Results 1 to 10 of 10

Thread: MediaWiki LDAP Authentication with Zimbra

  1. #1
    Join Date
    Oct 2007
    Location
    San Jose
    Posts
    27
    Rep Power
    8

    Default MediaWiki LDAP Authentication with Zimbra

    We are trying to do an LDAP authentication with a MediaWiki install. We're using the LdapAuthentication extension for MediaWiki.

    Here is the section I'm having difficulty with:
    Extension:LDAP Authentication - MediaWiki

    Basically, this section of code:
    Code:
    $wgLDAPDomainNames = array(
      "testADdomain","testLDAPdomain"
      );
     
    $wgLDAPServerNames = array(
      "testLDAPdomain"=>"testLDAPserver.LDAP.example.com testLDAPserver2.LDAP.example.com"
      );
     
    $wgLDAPEncryptionType = array(
      "testLDAPdomain"=>"clear"
      );
    
    $wgLDAPSearchStrings = array(
      "testLDAPdomain" => "uid=USER-NAME,ou=people,dc=LDAP,dc=example,dc=com"
      );
    I'm not sure what the search string should be for Zimbra's LDAP schema. The USER-NAME is replaced by the MediaWiki user-name according to the notes, but I'm still unsure of the remaining string components.

    There is an option for doing a search rather than directly binding, would this be a solution? Here is the search-based bind sample code:

    Code:
    $wgLDAPSearchAttributes = array(
      "testLDAPdomain"=>"uid"
      );
     
    $wgLDAPBaseDNs = array(
      "testLDAPdomain"=>"dc=LDAP,dc=example,dc=com"
      );
    $wgLDAPGroupBaseDNs = array(
      "testLDAPdomain"=>"ou=group,dc=LDAP,dc=example,dc=com"
      );
    $wgLDAPUserBaseDNs = array(
      "testLDAPdomain"=>"ou=people,dc=LDAP,dc=example,dc=com"
      );

  2. #2
    Join Date
    Oct 2007
    Location
    San Jose
    Posts
    27
    Rep Power
    8

    Default

    Any LDAP help at all? Even just tips on the schema or how to do searches?

  3. #3
    Join Date
    Oct 2006
    Posts
    45
    Rep Power
    9

    Default

    This works well if you have things configured correctly. Our config looks like:

    $wgLDAPUseLocal = false;
    $wgLDAPDomainNames = array("COMPANY NAME");
    $wgLDAPServerNames = array("COMPANY NAME"=>"HOSTNAME");
    $wgLDAPEncryptionType = array("COMPANY NAME"=>"clear");
    $wgLDAPSearchAttributes = array("COMPANY NAME"=>"uid");
    $wgLDAPBaseDNs = array("COMPANY NAME"=>"dc=YOUR,dc=DOMAIN");
    $wgLDAPGroupBaseDNs = array("COMPANY NAME"=>"ou=group,dc=YOUR,dc=DOMAIN");
    $wgLDAPUserBaseDNs = array("COMPANY NAME"=>"ou=people,dc=YOUR,dc=DOMAIN");

    I assume you have the posixAccount extenstions integrated already? Note, I haven't configured Group mappings as yet.

    Cheers,
    David

  4. #4
    Join Date
    Oct 2007
    Location
    San Jose
    Posts
    27
    Rep Power
    8

    Default

    Thanks for the information David! I'm out of the office for a while but I'm going to give this a whirl when I get back next week.

  5. #5
    Join Date
    Nov 2008
    Location
    Vienna, Austria
    Posts
    174
    Rep Power
    7

    Default Success?

    Did you ever resolve this?

    Can you share working LDAP authentication settings?

    -Bernhard

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by krabina View Post
    Did you ever resolve this?

    Can you share working LDAP authentication settings?
    Doesn't post #3 contain the information you need?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    Join Date
    Nov 2008
    Location
    Vienna, Austria
    Posts
    174
    Rep Power
    7

    Default

    Maybe. I haven't tried it yet. I just had the impression that the success post was missing ;-)

  8. #8
    Join Date
    Aug 2009
    Posts
    18
    Rep Power
    6

    Default

    Unfortunately that didn't work for me. I have a fresh mediawiki install and included that few lines from post #3, but it does not work. i set debug level to 3, but where does it log to?

    Code:
    $wgGroupPermissions['*' ]['createaccount'] = false;
    $wgGroupPermissions['user']['createaccount'] = false;
    $wgGroupPermissions['*']['read'] = true;
    $wgGroupPermissions['*']['edit'] = false;
    
    # Enabling LDAP Plugin
    require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );
    $wgAuth = new LdapAuthenticationPlugin();
    
    $wgLDAPUseLocal = false;
    $wgLDAPDomainNames = array("ZCS");
    $wgLDAPServerNames = array("ZCS"=>"icons.at");
    $wgLDAPEncryptionType = array("ZCS"=>"clear");
    $wgLDAPSearchAttributes = array("ZCS"=>"uid");
    $wgLDAPBaseDNs = array("ZCS"=>"dc=icons,dc=at");
    $wgLDAPGroupBaseDNs = array("ZCS"=>"ou=group,dc=icons,dc=at");
    $wgLDAPUserBaseDNs = array("ZCS"=>"ou=people,dc=icons,dc=at");
    
    $wgLDAPSearchStrings = array( "ZCS" => "uid=USER-NAME,ou=people,dc=LDAP,dc=icons,dc=at" );
    $wgLDAPAddLDAPUsers = false;
    $wgLDAPUpdateLDAP = false;
    $wgMinimalPasswordLength = 1;
    $wgLDAPDebug = 3;
    $wgShowExceptionDetails = true;

  9. #9
    Join Date
    Mar 2012
    Posts
    4
    Rep Power
    3

    Exclamation [REALLY SOLVED] Zimbra LDAP + MediaWiki

    Hi all,

    Here is my configuration for zimbra LDAP + MediaWiki:

    in botton of /etc/mediawiki/LocalSettings.php

    # Zimbra - LDAP
    #
    require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );
    $wgAuth = new LdapAuthenticationPlugin();

    $wgLDAPDomainNames = array("domain.com");
    $wgLDAPDebug = 3; $wgDebugLogGroups["ldap"] = "/tmp/ldap.log" ;
    $wgLDAPBaseDNs = array("domain.com" => "ou=People,dc=DOMAIN,dc=com,dc=br");
    $wgLDAPServerNames = array("domain.com" => "XXX.XXX.XXX.XXX");
    $wgLDAPSearchAttributes = array('domain.com' => "uid");
    $wgLDAPEncryptionType = array("domain.com" => "clear");
    $wgLDAPProxyAgent = array("domain.com" => "uid=wiki,ou=People,dc=DOMAIN,dc=com,dc=br");
    $wgLDAPProxyAgentPassword = array("domain.com" => "PAssWORd");

    Remember to disable log and debug options...

    That's it!

  10. #10
    Join Date
    Mar 2012
    Posts
    4
    Rep Power
    3

    Default

    Quote Originally Posted by cent4urus View Post
    Hi all,

    Here is my configuration for zimbra LDAP + MediaWiki:

    in botton of /etc/mediawiki/LocalSettings.php

    # Zimbra - LDAP
    #
    require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );
    $wgAuth = new LdapAuthenticationPlugin();

    $wgLDAPDomainNames = array("domain.com");
    $wgLDAPDebug = 3; $wgDebugLogGroups["ldap"] = "/tmp/ldap.log" ;
    $wgLDAPBaseDNs = array("domain.com" => "ou=People,dc=DOMAIN,dc=com,dc=br");
    $wgLDAPServerNames = array("domain.com" => "XXX.XXX.XXX.XXX");
    $wgLDAPSearchAttributes = array('domain.com' => "uid");
    $wgLDAPEncryptionType = array("domain.com" => "clear");
    $wgLDAPProxyAgent = array("domain.com" => "uid=wiki,ou=People,dc=DOMAIN,dc=com,dc=br");
    $wgLDAPProxyAgentPassword = array("domain.com" => "PAssWORd");

    Remember to disable log and debug options...

    That's it!

    -----------------

    New Note for GroupMappings:


    #
    # Jean - LDAP
    #
    require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );
    $wgAuth = new LdapAuthenticationPlugin();

    $wgLDAPDomainNames = array("domain.com.br");
    $wgLDAPDebug = 3; $wgDebugLogGroups["ldap"] = "/tmp/ldap.log" ;
    $wgLDAPBaseDNs = array("domain.com.br" => "ou=people,dc=domain,dc=com,dc=br");
    $wgLDAPServerNames = array("domain.com.br" => "xxx.xxx.xxx.xxx");
    $wgLDAPSearchAttributes = array("domain.com.br" => "uid");
    //$wgLDAPSearchAttributes = array("domain.com.br" => "memberUid");
    $wgLDAPEncryptionType = array("domain.com.br" => "clear");
    //$wgLDAPProxyAgent = array("domain.com.br" => "uid=wiki,ou=People,dc=domain,dc=com,dc=br");
    $wgLDAPProxyAgent = array("domain.com.br" => "cn=config");
    //$wgLDAPProxyAgentPassword = array("domain.com.br" => "PaSSWoRd");
    $wgLDAPProxyAgentPassword = array("domain.com.br" => "PaSSwORD");
    //$wgLDAPGroupObjectclass = array("domain.com.br" => "posixGroup");
    //$wgLDAPUseLocal = array("domain.com.br") => "false");
    $wgLDAPUseLocal = false;
    $wgLDAPRetrievePrefs = false;
    $wgLDAPGroupAttribute = array("domain.com.br" => "memberUid" );
    $wgLDAPGroupSearchNestedGroups = array("domain.com.br" => "false");
    $wgLDAPGroupNameAttribute = array("domain.com.br" => "cn");
    $wgLDAPGroupBaseDNs = array("domain.com.br" => "ou=groups,dc=domain,dc=com,dc=br");
    $wgLDAPUseLDAPGroups = array("domain.com.br" => "true");
    $wgLDAPLocallyManagedGroups = array("domain.com.br" => array(
    "cn=telefonia,ou=groups,dc=domain,dc=com,dc=br ",
    "cn=diretoria,ou=groups,dc=domain,dc=com,dc=br ",
    "cn=comercial,ou=groups,dc=domain,dc=com,dc=br ",
    "cn=implantacao,ou=groups,dc=domain,dc=com,dc= br",
    "cn=administrativo,ou=groups,dc=domain,dc=com,dc=b r",
    "cn=financeiro,ou=groups,dc=domain,dc=com,dc=b r",
    "cn=qualidade,ou=groups,dc=domain,dc=com,dc=br ",
    "cn=infra,ou=groups,dc=domain,dc=com,dc=br"
    ),
    );
    #$wgLDAPRequiredGroups = array("domain.com.br" => array(
    # "cn=telefonia,ou=groups,dc=domain,dc=com,dc=br ",
    # "cn=diretoria,ou=groups,dc=domain,dc=com,dc=br ",
    # "cn=comercial,ou=groups,dc=domain,dc=com,dc=br ",
    # "cn=implantacao,ou=groups,dc=domain,dc=com,dc= br",
    # "cn=administrativo,ou=groups,dc=domain,dc=com,dc=b r",
    # "cn=financeiro,ou=groups,dc=domain,dc=com,dc=b r",
    # "cn=qualidade,ou=groups,dc=domain,dc=com,dc=br ",
    # "cn=infra,ou=groups,dc=domain,dc=com,dc=br"
    # ),
    #);
    #


    Ok, in the log i See..

    2012-03-14 23:10:52 wikidb: Entering validDomain
    2012-03-14 23:10:52 wikidb: User is using a valid domain.
    2012-03-14 23:10:52 wikidb: Setting domain as: domain.com.br
    2012-03-14 23:10:52 wikidb: Entering getCanonicalName
    2012-03-14 23:10:52 wikidb: Username isn't empty.
    2012-03-14 23:10:52 wikidb: Munged username: Username
    2012-03-14 23:10:52 wikidb: Entering userExists
    2012-03-14 23:10:52 wikidb:
    2012-03-14 23:10:52 wikidb: Entering authenticate
    2012-03-14 23:10:52 wikidb:
    2012-03-14 23:10:52 wikidb: Entering Connect
    2012-03-14 23:10:52 wikidb: Using TLS or not using encryption.
    2012-03-14 23:10:52 wikidb: Using servers: ldap://xxx.xxx.xxx.xxx
    2012-03-14 23:10:52 wikidb: Connected successfully
    2012-03-14 23:10:52 wikidb: Entering getSearchString
    2012-03-14 23:10:52 wikidb: Doing a proxy bind
    2012-03-14 23:10:52 wikidb: Entering getUserDN
    2012-03-14 23:10:52 wikidb: Created a regular filter: (uid=Username)
    2012-03-14 23:10:52 wikidb: Entering getBaseDN
    2012-03-14 23:10:52 wikidb: basedn is not set for this type of entry, trying to get the default basedn.
    2012-03-14 23:10:52 wikidb: Entering getBaseDN
    2012-03-14 23:10:52 wikidb: basedn is ou=people,dc=domain,dc=com,dc=br
    2012-03-14 23:10:52 wikidb: Using base: ou=people,dc=domain,dc=com,dc=br
    2012-03-14 23:10:52 wikidb: Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
    2012-03-14 23:10:52 wikidb: userdn is:
    2012-03-14 23:10:52 wikidb: User DN is blank
    2012-03-14 23:10:52 wikidb: Entering allowPasswordChange
    2012-03-14 23:10:52 wikidb: Entering modifyUITemplate

    at zimbra server.. check the username with low letters:

    zimbra@server:~$ ldapsearch -h xxx.xxx.xxx.xx -W -x -LL -D cn=config memberUid=username ou=groups,dc=domain,dc=com,dc=br
    Enter LDAP Password:
    version: 1

    dn: cn=users,ou=groups,dc=domain,dc=com,dc=br
    dn: cn=telefonia,ou=groups,dc=domain,dc=com,dc=br


    if check with upper first letter:

    zimbra@server:~$ ldapsearch -h xxx.xxx.xxx.xxx -W -x -LL -D cn=config memberUid=Username ou=groups,dc=domain,dc=com,dc=br
    Enter LDAP Password:
    version: 1

    zimbra@server:~$


    Now we know why is not resolving any groups, but where to fix it ?

Similar Threads

  1. QUE Failure
    By tbullock in forum Administrators
    Replies: 31
    Last Post: 07-30-2008, 01:17 PM
  2. Replies: 31
    Last Post: 12-15-2007, 09:05 PM
  3. Zimbra Install Problem - getDirectContext
    By bsimzer in forum Installation
    Replies: 27
    Last Post: 07-19-2007, 11:12 AM
  4. upgrade woes -made into new thread
    By JustinHarlow in forum Installation
    Replies: 18
    Last Post: 06-08-2007, 01:11 PM
  5. Monitoring : Data not yet avalaible
    By s3nz3x in forum Installation
    Replies: 7
    Last Post: 11-30-2005, 07:18 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •