Tags:
create new tag
, view all tags

Question

I'm using LDAP to authenticate the user ID/password and hope to get a proper WikiName from givenName and sn attributes from LDAP.

It looks it's possible, but somehow I always get the login ID for the wikiname and the user's topic is created with the login ID. If someone can shed light on this I appreciate that.

The LDAP authetication works (ie, I can log in) and I can display the user details using LdapNgPlugin. I also tried it by clearing the cache file (LdapCache). I can see 'txy' is included in the cache file, but as shown below the log says 'WOOPs, wikiname for txy is not found' after the cache look-up. 'TXY' is from the capitalised log-in ID I used.

I also use the following things.

TWiki::Client::ApacheLogin (mod_auth and the conf file was changed to include the LDAP setting) PasswordManager is not used TWiki::User::LdapUserMapping

This is the debugging info I can find in the apache error log. I displayed only the Main webhome and didn't log in yet, but it looks it tries to get the user info from LDAP from somewhere.

[Wed Sep 26 12:16:53 2007] [error] [client 10.34.8.199] constructed a new LdapContrib object
[Wed Sep 26 12:16:53 2007] [error] [client 10.34.8.199] Ldap::Contrib - cache not found
[Wed Sep 26 12:16:53 2007] [error] [client 10.34.8.199] Ldap::Contrib - updating cache
[Wed Sep 26 12:16:53 2007] [error] [client 10.34.8.199] Ldap::Contrib - cacheHits=1
[Wed Sep 26 12:16:53 2007] [error] [client 10.34.8.199] Ldap::Contrib - cacheAge=9999999999
[Wed Sep 26 12:16:53 2007] [error] [client 10.34.8.199] called isGroup(TWikiAdminGroup)
[Wed Sep 26 12:16:53 2007] [error] [client 10.34.8.199] called groupMembers(TWikiAdminGroup)
[Wed Sep 26 12:16:53 2007] [error] [client 10.34.8.199] called getGroupMembers(TWikiAdminGroup)
[Wed Sep 26 12:16:53 2007] [error] [client 10.34.8.199] called isGroup(txy)
[Wed Sep 26 12:16:53 2007] [error] [client 10.34.8.199] called getGroupNames()
[Wed Sep 26 12:16:53 2007] [error] [client 10.34.8.199] called search(filter=objectClass=posixGroup, base=ou=itn,ou=noa, o=ird, scope=sub, limit=0, attrs=cn)
[Wed Sep 26 12:16:53 2007] [error] [client 10.34.8.199] called connect
[Wed Sep 26 12:16:53 2007] [error] [client 10.34.8.199] anonymous bind
[Wed Sep 26 12:16:56 2007] [error] [client 10.34.8.199] found 0 entries
[Wed Sep 26 12:16:56 2007] [error] [client 10.34.8.199] done search
[Wed Sep 26 12:16:56 2007] [error] [client 10.34.8.199] isGroup{txy}=0
[Wed Sep 26 12:16:56 2007] [error] [client 10.34.8.199] called lookupLoginName(txy)
[Wed Sep 26 12:16:56 2007] [error] [client 10.34.8.199] called loadLdapMapping()
[Wed Sep 26 12:16:56 2007] [error] [client 10.34.8.199] need to fetch mapping
[Wed Sep 26 12:16:56 2007] [error] [client 10.34.8.199] called search(filter=objectClass=posixAccount, base=ou=itn,ou=noa,o=ird, scope=sub, limit=0, attrs=uid,givenName,sn,cn)
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] found 1 entries
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] done search
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] adding wikiName=NFAUUserNFAUUser, loginName=nfauuser
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] oops, no resp
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] got 1 keys in cache
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] asking SUPER
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] WOOPS, wikiName for txy not found
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] got wikiName=txy and loginName=txy
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] called isGroup(txy)
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] isGroup{txy}=0
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] called isGroup(TXY)
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] isGroup{TXY}=0
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] called lookupLoginName(TXY)
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] found loginName in cache
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] called isGroup(TWikiContributor)
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] isGroup{TWikiContributor}=0
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] called lookupLoginName(TWikiContributor)
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] asking SUPER
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] got wikiName=TWikiContributor and loginName=TWikiContributor
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] Ldap::Contrib - writing ldap cache to file
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] Ldap::Contrib - done
[Wed Sep 26 12:16:59 2007] [error] [client 10.34.8.199] called disconnect()

This is the configuration file detail (LocalSite.cfg). Some details are sppressed.

$TWiki::cfg{DefaultUrlHost} = 'http://xxx(suppressed)xxx';
$TWiki::cfg{ScriptUrlPath} = '/twiki412/bin';
$TWiki::cfg{PubUrlPath} = '/twiki412/pub';
$TWiki::cfg{PubDir} = '/home/httpd/twiki412/pub';
$TWiki::cfg{TemplateDir} = '/home/httpd/twiki412/templates';
$TWiki::cfg{DataDir} = '/home/httpd/twiki412/data';
$TWiki::cfg{LocalesDir} = '/home/httpd/twiki412/locale';
$TWiki::cfg{TempfileDir} = '/home/httpd/twiki412/tmp/twiki412';
$TWiki::cfg{ScriptSuffix} = '';
$TWiki::cfg{OS} = 'UNIX';
$TWiki::cfg{DetailedOS} = 'linux';
$TWiki::cfg{Password} = '';
$TWiki::cfg{UseClientSessions} = 1;
$TWiki::cfg{Sessions}{ExpireAfter} = 21600;
$TWiki::cfg{Sessions}{IDsInURLs} = 0;
$TWiki::cfg{Sessions}{UseIPMatching} = 1;
$TWiki::cfg{Sessions}{MapIP2SID} = 0;
$TWiki::cfg{LoginManager} = 'TWiki::Client::ApacheLogin';
$TWiki::cfg{LoginNameFilterIn} = '^[^\\s\\*?~^\\$@%`"\'&;|<>\\x00-\\x1f]+$';
$TWiki::cfg{DefaultUserLogin} = 'guest';
$TWiki::cfg{DefaultUserWikiName} = 'TWikiGuest';
$TWiki::cfg{AdminUserWikiName} = 'TWikiAdminGroup';
$TWiki::cfg{SuperAdminGroup} = 'TWikiAdminGroup';
$TWiki::cfg{UsersTopicName} = 'TWikiUsers';
$TWiki::cfg{MapUserToWikiName} = 1;
$TWiki::cfg{AuthScripts} = 'attach,edit,manage,rename,save,upload,viewauth,rdiffauth';
$TWiki::cfg{AuthRealm} = 'Enter your TWiki.LoginName. (Typically First name and last name, no space, no dots, capitalized, e.g. !JohnSmith, unless you chose otherwise). Visit TWiki.TWikiRegistration if you do not have one.';
$TWiki::cfg{PasswordManager} = 'none';
$TWiki::cfg{MinPasswordLength} = 1;
$TWiki::cfg{Htpasswd}{FileName} = '/home/httpd/twiki412/data/.htpasswd';
$TWiki::cfg{Htpasswd}{Encoding} = 'crypt';
$TWiki::cfg{UserMappingManager} = 'TWiki::Users::LdapUserMapping';
$TWiki::cfg{Register}{HidePasswd} = 1;
$TWiki::cfg{Register}{NeedVerification} = 0;
$TWiki::cfg{SafeEnvPath} = '/bin:/usr/bin';
$TWiki::cfg{DenyDotDotInclude} = 1;
$TWiki::cfg{AllowInlineScript} = 1;
$TWiki::cfg{UploadFilter} = '^(\\.htaccess|.*\\.(?i)(?:php[0-9s]?(\\..*)?|[sp]htm[l]?(\\..*)?|pl|py|cgi))$';
$TWiki::cfg{NameFilter} = '[\\s\\*?~^\\$@%`"\'&;|<>\\x00-\\x1f]';
$TWiki::cfg{AntiSpam}{EmailPadding} = '';
$TWiki::cfg{AntiSpam}{HideUserDetails} = 1;
$TWiki::cfg{AntiSpam}{RobotsAreWelcome} = 1;
$TWiki::cfg{Log}{view} = 1;
$TWiki::cfg{Log}{search} = 1;
$TWiki::cfg{Log}{changes} = 1;
$TWiki::cfg{Log}{rdiff} = 1;
$TWiki::cfg{Log}{edit} = 1;
$TWiki::cfg{Log}{save} = 1;
$TWiki::cfg{Log}{upload} = 1;
$TWiki::cfg{Log}{attach} = 1;
$TWiki::cfg{Log}{rename} = 1;
$TWiki::cfg{Log}{register} = 1;
$TWiki::cfg{ConfigurationLogName} = '/home/httpd/twiki412/data/configurationlog.txt';
$TWiki::cfg{DebugFileName} = '/home/httpd/twiki412/data/debug.txt';
$TWiki::cfg{WarningFileName} = '/home/httpd/twiki412/data/warn%DATE%.txt';
$TWiki::cfg{LogFileName} = '/home/httpd/twiki412/data/log%DATE%.txt';
$TWiki::cfg{Languages}{ru}{Enabled} = 1;
$TWiki::cfg{Languages}{sv}{Enabled} = 1;
$TWiki::cfg{Languages}{'zh-tw'}{Enabled} = 1;
$TWiki::cfg{Languages}{cs}{Enabled} = 1;
$TWiki::cfg{Languages}{'zh-cn'}{Enabled} = 1;
$TWiki::cfg{Languages}{es}{Enabled} = 1;
$TWiki::cfg{Languages}{nl}{Enabled} = 1;
$TWiki::cfg{Languages}{pl}{Enabled} = 1;
$TWiki::cfg{Languages}{fr}{Enabled} = 1;
$TWiki::cfg{Languages}{da}{Enabled} = 1;
$TWiki::cfg{Languages}{de}{Enabled} = 1;
$TWiki::cfg{Languages}{pt}{Enabled} = 1;
$TWiki::cfg{Languages}{it}{Enabled} = 1;
$TWiki::cfg{DisplayTimeValues} = 'gmtime';
$TWiki::cfg{Site}{Locale} = 'en_US.ISO-8859-1';
$TWiki::cfg{Site}{LocaleRegexes} = 1;
$TWiki::cfg{UpperNational} = '';
$TWiki::cfg{LowerNational} = '';
$TWiki::cfg{PluralToSingular} = 1;
$TWiki::cfg{StoreImpl} = 'RcsWrap';
$TWiki::cfg{RCS}{ExtOption} = '';
$TWiki::cfg{RCS}{dirPermission} = 493;
$TWiki::cfg{RCS}{filePermission} = 420;
$TWiki::cfg{RCS}{asciiFileSuffixes} = '\\.(txt|html|xml|pl)$';
$TWiki::cfg{RCS}{initBinaryCmd} = '/usr/bin/rcs  -i -t-none -kb %FILENAME|F%';
$TWiki::cfg{RCS}{initTextCmd} = '/usr/bin/rcs  -i -t-none -ko %FILENAME|F%';
$TWiki::cfg{RCS}{tmpBinaryCmd} = '/usr/bin/rcs  -kb %FILENAME|F%';
$TWiki::cfg{RCS}{ciCmd} = '/usr/bin/ci  -m%COMMENT|U% -t-none -w%USERNAME|S% -u %FILENAME|F%';
$TWiki::cfg{RCS}{ciDateCmd} = '/usr/bin/ci  -m%COMMENT|U% -t-none -d%DATE|D% -u -w%USERNAME|S% %FILENAME|F%';
$TWiki::cfg{RCS}{coCmd} = '/usr/bin/co  -p%REVISION|N% -ko %FILENAME|F%';
$TWiki::cfg{RCS}{histCmd} = '/usr/bin/rlog  -h %FILENAME|F%';
$TWiki::cfg{RCS}{infoCmd} = '/usr/bin/rlog  -r%REVISION|N% %FILENAME|F%';
$TWiki::cfg{RCS}{rlogDateCmd} = '/usr/bin/rlog  -d%DATE|D% %FILENAME|F%';
$TWiki::cfg{RCS}{diffCmd} = '/usr/bin/rcsdiff  -q -w -B -r%REVISION1|N% -r%REVISION2|N% -ko --unified=%CONTEXT|N% %FILENAME|F%';
$TWiki::cfg{RCS}{lockCmd} = '/usr/bin/rcs  -l %FILENAME|F%';
$TWiki::cfg{RCS}{unlockCmd} = '/usr/bin/rcs  -u %FILENAME|F%';
$TWiki::cfg{RCS}{breaklockCmd} = '/usr/bin/rcs  -u -M %FILENAME|F%';
$TWiki::cfg{RCS}{delRevCmd} = '/usr/bin/rcs  -o%REVISION|N% %FILENAME|F%';
$TWiki::cfg{RCS}{SearchAlgorithm} = 'TWiki::Store::SearchAlgorithms::Forking';
$TWiki::cfg{RCS}{EgrepCmd} = '/bin/egrep %CS{|-i}% %DET{|-l}% -H -- %TOKEN|U% %FILES|F%';
$TWiki::cfg{RCS}{FgrepCmd} = '/bin/fgrep %CS{|-i}% %DET{|-l}% -H -- %TOKEN|U% %FILES|F%';
$TWiki::cfg{RCS}{WorkAreaDir} = '/home/httpd/twiki412/pub/_work_areas';
$TWiki::cfg{EnableHierarchicalWebs} = 1;
$TWiki::cfg{SystemWebName} = 'TWiki';
$TWiki::cfg{TrashWebName} = 'Trash';
$TWiki::cfg{UsersWebName} = 'Main';
$TWiki::cfg{WebMasterEmail} = 'teru.yanagihashi@xxxxx';
$TWiki::cfg{WebMasterName} = 'TWiki Administrator';
$TWiki::cfg{MailProgram} = '/usr/sbin/sendmail -t -oi -oeq';
$TWiki::cfg{SMTP}{MAILHOST} = 'osep25';
$TWiki::cfg{SMTP}{SENDERHOST} = '';
$TWiki::cfg{SMTP}{Username} = '';
$TWiki::cfg{SMTP}{Password} = '';
$TWiki::cfg{RemoveImgInMailnotify} = 1;
$TWiki::cfg{NotifyTopicName} = 'WebNotify';
$TWiki::cfg{SMTP}{Debug} = 0;
$TWiki::cfg{PROXY}{HOST} = 'cache1';
$TWiki::cfg{PROXY}{PORT} = '3148';
$TWiki::cfg{Stats}{TopViews} = 10;
$TWiki::cfg{Stats}{TopContrib} = 10;
$TWiki::cfg{Stats}{TopicName} = 'WebStatistics';
$TWiki::cfg{TemplatePath} = '/home/httpd/twiki412/templates/$web/$name.$skin.tmpl, /home/httpd/twiki412/templates/$name.$skin.tmpl, /home/httpd/twiki412/templates/$web/$name.tmpl, /home/httpd/twiki412/templates/$name.tmpl, $web.$skinSkin$nameTemplate, TWiki.$skinSkin$nameTemplate, $web.$nameTemplate, TWiki.$nameTemplate';
$TWiki::cfg{LinkProtocolPattern} = '(file|ftp|gopher|https|http|irc|mailto|news|nntp|telnet)';
$TWiki::cfg{SiteWebTopicName} = '';
$TWiki::cfg{SitePrefsTopicName} = 'TWikiPreferences';
$TWiki::cfg{LocalSitePreferences} = 'Main.TWikiPreferences';
$TWiki::cfg{HomeTopicName} = 'WebHome';
$TWiki::cfg{WebPrefsTopicName} = 'WebPreferences';
$TWiki::cfg{NumberOfRevisions} = 4;
$TWiki::cfg{ReplaceIfEditedAgainWithin} = 3600;
$TWiki::cfg{LeaseLength} = 3600;
$TWiki::cfg{LeaseLengthLessForceful} = 3600;
$TWiki::cfg{MimeTypesFileName} = '/home/httpd/twiki412/data/mime.types';
$TWiki::cfg{RegistrationApprovals} = '/home/httpd/twiki412/data/RegistrationApprovals';
$TWiki::cfg{Plugins}{CommentPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{EditTablePlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{InterwikiPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{PreferencesPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{SlideShowPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{SmiliesPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{SpreadSheetPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{TablePlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{TwistyPlugin}{Enabled} = 1;
$TWiki::cfg{PluginsOrder} = 'SpreadSheetPlugin';
$TWiki::cfg{Site}{CharSet} = 'iso-8859-15';
$TWiki::cfg{Site}{Lang} = 'en';
$TWiki::cfg{Site}{FullLang} = 'en-us';
$TWiki::cfg{Plugins}{NewUserPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{GluePlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{LdapNgPlugin}{Enabled} = 1;
$TWiki::cfg{Ldap}{Host} = 'xxx(suppressed)xxx';
$TWiki::cfg{Ldap}{Port} = 389;
$TWiki::cfg{Ldap}{Version} = '3';
$TWiki::cfg{Ldap}{Base} = 'xxx(suppressed)xxx';
$TWiki::cfg{Ldap}{BindDN} = '';
$TWiki::cfg{Ldap}{BindPassword} = '';
$TWiki::cfg{Ldap}{SSL} = 0;
$TWiki::cfg{Ldap}{UserBase} = '';
$TWiki::cfg{Ldap}{LoginAttribute} = 'uid';
$TWiki::cfg{Ldap}{WikiNameAttribute} = 'givenName, sn, cn';
$TWiki::cfg{Ldap}{NormalizeWikiNames} = 1;
$TWiki::cfg{Ldap}{LoginFilter} = 'objectClass=posixAccount';
$TWiki::cfg{Ldap}{MapGroups} = 1;
$TWiki::cfg{Ldap}{GroupBase} = 'xxx(suppressed)xxx';
$TWiki::cfg{Ldap}{GroupAttribute} = 'cn';
$TWiki::cfg{Ldap}{GroupFilter} = 'objectClass=posixGroup';
$TWiki::cfg{Ldap}{TWikiGroupsBackoff} = 1;
$TWiki::cfg{Ldap}{MemberAttribute} = 'memberUid';
$TWiki::cfg{Ldap}{MemberIndirection} = 0;
$TWiki::cfg{Ldap}{MaxCacheHits} = -1;
$TWiki::cfg{Ldap}{MaxCacheAge} = 60;
$TWiki::cfg{Ldap}{Exclude} = 'TWikiGuest, TWikiContributor, TWikiRegistrationAgent, TWikiAdminGroup, NobodyGroup';
$TWiki::cfg{Ldap}{PageSize} = 200;
$TWiki::cfg{Ldap}{Debug} = 1;
$TWiki::cfg{Plugins}{RequireRegistrationPlugin}{Enabled} = 0;
$TWiki::cfg{Plugins}{EmptyPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{RenderListPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{WysiwygPlugin}{Enabled} = 1;
$TWiki::cfg{Register}{AllowLoginName} = 1;

Environment

TWiki version: TWikiRelease04x01x02
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin, NewUserPlugin, LdapContrib, LdapNgPlugin, GluePlugin
Server OS: Ubuntu Linux 2.6.10 (i486-linux-gnu-thread-multi)
Web server: Apache/2.0.55 (Ubuntu) PHP/5.1.2
Perl version: 5.008007 (linux)
Client OS: MS Windows 2000, sp4
Web Browser: Firefox and IE6
Categories: Authentication

-- TeruYanagihashi - 26 Sep 2007

Answer

ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

What Ldap backend are you trying to authenticate against? From the looks of things, I would say OpenLdap or something equivalent. I have just set this up against Active Directory and may have some help for you... The main thing I am seeing is it looks like your UserBase is not set(unless you suppressed it). I'm not sure if it inherits $TWiki::cfg{Ldap}{Base} if undefined, but it probably should at least be:

$TWiki::cfg{Ldap}{UserBase} = 'dc=mydomain,dc=local';
(or whatever your suppresseed $TWiki::cfg{Ldap}{Base} is...

-- DouglasWoodgate - 27 Sep 2007

Thanks Douglas for your comment. I checked the LDAP setting with JXplorer and changed LoginFilter to 'person' as posixAccount didn't seem to contain the attributes I wanted. After that it started working. I didn't have to change Base and UserBase after all.

-- TeruYanagihashi - 01 Oct 2007

Change status to:
Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r3 - 2007-10-01 - TeruYanagihashi
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.