Tags:
create new tag
, view all tags

SID-02328: TWiki 6.0.2 AD Authentication

Status: Asked Asked TWiki version: 6.0.2 Perl version:
Category: CategoryAuthentication Server OS: Centos 7 Last update: 2 hours ago

Hello,

I've seen similar issues around the forums but they seem to have resolved their issue but not post their fix. I purchased and setup the new 6.0.2 Twiki via the OVA file. I want to be able to use LDAP authentication so I followed the direction for LdapContrib. However, it does not appear to be working. I'm not sure if the users are supposed to show when you click on the TWiki UserList and if the groups are supposed to show under TwikiGroups? Any assistance would be greatly appreciated. After the solution is found, I will be sure to post it here. I feel i'm close and just missing a small detail.

Below is my setup: LdapContrib LdapContribAdminPlugin LdapNgPlugin

ldap server is Active Directory

All installed with no errors.

LdapContrib.cfg: (note i removed urls, IPs and domain names so those are actually correct in the file)

# Local site settings for TWiki. This file is managed by the 'configure'
# CGI script, though you can also make (careful!) manual changes with a
# text editor.
$TWiki::cfg{DefaultUrlHost} = 'Correct Host URL';
$TWiki::cfg{UrlHostRegex} = '';
$TWiki::cfg{PermittedRedirectHostUrls} = 'All the correct redirect URLs';
$TWiki::cfg{ScriptUrlPath} = '/do';
$TWiki::cfg{PubUrlPath} = '/pub';
$TWiki::cfg{PubDir} = '/var/www/twiki/pub';
$TWiki::cfg{TemplateDir} = '/var/www/twiki/templates';
$TWiki::cfg{DataDir} = '/var/www/twiki/data';
$TWiki::cfg{LocalesDir} = '/var/www/twiki/locale';
$TWiki::cfg{WorkingDir} = '/var/www/twiki/working';
$TWiki::cfg{ScriptSuffix} = '';
$TWiki::cfg{Password} = 'dstBwIGWoMqXQ';
$TWiki::cfg{SafeEnvPath} = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin';
$TWiki::cfg{UseClientSessions} = 1;
$TWiki::cfg{Sessions}{ExpireAfter} = 21600;
$TWiki::cfg{Sessions}{ExpireCookiesAfter} = 0;
$TWiki::cfg{Sessions}{IDsInURLs} = 0;
$TWiki::cfg{Sessions}{UseIPMatching} = 1;
$TWiki::cfg{Sessions}{MapIP2SID} = 0;
$TWiki::cfg{LoginManager} = 'TWiki::LoginManager::TemplateLogin';
$TWiki::cfg{TwoStepAuthManager} = 'none';
$TWiki::cfg{TemplateLogin}{PreventBrowserRememberingPassword} = 0;
$TWiki::cfg{LoginNameFilterIn} = '^[^\\s\\*?~^\\$@%`"\'&;\\\\|<>\\x00-\\x1f]+$';
$TWiki::cfg{DefaultUserLogin} = 'guest';
$TWiki::cfg{DefaultUserWikiName} = 'TWikiGuest';
$TWiki::cfg{AdminUserLogin} = 'admin';
$TWiki::cfg{AdminUserWikiName} = 'TWikiAdminUser';
$TWiki::cfg{SuperAdminGroup} = 'TWikiAdminGroup';
$TWiki::cfg{Access}{AdminDomain} = 'site';
$TWiki::cfg{UsersTopicName} = 'TWikiUsers';
$TWiki::cfg{AuthScripts} = 'attach,edit,manage,rename,save,upload,viewauth,rdiffauth,rest,mdrepo';
$TWiki::cfg{ForbidUserAction} = '';
$TWiki::cfg{AuthRealm} = 'Enter your LoginName. (Typically First name and last name, no space, no dots, capitalized, e.g. JohnSmith, unless you chose otherwise). Visit TWikiRegistration if you do not have one.';
$TWiki::cfg{UserMappingManager} = 'TWiki::Users::LdapUserMapping';
$TWiki::cfg{Register}{EnableNewUserRegistration} = 1;
$TWiki::cfg{Register}{HidePasswd} = 1;
$TWiki::cfg{Register}{AllowSystemGeneratedPassword} = 1;
$TWiki::cfg{PasswordManager} = 'TWiki::Users::LdapPasswdUser';
$TWiki::cfg{MinPasswordLength} = '8';
$TWiki::cfg{MustChangePasswordAfterReset} = 1;
$TWiki::cfg{Htpasswd}{FileName} = '/var/www/twiki/data/.htpasswd';
$TWiki::cfg{Htpasswd}{Encoding} = 'crypt';
$TWiki::cfg{CryptToken}{Enable} = 1;
$TWiki::cfg{CryptToken}{SecureActions} = 'register,save,comment,createweb,upload';
$TWiki::cfg{OS} = 'UNIX';
$TWiki::cfg{DetailedOS} = 'linux';
$TWiki::cfg{DenyDotDotInclude} = 1;
$TWiki::cfg{AllowInlineScript} = 1;
$TWiki::cfg{UploadFilter} = '^(\\.htaccess|.*\\.(?i)(?:php[0-9s]?(\\..*)?|[sp]htm[l]?(\\..*)?|pl|py|cgi))$';
$TWiki::cfg{NameFilter} = '[\\s\\*?~^\\$\\#@%`"\'&;\\\\|<>\\[\\]\\+\\x00-\\x1f]';
$TWiki::cfg{AccessibleENV} = '^(HTTP_\\w+|REMOTE_\\w+|SERVER_\\w+|REQUEST_\\w+|MOD_PERL|TWIKI_ACTION)$';
$TWiki::cfg{AntiSpam}{EmailPadding} = '';
$TWiki::cfg{AntiSpam}{HideUserDetails} = 1;
$TWiki::cfg{AntiSpam}{RobotsAreWelcome} = 1;
$TWiki::cfg{Log}{view} = 1;
$TWiki::cfg{Log}{viewfile} = 1;
$TWiki::cfg{Log}{search} = 1;
$TWiki::cfg{Log}{changes} = 1;
$TWiki::cfg{Log}{rdiff} = 1;
$TWiki::cfg{Log}{edit} = 1;
$TWiki::cfg{Log}{save} = 1;
$TWiki::cfg{Log}{upload} = 1;
$TWiki::cfg{Log}{attach} = 1;
$TWiki::cfg{Log}{rename} = 1;
$TWiki::cfg{Log}{register} = 1;
$TWiki::cfg{Log}{mdrepo} = 1;
$TWiki::cfg{ConfigurationLogName} = '/var/www/twiki/data/configurationlog.txt';
$TWiki::cfg{DebugFileName} = '/var/www/twiki/data/debug.txt';
$TWiki::cfg{WarningFileName} = '/var/www/twiki/data/warn%DATE%.txt';
$TWiki::cfg{LogFileName} = '/var/www/twiki/data/log%DATE%.txt';
$TWiki::cfg{Languages}{bg}{Enabled} = 1;
$TWiki::cfg{Languages}{cs}{Enabled} = 1;
$TWiki::cfg{Languages}{da}{Enabled} = 1;
$TWiki::cfg{Languages}{de}{Enabled} = 1;
$TWiki::cfg{Languages}{es}{Enabled} = 1;
$TWiki::cfg{Languages}{fr}{Enabled} = 1;
$TWiki::cfg{Languages}{it}{Enabled} = 1;
$TWiki::cfg{Languages}{ja}{Enabled} = 1;
$TWiki::cfg{Languages}{ko}{Enabled} = 1;
$TWiki::cfg{Languages}{nl}{Enabled} = 1;
$TWiki::cfg{Languages}{pl}{Enabled} = 1;
$TWiki::cfg{Languages}{pt}{Enabled} = 1;
$TWiki::cfg{Languages}{ru}{Enabled} = 1;
$TWiki::cfg{Languages}{sv}{Enabled} = 1;
$TWiki::cfg{Languages}{'zh-cn'}{Enabled} = 1;
$TWiki::cfg{Languages}{'zh-tw'}{Enabled} = 1;
$TWiki::cfg{DisplayTimeValues} = 'gmtime';
$TWiki::cfg{DefaultDateFormat} = '$year-$mo-$day';
$TWiki::cfg{Site}{Locale} = 'en_US.ISO-8859-1';
$TWiki::cfg{Site}{LocaleRegexes} = 1;
$TWiki::cfg{UpperNational} = '';
$TWiki::cfg{LowerNational} = '';
$TWiki::cfg{PluralToSingular} = 1;
$TWiki::cfg{StoreImpl} = 'RcsWrap';
$TWiki::cfg{RCS}{ExtOption} = '';
$TWiki::cfg{RCS}{dirPermission} = 493;
$TWiki::cfg{RCS}{filePermission} = 420;
$TWiki::cfg{Store}{RememberChangesFor} = 2678400;
$TWiki::cfg{SummariseSizeLimit} = 0;
$TWiki::cfg{RCS}{asciiFileSuffixes} = '\\.(txt|html|xml|pl)$';
$TWiki::cfg{RCS}{initBinaryCmd} = '/usr/bin/rcs -i -t-none -kb %FILENAME|F%';
$TWiki::cfg{RCS}{initTextCmd} = '/usr/bin/rcs -i -t-none -ko %FILENAME|F%';
$TWiki::cfg{RCS}{tmpBinaryCmd} = '/usr/bin/rcs -kb %FILENAME|F%';
$TWiki::cfg{RCS}{ciCmd} = '/usr/bin/ci -m%COMMENT|U% -t-none -w%USERNAME|S% -u %FILENAME|F%';
$TWiki::cfg{RCS}{ciDateCmd} = '/usr/bin/ci -m%COMMENT|U% -t-none -d%DATE|D% -u -w%USERNAME|S% %FILENAME|F%';
$TWiki::cfg{RCS}{coCmd} = '/usr/bin/co -p%REVISION|N% -ko %FILENAME|F%';
$TWiki::cfg{RCS}{histCmd} = '/usr/bin/rlog -h %FILENAME|F%';
$TWiki::cfg{RCS}{infoCmd} = '/usr/bin/rlog -r%REVISION|N% %FILENAME|F%';
$TWiki::cfg{RCS}{rlogDateCmd} = '/usr/bin/rlog -d%DATE|D% %FILENAME|F%';
$TWiki::cfg{RCS}{diffCmd} = '/usr/bin/rcsdiff -q -w -B -r%REVISION1|N% -r%REVISION2|N% -ko --unified=%CONTEXT|N% %FILENAME|F%';
$TWiki::cfg{RCS}{lockCmd} = '/usr/bin/rcs -l %FILENAME|F%';
$TWiki::cfg{RCS}{unlockCmd} = '/usr/bin/rcs -u %FILENAME|F%';
$TWiki::cfg{RCS}{breaklockCmd} = '/usr/bin/rcs -u -M %FILENAME|F%';
$TWiki::cfg{RCS}{delRevCmd} = '/usr/bin/rcs -o%REVISION|N% %FILENAME|F%';
$TWiki::cfg{RCS}{SearchAlgorithm} = 'TWiki::Store::SearchAlgorithms::Forking';
$TWiki::cfg{RCS}{QueryAlgorithm} = 'TWiki::Store::QueryAlgorithms::BruteForce';
$TWiki::cfg{RCS}{EgrepCmd} = '/bin/grep -E %CS{|-i}% %DET{|-l}% -H -- %TOKEN|U% %FILES|F%';
$TWiki::cfg{RCS}{FgrepCmd} = '/bin/grep -F %CS{|-i}% %DET{|-l}% -H -- %TOKEN|U% %FILES|F%';
$TWiki::cfg{EnableHierarchicalWebs} = 1;
$TWiki::cfg{SystemWebName} = 'TWiki';
$TWiki::cfg{TrashWebName} = 'Trash';
$TWiki::cfg{UsersWebName} = 'Main';
$TWiki::cfg{EnableEmail} = 1;
$TWiki::cfg{WebMasterEmail} = '';
$TWiki::cfg{WebMasterName} = 'TWiki Administrator';
$TWiki::cfg{SmimeCertificateFile} = '';
$TWiki::cfg{SmimeKeyFile} = '';
$TWiki::cfg{SmimeKeyPassword} = '';
$TWiki::cfg{MailProgram} = '/usr/sbin/sendmail -t -oi -oeq';
$TWiki::cfg{SMTP}{MAILHOST} = 'smtp.spmremote.com';
$TWiki::cfg{SMTP}{SENDERHOST} = 'kb.spmc.com';
$TWiki::cfg{SMTP}{Username} = '';
$TWiki::cfg{SMTP}{Password} = '';
$TWiki::cfg{RemoveImgInMailnotify} = 1;
$TWiki::cfg{NotifyTopicName} = 'WebNotify';
$TWiki::cfg{SMTP}{Debug} = 0;
$TWiki::cfg{PROXY}{HOST} = '';
$TWiki::cfg{PROXY}{PORT} = '';
$TWiki::cfg{PROXY}{Username} = '';
$TWiki::cfg{PROXY}{Password} = '';
$TWiki::cfg{PROXY}{SkipProxyForDomains} = '';
$TWiki::cfg{HTTP}{HiddenFields} = 'cookie';
$TWiki::cfg{Stats}{TopViews} = 10;
$TWiki::cfg{Stats}{TopViewers} = 10;
$TWiki::cfg{Stats}{TopContrib} = 10;
$TWiki::cfg{Stats}{TopicName} = 'WebStatistics';
$TWiki::cfg{Stats}{SiteTopViews} = 0;
$TWiki::cfg{Stats}{SiteTopUpdates} = 0;
$TWiki::cfg{Stats}{SiteTopViewers} = 10;
$TWiki::cfg{Stats}{SiteTopContrib} = 10;
$TWiki::cfg{Stats}{SiteStatsTopicName} = 'SiteStatistics';
$TWiki::cfg{Stats}{dfCmd} = '/bin/df %DIRECTORY|F%';
$TWiki::cfg{Stats}{ExcludedWebRegex} = '';
$TWiki::cfg{Stats}{TopAffiliation} = 10;
$TWiki::cfg{Stats}{SiteTopAffiliation} = 10;
$TWiki::cfg{TemplatePath} = '/var/www/twiki/templates/$web/$name.$skin.tmpl, /var/www/twiki/templates/$name.$skin.tmpl, /var/www/twiki/templates/$web/$name.tmpl, /var/www/twiki/templates/$name.tmpl, $web.$skinSkin$nameTemplate, TWiki.$skinSkin$nameTemplate, $web.$nameTemplate, TWiki.$nameTemplate';
$TWiki::cfg{LinkProtocolPattern} = '(file|ftp|gopher|https|http|irc|mailto|news|nntp|telnet)';
$TWiki::cfg{Links}{ExternalLinksInNewWindow} = 1;
$TWiki::cfg{Links}{ExternalLinksIcon} = 1;
$TWiki::cfg{Links}{InternalDomains} = '';
$TWiki::cfg{Links}{TwitterUrlPattern} = 'https://twitter.com/%ID%';
$TWiki::cfg{SitePrefsTopicName} = 'TWikiPreferences';
$TWiki::cfg{LocalSitePreferences} = 'Main.TWikiPreferences';
$TWiki::cfg{HomeTopicName} = 'WebHome';
$TWiki::cfg{WebPrefsTopicName} = 'WebPreferences';
$TWiki::cfg{NumberOfRevisions} = 4;
$TWiki::cfg{ReplaceIfEditedAgainWithin} = 3600;
$TWiki::cfg{LeaseLength} = 3600;
$TWiki::cfg{LeaseLengthLessForceful} = 3600;
$TWiki::cfg{MimeTypesFileName} = '/var/www/twiki/data/mime.types';
$TWiki::cfg{Operators}{Query} = [
'TWiki::Query::OP_and',
'TWiki::Query::OP_eq',
'TWiki::Query::OP_lc',
'TWiki::Query::OP_lte',
'TWiki::Query::OP_not',
'TWiki::Query::OP_ref',
'TWiki::Query::OP_d2n',
'TWiki::Query::OP_gte',
'TWiki::Query::OP_length',
'TWiki::Query::OP_lt',
'TWiki::Query::OP_ob',
'TWiki::Query::OP_uc',
'TWiki::Query::OP_dot',
'TWiki::Query::OP_gt',
'TWiki::Query::OP_like',
'TWiki::Query::OP_ne',
'TWiki::Query::OP_or',
'TWiki::Query::OP_where'
];
$TWiki::cfg{Operators}{If} = [
'TWiki::If::OP_allows',
'TWiki::If::OP_defined',
'TWiki::If::OP_isempty',
'TWiki::If::OP_ingroup',
'TWiki::If::OP_isweb',
'TWiki::If::OP_context',
'TWiki::If::OP_dollar',
'TWiki::If::OP_istopic'
];
$TWiki::cfg{Mdrepo}{Store} = '';
$TWiki::cfg{Mdrepo}{Dir} = '';
$TWiki::cfg{Mdrepo}{Tables} = [
'sites',
'webs:b'
];
$TWiki::cfg{Mdrepo}{RecordIDRe} = '\\w+';
$TWiki::cfg{Mdrepo}{FieldNameRe} = '\\w+';
$TWiki::cfg{ReadOnlyAndMirrorWebs}{SiteName} = '';
$TWiki::cfg{ReadOnlyAndMirrorWebs}{ScriptOnMaster} = 'edit, save, attach, upload, rename, manage';
$TWiki::cfg{WEBLIST}{canmovetoExclude} = '';
$TWiki::cfg{WEBLIST}{cancopytoExclude} = '';
$TWiki::cfg{UserSubwebs}{UserPrefsTopicName} = 'WebHome';
$TWiki::cfg{Plugins}{BackupRestorePlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{ColorPickerPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{CommentPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{DatePickerPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{EditTablePlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{EmptyPlugin}{Enabled} = 0;
$TWiki::cfg{Plugins}{HeadlinesPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{InterwikiPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{JQueryPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{PreferencesPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{RenderListPlugin}{Enabled} = 0;
$TWiki::cfg{Plugins}{SetGetPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{SlideShowPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{SmiliesPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{SpreadSheetPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{TablePlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{TagMePlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{TinyMCEPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{TWikiNetSkinPlugin}{Enabled} = 0;
$TWiki::cfg{Plugins}{TwistyPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{WatchlistPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{WysiwygPlugin}{Enabled} = 1;
$TWiki::cfg{PluginsOrder} = 'SpreadSheetPlugin';
$TWiki::cfg{ExtensionsRepositories} = 'TWiki.org=(http://twiki.org/cgi-bin/view/Plugins/,http://twiki.org/p/pub/Plugins/)&#39;;
$TWiki::cfg{Plugins}{BackupRestorePlugin}{BackupDir} = '/tmp';
$TWiki::cfg{Plugins}{BackupRestorePlugin}{KeepNumberOfBackups} = '7';
$TWiki::cfg{Plugins}{BackupRestorePlugin}{TempDir} = '/tmp';
$TWiki::cfg{Plugins}{BackupRestorePlugin}{createZipCmd} = '/usr/bin/zip -r';
$TWiki::cfg{Plugins}{BackupRestorePlugin}{listZipCmd} = '/usr/bin/unzip -l';
$TWiki::cfg{Plugins}{BackupRestorePlugin}{unZipCmd} = '/usr/bin/unzip -o';
$TWiki::cfg{Plugins}{BackupRestorePlugin}{Debug} = 0;
$TWiki::cfg{Plugins}{DatePickerPlugin}{Format} = '%Y-%m-%d';
$TWiki::cfg{Plugins}{DatePickerPlugin}{Lang} = 'en';
$TWiki::cfg{Plugins}{DatePickerPlugin}{Style} = 'twiki';
$TWiki::cfg{Plugins}{SetGetPlugin}{Debug} = 0;
$TWiki::cfg{TagMePlugin}{SplitSpace} = 0;
$TWiki::cfg{TagMePlugin}{NormalizeTagInput} = 0;
$TWiki::cfg{TagMePlugin}{LogAction} = 0;
$TWiki::cfg{TagMePlugin}{AlwaysRefine} = 0;
$TWiki::cfg{TagMePlugin}{UserAgnostic} = 0;
$TWiki::cfg{TagMePlugin}{TagLenLimit} = 30;
$TWiki::cfg{JSCalendarContrib}{format} = '%Y-%m-%d';
$TWiki::cfg{JSCalendarContrib}{lang} = 'en';
$TWiki::cfg{JSCalendarContrib}{style} = 'blue';
$TWiki::cfg{MailerContrib}{EmailFilterIn} = '';
$TWiki::cfg{MailerContrib}{CustomUserGroupNotations} = '';
$TWiki::cfg{Site}{CharSet} = 'iso-8859-1';
$TWiki::cfg{Plugins}{WatchlistPlugin}{ChangesFormat} = '| $title in <nop>$web web | $date - r$rev - $wikiname |';
$TWiki::cfg{Plugins}{WatchlistPlugin}{ChangesHeader} = '| Topic | Last Update |';
$TWiki::cfg{Plugins}{WatchlistPlugin}{ChangesFooter} = '<div style="margin: 5px 0 0 3px;">Show %CALCULATE{$SET(limit, %URLPARAM{"limit" default="50"}%)$LISTJOIN(, , $LISTMAP($IF($VALUE($GET(limit))==$item, <b>$item</b>, <a href="%SCRIPTURLPATH{"view"}%/%WEB%/%TOPIC%?limit=$item" rel="nofollow">$item</a>), 10, 20, 50, 100, 500, 1000))}% recent changes</div>';
$TWiki::cfg{Plugins}{WatchlistPlugin}{EmptyMessage} = 'The watchlist is empty. To watch topics, select the "Watch" menu item on topics of interest.';
$TWiki::cfg{Plugins}{WatchlistPlugin}{NotifyTextFormat} = '- $topic in $web web, updated by $wikiname, $date, r$rev$n $viewscript/$web/$topic$n$n';
$TWiki::cfg{Plugins}{WatchlistPlugin}{UseEmailField} = 0;
$TWiki::cfg{Plugins}{WatchlistPlugin}{LogAction} = 1;
$TWiki::cfg{Plugins}{WatchlistPlugin}{Debug} = 0;
$TWiki::cfg{Plugins}{JqPlotPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{LdapContribAdminPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{LdapNgPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{LdapNgPlugin}{UseDefaultServer} = 1;
$TWiki::cfg{Plugins}{LdapNgPlugin}{DisableLDAPUSERS} = 0;
$TWiki::cfg{Plugins}{LdapNgPlugin}{Helper} = '';
$TWiki::cfg{Plugins}{LdapNgPlugin}{CacheBlob} = 0;
$TWiki::cfg{Plugins}{LdapNgPlugin}{AutoClear} = 0;
$TWiki::cfg{Plugins}{LdapNgPlugin}{SeparatorAfterHeaderBeforeFooter} = 0;
$TWiki::cfg{Plugins}{LdapNgPlugin}{DynamicWikiNames}{Enabled} = 1;
$TWiki::cfg{Plugins}{LdapNgPlugin}{DynamicWikiNames}{RequireLoggedIn} = 1;
$TWiki::cfg{Plugins}{LdapNgPlugin}{DynamicWikiNames}{Filter} = 'objectClass=User';
$TWiki::cfg{Plugins}{LdapNgPlugin}{DynamicWikiNames}{Format} = '|Name|$givenName $sn|$n|Mail|$mail|';
$TWiki::cfg{Ldap}{Debug} = 1;
$TWiki::cfg{Ldap}{Host} = 'ldap.server.com';
$TWiki::cfg{Ldap}{Port} = 389;
$TWiki::cfg{Ldap}{Version} = '3';
$TWiki::cfg{Ldap}{Base} = 'DC=domain,DC=com';
$TWiki::cfg{Ldap}{BindDN} = 'CN=ldap,CN=Users,DC=domain,DC=com';
$TWiki::cfg{Ldap}{BindPassword} = 'password';
$TWiki::cfg{Ldap}{UseSASL} = 0;
$TWiki::cfg{Ldap}{SASLMechanism} = 'PLAIN CRAM-MD5 EXTERNAL ANONYMOUS';
$TWiki::cfg{Ldap}{GSSAPIuser} = '';
$TWiki::cfg{Ldap}{UseTLS} = 0;
$TWiki::cfg{Ldap}{TLSSSLVersion} = 'tlsv1';
$TWiki::cfg{Ldap}{TLSVerify} = 'require';
$TWiki::cfg{Ldap}{TLSCAPath} = '';
$TWiki::cfg{Ldap}{TLSCAFile} = '';
$TWiki::cfg{Ldap}{TLSClientCert} = '';
$TWiki::cfg{Ldap}{TLSClientKey} = '';
$TWiki::cfg{Ldap}{SecondaryPasswordManager} = 'TWiki::Users::HtPasswdUser';
$TWiki::cfg{Ldap}{UserScope} = 'sub';
$TWiki::cfg{Ldap}{LoginFilter} = 'objectClass=user';
$TWiki::cfg{Ldap}{LoginAttribute} = 'userPrincipalName';
$TWiki::cfg{Ldap}{LoginPattern} = '^.+$';
$TWiki::cfg{Ldap}{MailAttribute} = 'mail';
$TWiki::cfg{Ldap}{WikiNameAttributes} = 'cn';
$TWiki::cfg{Ldap}{NormalizeWikiNames} = 1;
$TWiki::cfg{Ldap}{NormalizeLoginNames} = 0;
$TWiki::cfg{Ldap}{CaseSensitiveLogin} = 0;
$TWiki::cfg{Ldap}{WikiNameAliases} = '';
$TWiki::cfg{Ldap}{AllowChangePassword} = 0;
$TWiki::cfg{Ldap}{PreserveTWikiUserMapping} = 1;
$TWiki::cfg{Ldap}{PreserveWikiNames} = 0;
$TWiki::cfg{Ldap}{MapGroups} = 1;
$TWiki::cfg{Ldap}{GroupScope} = 'sub';
$TWiki::cfg{Ldap}{GroupFilter} = 'objectClass=group';
$TWiki::cfg{Ldap}{GroupAttribute} = 'cn';
$TWiki::cfg{Ldap}{GroupPattern} = '^.+$';
$TWiki::cfg{Ldap}{PrimaryGroupAttribute} = 'gidNumber';
$TWiki::cfg{Ldap}{MemberAttribute} = 'memberUid';
$TWiki::cfg{Ldap}{InnerGroupAttribute} = 'memberUid';
$TWiki::cfg{Ldap}{MemberIndirection} = 0;
$TWiki::cfg{Ldap}{WikiGroupsBackoff} = 1;
$TWiki::cfg{Ldap}{NormalizeGroupNames} = 0;
$TWiki::cfg{Ldap}{CaseSensitiveGroup} = 0;
$TWiki::cfg{Ldap}{RewriteGroups} = {};
$TWiki::cfg{Ldap}{MergeGroups} = 0;
$TWiki::cfg{Ldap}{Precache} = 'all';
$TWiki::cfg{Ldap}{MaxCacheAge} = 86400;
$TWiki::cfg{Ldap}{CLIOnlyRefresh} = 0;
$TWiki::cfg{Ldap}{PageSize} = 500;
$TWiki::cfg{Ldap}{BackupCacheFile} = 0;
$TWiki::cfg{Ldap}{BackupFileAge} = 0;
$TWiki::cfg{Ldap}{Exclude} = 'WIKIWORDS, admin, guest';
$TWiki::cfg{Ldap}{UserBase} = ['OU=O365,OU=Azure,DC=domain,DC=com'];
$TWiki::cfg{Ldap}{GroupBase} = ['OU=TwikiGroups,DC=domain,DC=com'];
1;

debug.txt:
| 2017-09-01 - 21:30:49 | tieing cache with mode read (10.4.5.54/ssoid/web.topic/LdapContrib.pm:839)
| 2017-09-01 - 21:30:49 | called untieCache () (10.4.5.54/ssoid/web.topic/LdapContrib.pm:841)
| 2017-09-01 - 21:30:49 | cacheAge=9999999999, maxCacheAge=86400, LASTUPDATED=0, refresh=1 (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:30:49 | called refreshCache with mode 1, preserveTWikiUserMapping: 0 (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:30:49 | tieing cache with mode read (10.4.5.54/ssoid/web.topic/LdapContrib.pm:891)
| 2017-09-01 - 21:30:49 | called eachGroupMember(TWikiAdminGroup) (10.4.5.54/ssoid/Main.TWikiGuest/UserMapping.pm:349)
| 2017-09-01 - 21:30:49 | TWikiAdminGroup is not a valid groupName (10.4.5.54/ssoid/Main.TWikiGuest/callerFile:callerLine)
| 2017-09-01 - 21:30:49 | called isGroup(christopher.crowe@spmcPLEASENOSPAM.com) (10.4.5.54/ssoid/Main.TWikiGuest/callerFile:callerLine)
| 2017-09-01 - 21:30:49 | called checkCacheForGroupName(christopher.crowe@spmcPLEASENOSPAM.com) (10.4.5.54/ssoid/Main.TWikiGuest/LdapContrib.pm:2184)
| 2017-09-01 - 21:30:49 | called getGroupNames() (10.4.5.54/ssoid/Main.TWikiGuest/callerFile:callerLine)
| 2017-09-01 - 21:30:49 | called isIgnoredGroup(christopher.crowe@spmcPLEASENOSPAM.com) (10.4.5.54/ssoid/Main.TWikiGuest/LdapContrib.pm:3405)
| 2017-09-01 - 21:30:49 | called getAllIgnoredGroups() (10.4.5.54/ssoid/Main.TWikiGuest/callerFile:callerLine)
| 2017-09-01 - 21:30:49 | called untieCache () (10.4.5.54/ssoid/Main.TWikiGuest/LdapContrib.pm:521)
| 2017-09-01 - 21:30:56 | tieing cache with mode read (10.4.5.54/ssoid/web.topic/LdapContrib.pm:839)
| 2017-09-01 - 21:30:56 | called untieCache () (10.4.5.54/ssoid/web.topic/LdapContrib.pm:841)
| 2017-09-01 - 21:30:56 | cacheAge=9999999999, maxCacheAge=86400, LASTUPDATED=0, refresh=1 (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:30:56 | called refreshCache with mode 1, preserveTWikiUserMapping: 0 (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:30:56 | tieing cache with mode read (10.4.5.54/ssoid/web.topic/LdapContrib.pm:891)
| 2017-09-01 - 21:30:56 | called eachGroupMember(TWikiAdminGroup) (10.4.5.54/ssoid/Main.WebHome/UserMapping.pm:349)
| 2017-09-01 - 21:30:56 | TWikiAdminGroup is not a valid groupName (10.4.5.54/ssoid/Main.WebHome/callerFile:callerLine)
| 2017-09-01 - 21:30:56 | TWikiContributor is not a valid loginName (10.4.5.54/ssoid/Main.WebHome/callerFile:callerLine)
| 2017-09-01 - 21:30:56 | called isGroup(TWikiAdminGroup) (10.4.5.54/ssoid/Main.WebHome/callerFile:callerLine)
| 2017-09-01 - 21:30:56 | TWikiAdminGroup is not a valid groupName (10.4.5.54/ssoid/Main.WebHome/callerFile:callerLine)
| 2017-09-01 - 21:30:56 | TWikiAdminGroup is not a valid loginName (10.4.5.54/ssoid/Main.WebHome/callerFile:callerLine)
| 2017-09-01 - 21:30:56 | called eachGroupMember(TWikiAdminGroup) (10.4.5.54/ssoid/Main.WebHome/UserMapping.pm:349)
| 2017-09-01 - 21:30:56 | called eachGroupMember(TWikiAdminGroup) (10.4.5.54/ssoid/Main.WebHome/UserMapping.pm:349)
| 2017-09-01 - 21:30:56 | called untieCache () (10.4.5.54/ssoid/Main.WebHome/LdapContrib.pm:521)
| 2017-09-01 - 21:30:59 | tieing cache with mode read (10.4.5.54/ssoid/web.topic/LdapContrib.pm:839)
| 2017-09-01 - 21:30:59 | called untieCache () (10.4.5.54/ssoid/web.topic/LdapContrib.pm:841)
| 2017-09-01 - 21:30:59 | cacheAge=9999999999, maxCacheAge=86400, LASTUPDATED=0, refresh=1 (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:30:59 | called refreshCache with mode 1, preserveTWikiUserMapping: 0 (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:30:59 | tieing cache with mode read (10.4.5.54/ssoid/web.topic/LdapContrib.pm:891)
| 2017-09-01 - 21:30:59 | called eachGroupMember(TWikiAdminGroup) (10.4.5.54/ssoid/Main.UserList/UserMapping.pm:349)
| 2017-09-01 - 21:30:59 | TWikiAdminGroup is not a valid groupName (10.4.5.54/ssoid/Main.UserList/callerFile:callerLine)
| 2017-09-01 - 21:30:59 | TWikiContributor is not a valid loginName (10.4.5.54/ssoid/Main.UserList/callerFile:callerLine)
| 2017-09-01 - 21:30:59 | called untieCache () (10.4.5.54/ssoid/Main.UserList/LdapContrib.pm:521)
| 2017-09-01 - 21:31:05 | tieing cache with mode read (10.4.5.54/ssoid/web.topic/LdapContrib.pm:839)
| 2017-09-01 - 21:31:05 | called untieCache () (10.4.5.54/ssoid/web.topic/LdapContrib.pm:841)
| 2017-09-01 - 21:31:05 | cacheAge=9999999999, maxCacheAge=86400, LASTUPDATED=0, refresh=1 (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:31:05 | called refreshCache with mode 1, preserveTWikiUserMapping: 0 (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:31:05 | tieing cache with mode read (10.4.5.54/ssoid/web.topic/LdapContrib.pm:891)
| 2017-09-01 - 21:31:05 | called eachGroupMember(TWikiAdminGroup) (10.4.5.54/ssoid/Main.UserList/UserMapping.pm:349)
| 2017-09-01 - 21:31:05 | TWikiAdminGroup is not a valid groupName (10.4.5.54/ssoid/Main.UserList/callerFile:callerLine)
| 2017-09-01 - 21:31:05 | TWikiContributor is not a valid loginName (10.4.5.54/ssoid/Main.UserList/callerFile:callerLine)
| 2017-09-01 - 21:31:05 | called untieCache () (10.4.5.54/ssoid/Main.UserList/LdapContrib.pm:521)

Warn####.txt - I tried several formats of the username.

| 2017-09-01 - 21:11:11 | (TWiki::Contrib::LdapContrib) LdapContrib - no result looking for group christopher.crowe in LDAP (groupAttribute cn). Adding group to ignore list. (10.4.5.54/ssoid/Main.UserList/LdapContrib.pm:2184)
| 2017-09-01 - 21:11:22 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:11:22 | (TWiki::Contrib::LdapContrib) LdapContrib - no result looking for group christopher.crowe@spmcPLEASENOSPAM.com in LDAP (groupAttribute cn). Adding group to ignore list. (10.4.5.54/ssoid/Main.UserList/LdapContrib.pm:2184)
| 2017-09-01 - 21:11:26 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:11:26 | (TWiki::Contrib::LdapContrib) LdapContrib - no result looking for group ccrowe in LDAP (groupAttribute cn). Adding group to ignore list. (10.4.5.54/ssoid/Main.UserList/LdapContrib.pm:2184)
| 2017-09-01 - 21:13:33 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:13:33 | (TWiki::Contrib::LdapContrib) LdapContrib - no result looking for group christophercrowe in LDAP (groupAttribute cn). Adding group to ignore list. (10.4.5.54/ssoid/Main.UserList/LdapContrib.pm:2184)
| 2017-09-01 - 21:16:56 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:17:00 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:17:04 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:28:08 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:29:20 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:29:22 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:29:23 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:29:32 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:30:49 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:30:56 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:30:59 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:31:05 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:34:03 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:34:11 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:34:34 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:34:42 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:34:42 | (TWiki::Contrib::LdapContrib) LdapContrib - no result looking for group christopher crowe in LDAP (groupAttribute cn). Adding group to ignore list. (10.4.5.54/ssoid/Main.UserList/LdapContrib.pm:2184)
| 2017-09-01 - 21:34:48 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:34:56 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:35:01 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)

-- Christopher Crowe - 2017-09-01

Discussion and Answer

Your LDAP server is Microsoft. As it is typical for that company, everything they do is a bit non-standard. A few Microsoft specific settings that should help:

$TWiki::cfg{Ldap}{UserBase} = 'dc=example,dc=com';
$TWiki::cfg{Ldap}{LoginFilter} = 'objectClass=user';
$TWiki::cfg{Ldap}{LoginAttribute} = 'sAMAccountName';
$TWiki::cfg{Ldap}{GroupBase} = 'ou=group,dc=example,dc=com';
$TWiki::cfg{Ldap}{GroupFilter} = 'objectClass=group';
$TWiki::cfg{Ldap}{PrimaryGroupAttribute} = 'gidNumber';
$TWiki::cfg{Ldap}{Exclude} = 'TWikiAdminGroup, TWikiGuest, TWikiContributor, RegistrationAgent, UnknownUser, AdminGroup, NobodyGroup, AdminUser, admin, guest';

LDAP settup can be tricky. I recommend to contact the LDAP admin in your org for the recommended settings.

-- Peter Thoeny - 2017-09-03

Aside from LoginAttribute and the additional exceptions in your example the rest in my configuration is the same. I am the LDAP admin and have the settings I need. It's usually straight forward after plugging in a few simple details as I have a few other systems running off LDAP. This looked pretty straight forward as well, but not fully understanding the logs here. I'll change the LoginAttribute to see if that makes the difference.

But why does LdapContrib think that the below are not actual groups / users? Is it trying to check for these in LDAP?

| 2017-09-01 - 21:30:59 | TWikiAdminGroup is not a valid groupName (10.4.5.54/ssoid/Main.UserList/callerFile:callerLine) | 2017-09-01 - 21:30:59 | TWikiContributor is not a valid loginName (10.4.5.54/ssoid/Main.UserList/callerFile:callerLine)

Also, in the logs I can see that it's searching for the usernames I type in via "groupAttribute cn" but it doesn't specify what group it's actually searching. I'm assuming it's searching in a group within the GroupBase i specified?

What also has not been clear is whether or not using LDAP is a sync with these plugins or just a reference for authentication. Meaning, once this is working, will the users show in the twiki user list as well as the groups?

Thanks for your help Peter.

-- Christopher Crowe - 2017-09-04

Changing the attribute did not make a difference.

Just in case I would not be able to get this to work i started to prepare on using apache ldap authentication to load the site. Interesting enough, when i added the ldap configurations in the httpd.conf for /var/www/twiki it passed the credentials into twiki. So when i logged in to the pop up login box and authenticated the logged in user actually showed me logged in to twiki under that username and was relying on twikigroups for access rights. I was able to login via userPrincipalName and twiki converted it from name@domainPLEASENOSPAM.com to namedomaincom as the twiki username.

I would much rather be able to authenticate via the twiki login page rather than the Apache pop-up, so i must be missing some minor detail that is preventing this considering it's able to pass the credentials to Twiki.

If i'm unable to get this working, is it possible to have twiki present the username as name@domainPLEASENOSPAM.com instead of it converting to namedomaincom?

-- Christopher Crowe - 2017-09-05

      Change status to:
ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.
SupportForm
Status Asked
Title TWiki 6.0.2 AD Authentication
SupportCategory CategoryAuthentication
TWiki version 6.0.2
Server OS Centos 7
Web server Apache
Perl version

Browser & version chrome, IE
Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 2017-09-05 - ChristopherCrowe
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.