LdapLoginNameNotAWikiName < Support

Question

I have installed 4.2. Everything is working as expected (with little tweaking ...) except the ldap integration. Authentication works fine with LDAP but only issue is the case. If I login as phani.yenugu or Phani.Yenugu the wikiname should be PhaniYenugu right ? But the wikiname is phaniyenugu when I login as phani.yenugu. I did check other posts/bugs/chats but I did not find a solution to fix this issue. WikiName format is what is causing issues to me. As long as either lowercase or uppercase works, I have no problem. But WikiName format is what is causing the permission issues to the topics.

I wan to put this in production as soon as possible. Hundreds of users are eagerly waiting to starting using TWiki. I would appreciate if anyone could give me a fix. I dont know at this point what I am going to do after spending so much time and energy setting my wiki site up. Please help !!!!!

I am using aix 5.3, apache 2.6, twiki 4.2 with Microsoft AD for LDAP.

LDAP related config :

$TWiki::cfg{LoginManager} = 'TWiki::LoginManager::TemplateLogin';

$TWiki::cfg{UserMappingManager} = 'TWiki::Users::LdapUserMapping';

$TWiki::cfg{Register}{EnableNewUserRegistration} = 0;

$TWiki::cfg{Register}{HidePasswd} = 1;

$TWiki::cfg{PasswordManager} = 'TWiki::Users::LdapUser';

$TWiki::cfg{Ldap}{Host} = 'xxxx';

$TWiki::cfg{Ldap}{Port} = 389;

$TWiki::cfg{Ldap}{Version} = '3';

$TWiki::cfg{Ldap}{Base} = 'dc=na,dc=mycompany,dc=com';

$TWiki::cfg{Ldap}{BindDN} = 'cn=slc.wikildap,ou=serviceaccounts,ou=users,ou=group,dc=na,dc=company,dc=com';

$TWiki::cfg{Ldap}{BindPassword} = 'secret'; $TWiki::cfg{Ldap}{UseSASL} = 0;

$TWiki::cfg{Ldap}{SASLMechanism} = 'PLAIN CRAM-MD5 EXTERNAL ANONYMOUS';

$TWiki::cfg{Ldap}{Debug} = 1;

$TWiki::cfg{Ldap}{UserBase} = 'dc=na,dc=saralee,dc=com';

$TWiki::cfg{Ldap}{LoginFilter} = 'objectClass=user';

$TWiki::cfg{Ldap}{LoginAttribute} = 'sAMAccountname';

$TWiki::cfg{Ldap}{WikiNameAttribute} = 'givenName, sn';

$TWiki::cfg{Ldap}{NormalizeWikiNames} = 1;

$TWiki::cfg{Ldap}{NormalizeLoginName} = 1;

$TWiki::cfg{Ldap}{AllowChangePassword} = 0;

$TWiki::cfg{Ldap}{SecondaryPasswordManager} = 'none';

$TWiki::cfg{Ldap}{GroupBase} = 'ou=group,dc=my,dc=domain,dc=com';

$TWiki::cfg{Ldap}{GroupFilter} = 'objectClass=group';

$TWiki::cfg{Ldap}{GroupAttribute} = 'sAMAccountname';

$TWiki::cfg{Ldap}{MemberAttribute} = 'memberUid';

$TWiki::cfg{Ldap}{MemberIndirection} = 0;

$TWiki::cfg{Ldap}{TWikiGroupsBackoff} = 1;

$TWiki::cfg{Ldap}{NormalizeGroupName} = 0;

$TWiki::cfg{Ldap}{MapGroups} = 0;

$TWiki::cfg{Ldap}{MaxCacheAge} = 86400;

$TWiki::cfg{Ldap}{PageSize} = 500;

$TWiki::cfg{Ldap}{Exclude} = 'TWikiGuest, TWikiContributor, TWikiRegistrationAgent, TWikiAdminGroup, NobodyGroup ';

$TWiki::cfg{Plugins}{LdapNgPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{NewUserPlugin}{Enabled} = 1;

Environment

TWiki version:	TWikiRelease04x02x00
TWiki plugins:	CommentPlugin;LdaNgPlugin;NewUserPlugin;EditTablePlugin;InterwikiPlugin;PreferencesPlugin;SlideShowPlugin;SmiliesPlugin;SpreadSheetPlugin;TablePlugin;TwistyPlugin;EmptyPlugin;RenderListPlugin;BreadCrumbsPlugin;FilterPlugin;FlexWebListPlugin;GluePlugin;IfDefinedPlugin;NatSkinPlugin;RedDotPlugin;JQueryPlugin;GoogleAjaxSearchPlugin;
Server OS:	AIX 5.3
Web server:	Apache 2.6
Perl version:	5.8.2
Client OS:	MS Windows XP
Web Browser:	IE 6.0
Categories:	Add-Ons

-- PhaniYenugu - 28 May 2008

Answer

If you answer a question - or have a question you asked answered by someone - please remember to edit the page and set the status to answered. The status is in a drop-down list below the edit box.

Anyone ? Please help !!!

-- PhaniYenugu - 29 May 2008

What are your component versions? (LdapNgPlugin requires LdapContrib). The latest versions appear to be:

LdapNgPlugin, v2.01 (13 Nov 2007)
LdapContrib, v2.99.5 (25 May 2008)

That contrib version "fixed normalization error", which might be the cause of your problem.

-- SeanCMorgan - 29 May 2008

Thanks Sean. I just installed the new LdapContrib and I still see my WikiName on the top. If I login as phani.yenugu and Phani.Yenugu I still see 2 topics being created in Main Web. Also I dont see the TWikiUsers topic is not being populated ? Any clue there ?

-- PhaniYenugu - 29 May 2008

As I read the code, your setting of {Ldap}{NormalizeWikiNames} = 1; is supposed to convert your two login cases into a WikiName.

Maybe in addition to this support request, you should report it at Bugs:LdapNgPlugin or Bugs:LdapContrib.

On the second part, please check that the TWikiRegistrationAgent user has change access to the TWikiUsers topic.

-- SeanCMorgan - 29 May 2008

Thanks Sean. I changed $TWiki::cfg{Ldap}{WikiNameAttribute} value from 'givenName, sn' to 'cn' and did not help either. I will check access of TWikiUsers topic permissions.

-- PhaniYenugu - 29 May 2008

What the actual value of 'cn' for your account? On my system, it's "Morgan, Sean", which isn't what you want. Actually, if you don't mind, can you double-check what your account has for each of these:

cn =
givenName =
sAMAccountname =
sn =

-- SeanCMorgan - 29 May 2008

One more thing: take a look WikiNameBackwardsAndInCaps, especially the code changes at the end. He captured some additional information in debug, and then tweaked the generated names himself.

-- SeanCMorgan - 29 May 2008

From Apache log : adding wikiName='PhaniYenugu', loginName='phani.yenugu', dn=CN=phani.yenugu,OU=Users,OU=City,OU=Corporate,DC=na,DC=company,DC=com.

How can I check the rest of the values ? I checked TWikiUsers topic and TWikiGuest and TWikiRegistration has access to changethetopic.

-- PhaniYenugu - 29 May 2008

I checked the link earlier. But I thought the current Version of LdapContrib would fix the issue.

-- PhaniYenugu - 29 May 2008

When I run %LDAPUSERS{}%, I get only PhaniYenugu and not phaniyenugu even though I am able to log on as phani.yenugu and Phani.Yenugu. I am confused.

-- PhaniYenugu - 29 May 2008

Sean.. Looks like I accidentally locked myself out in the other Groups issue that I had. Check out to see if you can access it.

-- PhaniYenugu - 29 May 2008

I sent a note to Peter Theony to fix the access issue on the TWikiGroupsIssue.

-- PhaniYenugu - 29 May 2008

My login id is also the same format (alex.wong) and I am having the exact issue.

-- AlexWong - 29 May 2008

There is a similar issue here: LdapLoginNameNotAWikiName . Based on that information, I made an ugly hack to fix this.

Add the following to the getWikiNameOfLogin function located in the file LdapContrib.pm

$loginName =~ s/\_46/\./g;

Add this between

$loginName = lc($loginName);

and this

return TWiki::Sandbox::untaintUnchecked($this->{data}{"U2W::$loginName"});

The number 46 is the ASCII code for a period. It gets converted somewhere.

Hope this helps.

-- AlexWong - 30 May 2008

Wow. That was excellent. It seems like fixed it. I will now check to see if my TWikiGroupsIssue is resolved.

-- PhaniYenugu - 30 May 2008

Nope. It did not fix it. I still have issues with it. Alex, can you take a look at TWikiGroupsIssue and let me know if you have any ideas ?

-- PhaniYenugu - 30 May 2008

Since this is resolved for me. I am going change to AnsweredQuestions.

-- PhaniYenugu - 30 May 2008

WebForm
SupportStatus	AnsweredQuestions

Topic revision: r12 - 2008-05-30 - PhaniYenugu

Account
- Log In
- Register User

Edit
Attach

Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2012 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.