Tags:
create new tag
, view all tags

Question

Colleagues,

Just installed TWiki as a candidate for an intranet collaborative application. We are already running M$ Active Directory 2000. Would like to use LDAP authentication and group membership in twiki. LdapContrib v.0.91 is installed.

Problem: TWikiUsers and TWikiGroups topics only display the built-in entries, nothing from LDAP.

The authentication works as needed: it lets in registered AD users with correct passwords, and rejects anyone else. The logged-in user name displayed on twiki pages is just the Windoze login name (sAMAccountName attribute). The {Ldap}{WikiNameAttribute} and {Ldap}{NormalizeWikiName} settings do not seem to have any effect.

Is there any way to achieve what we want? Where can I look further?

Many, many thanks in advance, Alexandre

P.S. Output of the configure script is attached.

Relevant part of our LocalSite.cfg (with confidential info stripped out) follows: 

$TWiki::cfg{AuthRealm} = 'Enter your TWiki.LoginName. (Typically First name and last name, no space, no dots, capitalized, e.g. !JohnSmith, unless you chose otherwise). Visit TWiki.TWikiRegistration if you do not have one.';
$TWiki::cfg{PasswordManager} = 'TWiki::Users::LdapUser';
$TWiki::cfg{MinPasswordLength} = 6;
$TWiki::cfg{Htpasswd}{FileName} = '/var/www/twiki/data/.htpasswd';
$TWiki::cfg{Htpasswd}{Encoding} = 'crypt';
$TWiki::cfg{Register}{HidePasswd} = 0;
$TWiki::cfg{UserMappingManager} = 'TWiki::Users::LdapUserMapping';
$TWiki::cfg{Register}{AllowLoginName} = 1;

$TWiki::cfg{Ldap}{Host} = 'ldap.site.company.com';
$TWiki::cfg{Ldap}{Port} = 389;
$TWiki::cfg{Ldap}{Version} = '3';
$TWiki::cfg{Ldap}{Base} = 'DC=site,DC=company,DC=com';
$TWiki::cfg{Ldap}{BasePasswd} = 'OU=USERS,OU=SITE,DC=site,DC=company,DC=com';
$TWiki::cfg{Ldap}{BaseGroup} = 'OU=GROUPS,OU=SITE,DC=site,DC=company,DC=com';
$TWiki::cfg{Ldap}{LoginAttribute} = 'sAMAccountName';
$TWiki::cfg{Ldap}{LoginFilter} = 'objectClass=user';
$TWiki::cfg{Ldap}{GroupAttribute} = 'cn';
$TWiki::cfg{Ldap}{GroupFilter} = 'objectClass=group';
$TWiki::cfg{Ldap}{MemberAttribute} = 'memberOf';
$TWiki::cfg{Ldap}{MemberIndirection} = 1;
$TWiki::cfg{Ldap}{WikiNameAttribute} = 'sn, givenName';
$TWiki::cfg{Ldap}{NormalizeWikiName} = 1; 
#$TWiki::cfg{Ldap}{TWikiGroupsBackoff} = 1;
$TWiki::cfg{Ldap}{BindDN} = 'CN=Trofimov\, Alexandre,OU=USERS,OU=SITE,DC=site,DC=company,DC=com';
$TWiki::cfg{Ldap}{BindPassword} = 'secret';
$TWiki::cfg{Ldap}{SSL} = 0; 
$TWiki::cfg{Ldap}{MaxCacheHits} = -1; 
$TWiki::cfg{Ldap}{MapGroups} = 1;
$TWiki::cfg{Ldap}{Exclude} = 'TWikiGuest, TWikiContributor, TWikiRegistrationAgent, TWikiAdminGroup, NobodyGroup';

Environment

TWiki version: TWikiRelease04x01x02
TWiki plugins: Default package + LdapContrib, Glue, LdapNG, NewUser
Server OS: Ubuntu Linux 6.06, kernel 2.6.15-28-686
Web server: Apache 2.0.55
Perl version: 5.8.7
Client OS: Ubuntu Linux 6.06, kernel 2.6.15-28-686
Web Browser: Firefox 1.5.0.10
Categories: Authentication, Authorisation

-- AlexandreTrofimov - 22 Mar 2007

Answer

ALERT! If you answer a question - or have a question you asked answered by someone - please remember to edit the page and set the status to answered. The status is in a drop-down list below the edit box.

Hi Alexandre,

Perhaps the config details from LdapContribLoginsAreSpotty would be useful to you.

When I'm able to login I see the WikiName instead of the login name in the upper left corner and using the NewUserPlugin my WikiName was added to the Users page.

Unfortunately in my case I think I either have a setting wrong somewhere or there is an issue with LdapContrib as logins don't always work.

-- DeorenMoor - 10 Apr 2007

added link in LdapContribDev

-- SvenDowideit - 30 Apr 2007

Please upgrade to the latest LdapContrib v1.0.1 and try again, please.

-- MichaelDaum - 01 May 2007

See my post LdapAuthenticationCaseSensitivityBug

'sAMAccountName', your LoginAttribute, typically uses capital-letter characters for values because that's how Microsoft likes it.

It'd be interesting to know if this is the cause of your problem or not - your symptoms are very similar to my bug. If this is your problem, you could try a workaround until it is fixed.

-- KevinFirko - 17 May 2007

Michael:

Many thanks! It works like a charm after upgrading to v.1.11 of LdapContrib.

Deoren:

Had similar issues, resolved by disabling mod_perl.

Kevin:

On our site, letters' case in login name do not seem to affect the login process: it all works the same, whether I use trofimov, Trofimov, or TROFIMOV - mapped correctly to LastnameFirstname wiki name.

-- AlexandreTrofimov - 08 Jun 2007

 
Change status to:
WebForm
SupportStatus AnsweredQuestions
Attachments Attachments
Topic attachments
I Attachment Action Size Date Who Comment
Unknown file formatgz twiki-configuration.html.tar.gz manage 33.2 K 2007-03-22 - 16:52 AlexandreTrofimov Output of configure script, gripped html.
Edit | Attach | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r7 - 2007-06-08 - AlexandreTrofimov
 

Twitter Delicious Facebook Digg Google Bookmarks E-mail LinkedIn Reddit StumbleUpon    
  • Download TWiki
TWiki logo Powered by PerlIdeas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2012 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.