Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


nztim

964 posts

Ultimate Geek

Subscriber

#255855 3-Sep-2019 16:59
Send private message

Hi, Has anyone on here had any success making this work?

 

Plugins I am using

 

LDAPProvider

 

LDAPAuthentication2

 

PluggableAuth

 

LDAPAuthorization

 

 

 

I cant get it to create users in the wiki from LDAP tried multiple plugins/scripts without success


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
nzkc
898 posts

Ultimate Geek


  #2310080 3-Sep-2019 17:09
Send private message

I've got quite a bit of MediaWiki admin experience. Run it at work doing authentication against O365.

Just want to confirm some things first:
* Are you using on premises active directory only?
* You need accounts to be created automatically at first login and tied to the AD account
* MediaWiki version?

You mention ldap... So let's confirm it's against AD and not another ldap provider.

nztim

964 posts

Ultimate Geek

Subscriber

  #2310203 3-Sep-2019 17:23
Send private message

nzkc: Are you using on premises active directory only?

 

On Prem Active Directory Only

 

nzkc: You need accounts to be created automatically at first login and tied to the AD account

 

That is the ideal setup yes please

 

nzkc: MediaWiki version?

 

1.33.0

nzkc: You mention ldap... So let's confirm it's against AD and not another ldap provider.

 

Against AD no other LDAP Provider

 

 

 

Thanks for your help

 

 


 
 
 
 


nzkc
898 posts

Ultimate Geek


  #2310299 3-Sep-2019 21:00
Send private message

So I'm a bit concerned that LDAP Authentication says its not compatible with 1.27.  Could be things changed and its compatible with later versions - documentation is a bit vague there.  I'll take this offline with you to discuss (cause you probably wont want to answer some of the upcoming questions here for security reasons!).

 

Edit: Or not as I cant PM you!


nzkc
898 posts

Ultimate Geek


  #2310301 3-Sep-2019 21:04
Send private message

Have you tested you can access your domain controller from your mediawiki server?  E.g. is port 389 open to it?


nztim

964 posts

Ultimate Geek

Subscriber

  #2310685 4-Sep-2019 15:38
Send private message

nzkc:

 

Have you tested you can access your domain controller from your mediawiki server?  E.g. is port 389 open to it?

 

 

Sorry for late reply

 

DC access is fine, I have the following modules installed

 

LDAPAuthentication2 - https://www.mediawiki.org/wiki/Extension:LDAPAuthentication2

 

PluggableAuth - https://www.mediawiki.org/wiki/Extension:PluggableAuth

 

LDAPProvider - https://www.mediawiki.org/wiki/Extension:LDAPProvider

 

 

 

I get "The supplied credentials are not associated with any user on this wiki" when attempting to log in, so its authenticating ok

 

also configured in LocalSettings.php 

 

$wgGroupPermissions['*']['autocreateaccount'] = true;
$wgGroupPermissions['*']['createaccount'] = false;

 

Auth_remoteuser and LDAPAuthorization I believe is the final piece of the puzzle I need to auto-create accounts but am at a road block

 

When I enable the plugin LDAPAuthorization I get "user not authorized" 

 

Thanks Again!


nzkc
898 posts

Ultimate Geek


  #2310703 4-Sep-2019 16:16
Send private message

Can you PM me the localsettings.php? Feel free to rip out sensitive info.

Want to compare to various documentation.

nztim

964 posts

Ultimate Geek

Subscriber

  #2310762 4-Sep-2019 19:08
Send private message

nzkc: Can you PM me the localsettings.php? Feel free to rip out sensitive info.

Want to compare to various documentation.

 

 

 

No probs, its all test lab stuff so nothing sensitive :)


 
 
 
 


nztim

964 posts

Ultimate Geek

Subscriber

  #2315372 12-Sep-2019 07:50
Send private message

nzkc: Can you PM me the localsettings.php? Feel free to rip out sensitive info.

Want to compare to various documentation.

 

Thanks for getting this working! you are a Legend!

 

 


kelirkenan
4 posts

Wannabe Geek


  #2328225 2-Oct-2019 04:36
Send private message

Hey, guys.

 

Surfing the internet in the search of an answer to my mediawiki setup I found your topic. I've just made the same steps nztim made, but I'm coming up with the same problem he had. What did nzkc to solve the problem? I'm really stuck with this. It's driving me crazy.

 

 

 

Thanks!


nztim

964 posts

Ultimate Geek

Subscriber

  #2328277 2-Oct-2019 08:58
Send private message

kelirkenan:

 

Hey, guys.

 

Surfing the internet in the search of an answer to my mediawiki setup I found your topic. I've just made the same steps nztim made, but I'm coming up with the same problem he had. What did nzkc to solve the problem? I'm really stuck with this. It's driving me crazy.

 

 

 

Thanks!

 

 

 

 

For me it came down to Capitalisation in the LDAP settings (the conf files are very vert particular) @nzkc was awesome, and knows his stuff, also my PHP was a mix of old and new which didn't help


nzkc
898 posts

Ultimate Geek


  #2328315 2-Oct-2019 10:10
Send private message

As nztim says it's all very case sensitive! I did follow a sample setup on the extension pages. Maybe nztim can post his config to you?

Happy to help you though I'm unavailable till next week (family holiday!)

kelirkenan
4 posts

Wannabe Geek


  #2328693 2-Oct-2019 23:04
Send private message

I don't believe my problem is related to case sensitivity, but as I've tried anything I've came up with, it can be. What I want is to authenticate users against my Active Directory server and, if it is the first time a user logs in, I want mediawiki to create its account. The configuration I have right now gives these two messages dependending on the correct input of the user and password or not. Let me show it to you:

 

- If I write the correct username and password of a user I get the following message: "The supplied credentials are not associated with any user on this wiki."

 

- If I write the correct username but an incorrect password of the user I get the following message: "Could not authenticate credentials against domain "myaddomain" "

 

Attending these behaviour, I believe the connection to the Active Directory server is correct, but mediawiki is configured to not create the new user account automatically. Am I right? I've tried to configure LDAPProvider extension with a JSON file and PHP, but they both show the same behaviour. I have the same lines in LocalSettings.php than nztim:

 

$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['autocreateaccount'] = true;

 

Another thing I want to know is if I should use another extra extension for what I'm trying to accomplish. Right now I'm using these three extensions:

 

- LDAPAuthentication2

 

- PluggableAuth

 

- LDAPProvider

 

Maybe I'm lacking the use of LDAPAuthorization?

 

Thanks for yesterday's quick answers.


nzkc
898 posts

Ultimate Geek


  #2329347 4-Oct-2019 06:40
Send private message

Sounds EXACTLY like nztim's issue TBH!

kelirkenan
4 posts

Wannabe Geek


  #2333126 9-Oct-2019 03:20
Send private message

I have finally been able to solve all my problems. Regarding that the actual documentation for LDAPStack is terrible I came up with a topic on mediawiki forums (https://www.mediawiki.org/wiki/Topic:V4vp8jf98hn5cpj5) where I found the solution. I had to add $this->domain = 'mydomain'; return true; into mediawiki/extensions/LDAPProvider/src/Hook/UserLoadAfterLoadFromSession.php in line 127. That line of code solved all my problems.

 

Hope anyone having issues with the new extensions will find this GeekZone topic and solve it!

 

Thanks!


awliste
2 posts

Wannabe Geek


  #2362012 28-Nov-2019 09:01
Send private message

If I beg nicely, would one of you fine folks send me a sanitized LocalSettings.php that is known good for PluggableAuth, LDAPProvider, LDAPAuthentication2, and LDAPAuthorization extensions? I can't get mine to cooperate to save my life. I don't think I have a case sensitivity issue in my config, and while I completely agree with @kelirkenan about mediawiki documentation, adding that line in changed nothing on my host. 

 

My general symptom is I can authenticate a user, but when I try to edit a page, the mediawiki times me out. When I turn on authorization, my accounts are not authorized to login. This is a "follow the recipe" install on CentOS (it's a docker container. Happy to provide the Dockerfile if anyone has the need), pull down the extensions from mwf, un-tar them in extensions, adapt LocalSettings as appropriate and fire it up. php maintenance/update.php is.... interesting.

 

FWIW, and something kind of odd/interesting, I did a VM build (non docker) of Mediawiki so I could capture steps as I was putting together my Dockerfile. On that image, I CAN edit pages as a user, but when I turn on Authorization, I get the same symptom as the containerized mediawiki.

 

groupsrequest mechanism maybe? I don't know which method to use on OpenLDAP, or how to find that information. 

 

Any help would be very, very much appreciated. Thanks for your time, thanks for putting this forum together, and thanks for helping me realize it's not just me living the struggle with this thing.

 

Take it easy.

 

R/,

 

 - A


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News »

Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS1621+ 
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13


Teletrac Navman launches integrated multi-camera solution for transport and logistics industry
Posted 8-Oct-2020 10:57


Farmside hits 10,000 RBI customers
Posted 7-Oct-2020 15:32


NordVPN starts deploying colocated servers
Posted 7-Oct-2020 09:00


Google introduces Nest Wifi routers in New Zealand
Posted 7-Oct-2020 05:00


Orcon to bundle Google Nest Wifi router with new accounts
Posted 7-Oct-2020 05:00


Epay and Centrapay partner to create digital gift cards
Posted 2-Oct-2020 17:34


Inseego launches 5G MiFi M2000 mobile hotspot
Posted 2-Oct-2020 14:53









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.