Tags:
create new tag
view all tags

Question

Colleagues,

Just installed TWiki as a candidate for an intranet collaborative application. We are already running M$ Active Directory 2000. Would like to use LDAP authentication and group membership in twiki. LdapContrib v.0.91 is installed.

Problem: TWikiUsers and TWikiGroups topics only display the built-in entries, nothing from LDAP.

The authentication works as needed: it lets in registered AD users with correct passwords, and rejects anyone else. The logged-in user name displayed on twiki pages is just the Windoze login name (sAMAccountName attribute). The {Ldap}{WikiNameAttribute} and {Ldap}{NormalizeWikiName} settings do not seem to have any effect.

Is there any way to achieve what we want? Where can I look further?

Many, many thanks in advance, Alexandre

P.S. Output of the configure script is attached.

Relevant part of our LocalSite.cfg (with confidential info stripped out) follows: 

$TWiki::cfg{AuthRealm} = 'Enter your TWiki.LoginName. (Typically First name and last name, no space, no dots, capitalized, e.g. !JohnSmith, unless you chose otherwise). Visit TWiki.TWikiRegistration if you do not have one.';
$TWiki::cfg{PasswordManager} = 'TWiki::Users::LdapUser';
$TWiki::cfg{MinPasswordLength} = 6;
$TWiki::cfg{Htpasswd}{FileName} = '/var/www/twiki/data/.htpasswd';
$TWiki::cfg{Htpasswd}{Encoding} = 'crypt';
$TWiki::cfg{Register}{HidePasswd} = 0;
$TWiki::cfg{UserMappingManager} = 'TWiki::Users::LdapUserMapping';
$TWiki::cfg{Register}{AllowLoginName} = 1;

$TWiki::cfg{Ldap}{Host} = 'ldap.site.company.com';
$TWiki::cfg{Ldap}{Port} = 389;
$TWiki::cfg{Ldap}{Version} = '3';
$TWiki::cfg{Ldap}{Base} = 'DC=site,DC=company,DC=com';
$TWiki::cfg{Ldap}{BasePasswd} = 'OU=USERS,OU=SITE,DC=site,DC=company,DC=com';
$TWiki::cfg{Ldap}{BaseGroup} = 'OU=GROUPS,OU=SITE,DC=site,DC=company,DC=com';
$TWiki::cfg{Ldap}{LoginAttribute} = 'sAMAccountName';
$TWiki::cfg{Ldap}{LoginFilter} = 'objectClass=user';
$TWiki::cfg{Ldap}{GroupAttribute} = 'cn';
$TWiki::cfg{Ldap}{GroupFilter} = 'objectClass=group';
$TWiki::cfg{Ldap}{MemberAttribute} = 'memberOf';
$TWiki::cfg{Ldap}{MemberIndirection} = 1;
$TWiki::cfg{Ldap}{WikiNameAttribute} = 'sn, givenName';
$TWiki::cfg{Ldap}{NormalizeWikiName} = 1; 
#$TWiki::cfg{Ldap}{TWikiGroupsBackoff} = 1;
$TWiki::cfg{Ldap}{BindDN} = 'CN=Trofimov\, Alexandre,OU=USERS,OU=SITE,DC=site,DC=company,DC=com';
$TWiki::cfg{Ldap}{BindPassword} = 'secret';
$TWiki::cfg{Ldap}{SSL} = 0; 
$TWiki::cfg{Ldap}{MaxCacheHits} = -1; 
$TWiki::cfg{Ldap}{MapGroups} = 1;
$TWiki::cfg{Ldap}{Exclude} = 'TWikiGuest, TWikiContributor, TWikiRegistrationAgent, TWikiAdminGroup, NobodyGroup';

Environment

TWiki version: TWikiRelease04x01x02
TWiki plugins: Default package + LdapContrib, Glue, LdapNG, NewUser
Server OS: Ubuntu Linux 6.06, kernel 2.6.15-28-686
Web server: Apache 2.0.55
Perl version: 5.8.7
Client OS: Ubuntu Linux 6.06, kernel 2.6.15-28-686
Web Browser: Firefox 1.5.0.10
Categories: Authentication, Authorisation

-- AlexandreTrofimov - 22 Mar 2007

Answer

ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

Hi Alexandre,

Perhaps the config details from LdapContribLoginsAreSpotty would be useful to you.

When I'm able to login I see the WikiName instead of the login name in the upper left corner and using the NewUserPlugin my WikiName was added to the Users page.

Unfortunately in my case I think I either have a setting wrong somewhere or there is an issue with LdapContrib as logins don't always work.

-- DeorenMoor - 10 Apr 2007

added link in LdapContribDev

-- SvenDowideit - 30 Apr 2007

Please upgrade to the latest LdapContrib v1.0.1 and try again, please.

-- MichaelDaum - 01 May 2007

See my post LdapAuthenticationCaseSensitivityBug

'sAMAccountName', your LoginAttribute, typically uses capital-letter characters for values because that's how Microsoft likes it.

It'd be interesting to know if this is the cause of your problem or not - your symptoms are very similar to my bug. If this is your problem, you could try a workaround until it is fixed.

-- KevinFirko - 17 May 2007

Michael:

Many thanks! It works like a charm after upgrading to v.1.11 of LdapContrib.

Deoren:

Had similar issues, resolved by disabling mod_perl.

Kevin:

On our site, letters' case in login name do not seem to affect the login process: it all works the same, whether I use trofimov, Trofimov, or TROFIMOV - mapped correctly to LastnameFirstname wiki name.

-- AlexandreTrofimov - 08 Jun 2007

Change status to:
WebForm
SupportStatus AnsweredQuestions
Attachments Attachments
Topic attachments
I Attachment History Action Size Date Who Comment
Unknown file formatgz twiki-configuration.html.tar.gz r1 manage 33.2 K 2007-03-22 - 16:52 UnknownUser Output of configure script, gripped html.
Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r7 - 2007-06-08 - AlexandreTrofimov
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.