test lab stuff so nothing sensitive :)

 
 
 
 




104 posts

Master Geek


  # 2315372 12-Sep-2019 07:50
Send private message quote this post

nzkc: Can you PM me the localsettings.php? Feel free to rip out sensitive info.

Want to compare to various documentation.

 

Thanks for getting this working! you are a Legend!

 

 

4 posts

Wannabe Geek


  # 2328225 2-Oct-2019 04:36
Send private message quote this post

Hey, guys.

 

Surfing the internet in the search of an answer to my mediawiki setup I found your topic. I've just made the same steps nztim made, but I'm coming up with the same problem he had. What did nzkc to solve the problem? I'm really stuck with this. It's driving me crazy.

 

 

 

Thanks!



104 posts

Master Geek


  # 2328277 2-Oct-2019 08:58
Send private message quote this post

kelirkenan:

 

Hey, guys.

 

Surfing the internet in the search of an answer to my mediawiki setup I found your topic. I've just made the same steps nztim made, but I'm coming up with the same problem he had. What did nzkc to solve the problem? I'm really stuck with this. It's driving me crazy.

 

 

 

Thanks!

 

 

 

 

For me it came down to Capitalisation in the LDAP settings (the conf files are very vert particular) @nzkc was awesome, and knows his stuff, also my PHP was a mix of old and new which didn't help

776 posts

Ultimate Geek


  # 2328315 2-Oct-2019 10:10
Send private message quote this post

As nztim says it's all very case sensitive! I did follow a sample setup on the extension pages. Maybe nztim can post his config to you?

Happy to help you though I'm unavailable till next week (family holiday!)

4 posts

Wannabe Geek


  # 2328693 2-Oct-2019 23:04
Send private message quote this post

I don't believe my problem is related to case sensitivity, but as I've tried anything I've came up with, it can be. What I want is to authenticate users against my Active Directory server and, if it is the first time a user logs in, I want mediawiki to create its account. The configuration I have right now gives these two messages dependending on the correct input of the user and password or not. Let me show it to you:

 

- If I write the correct username and password of a user I get the following message: "The supplied credentials are not associated with any user on this wiki."

 

- If I write the correct username but an incorrect password of the user I get the following message: "Could not authenticate credentials against domain "myaddomain" "

 

Attending these behaviour, I believe the connection to the Active Directory server is correct, but mediawiki is configured to not create the new user account automatically. Am I right? I've tried to configure LDAPProvider extension with a JSON file and PHP, but they both show the same behaviour. I have the same lines in LocalSettings.php than nztim:

 

$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['autocreateaccount'] = true;

 

Another thing I want to know is if I should use another extra extension for what I'm trying to accomplish. Right now I'm using these three extensions:

 

- LDAPAuthentication2

 

- PluggableAuth

 

- LDAPProvider

 

Maybe I'm lacking the use of LDAPAuthorization?

 

Thanks for yesterday's quick answers.

776 posts

Ultimate Geek


  # 2329347 4-Oct-2019 06:40
Send private message quote this post

Sounds EXACTLY like nztim's issue TBH!

4 posts

Wannabe Geek


  # 2333126 9-Oct-2019 03:20
Send private message quote this post

I have finally been able to solve all my problems. Regarding that the actual documentation for LDAPStack is terrible I came up with a topic on mediawiki forums (https://www.mediawiki.org/wiki/Topic:V4vp8jf98hn5cpj5) where I found the solution. I had to add $this->domain = 'mydomain'; return true; into mediawiki/extensions/LDAPProvider/src/Hook/UserLoadAfterLoadFromSession.php in line 127. That line of code solved all my problems.

 

Hope anyone having issues with the new extensions will find this GeekZone topic and solve it!

 

Thanks!

2 posts

Wannabe Geek


  # 2362012 28-Nov-2019 09:01
Send private message quote this post

If I beg nicely, would one of you fine folks send me a sanitized LocalSettings.php that is known good for PluggableAuth, LDAPProvider, LDAPAuthentication2, and LDAPAuthorization extensions? I can't get mine to cooperate to save my life. I don't think I have a case sensitivity issue in my config, and while I completely agree with @kelirkenan about mediawiki documentation, adding that line in changed nothing on my host. 

 

My general symptom is I can authenticate a user, but when I try to edit a page, the mediawiki times me out. When I turn on authorization, my accounts are not authorized to login. This is a "follow the recipe" install on CentOS (it's a docker container. Happy to provide the Dockerfile if anyone has the need), pull down the extensions from mwf, un-tar them in extensions, adapt LocalSettings as appropriate and fire it up. php maintenance/update.php is.... interesting.

 

FWIW, and something kind of odd/interesting, I did a VM build (non docker) of Mediawiki so I could capture steps as I was putting together my Dockerfile. On that image, I CAN edit pages as a user, but when I turn on Authorization, I get the same symptom as the containerized mediawiki.

 

groupsrequest mechanism maybe? I don't know which method to use on OpenLDAP, or how to find that information. 

 

Any help would be very, very much appreciated. Thanks for your time, thanks for putting this forum together, and thanks for helping me realize it's not just me living the struggle with this thing.

 

Take it easy.

 

R/,

 

 - A

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09

Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32

Vodafone 5G service live in four cities
Posted 10-Dec-2019 08:30

Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01

NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00

New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33

IMAGR and Farro bring checkout-less supermarket shopping to New Zealand
Posted 5-Dec-2019 09:07

Wellington Airport becomes first 5G connected airport in the country
Posted 3-Dec-2019 08:42

MetService secures Al Jazeera as a new weather client
Posted 28-Nov-2019 09:40

NZ a top 10 connected nation with stage one of ultra-fast broadband roll-out completed
Posted 24-Nov-2019 14:15

Microsoft Translator understands te reo MÄori
Posted 22-Nov-2019 08:46

Chorus to launch Hyperfibre service
Posted 18-Nov-2019 15:00

Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08

Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55

Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.