Extension talk:Windows NTLM LDAP Auto Auth
Add topicgroup mapping for version 1.12
[edit]this works for me but changes does not effect! Insert near line 215.
<syntaxhighlgiht lang="php"> // Check user is in securty group
$securityFlag = false; $i = 0; foreach ($wgWinLDAPGroupMapExternal as $securityGroup) { foreach ($wgWinLDAPGroupMembership as $userGroup) { if ($userGroup == $securityGroup) { $securityFlag = true;
+ $dbr = wfGetDB( DB_SLAVE ); + $user_id = $dbr->selectField( 'user', 'user_id', array( 'user_real_name' => $wgWinLDAPUserReal ), __METHOD__ ); + $dbw = wfGetDB( DB_MASTER ); + $dbw->insert( 'user_groups', array( 'ug_user' => $user_id, 'ug_group' => $wgWinLDAPGroupMapInternal[$i],), 'User::addGroup', array( 'IGNORE' ) ); + $this->debugme("Security group check passed added User $wgWinLDAPUserReal ID $user_id to group $wgWinLDAPGroupMapInternal[$i]"); </syntaxhighlgiht>
have fun ! hkl
next
[edit]Anybody know how this compares/differs from Extension:LDAP_Authentication?--Tempmantemp 09:21, 2 February 2009 (UTC)
Is it possible to Port that one to Apache/Linux? I want Single-Sign-On on my Network and Default Auth from outside... -- plvoy 21:27, 8 March 2010 (GMT)
Due to updates in file SpecialUserlogin.php in 1.15.3. this extension doesn't work. Workaround is to use (less secure) SpecialUserlogin.php from 1.15.2. instead -- Honza 1:29, 8 April 2010 (CEST)
empty mail and error mapping
[edit](Sorry for my very bad english)
Problems:
- If user are not email, this line fail : $wgWinLDAPUserEmail = $records[$i]["mail"][0];
- I add this lines in LocalSettings.php :
- $wgWinLDAPGroupMapExternal = array("CN=MySuperGroup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr","CN=MySuperGroup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr","CN=MyUserGoup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr");
- $wgWinLDAPGroupMapInternal = array("sysop","bureaucrat","user");
After connection, in my debug file I found :
- Debug : Group membership [3]
- Debug : Group membership [CN=****,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr]
- Debug : Group membership [CN=MySuperGroup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr]
- Debug : Group membership [CN=****,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr]
- Debug : Security group check passed added to group [sysop]
- Debug : Security group check passed added to group [bureaucrat]
The mapping seems to work but the user is not connected to groups sysop and bureaucrat (he stay just user)
What's the problem ?
Linux and IIS 7
[edit]Is this extension useable within the Linux environment without using IIS for authentication?
Also, it says this has been tested up to IIS 5, what about IIS 7?
1.20 Installation
[edit]- As the extension does not use passwords, you must set $wgMinimalPasswordLength = 0; in LocalSettings.php (same 1.16 Installation notes)
- LocalSettings.php change
change line:
require_once('AuthPlugin.php');
to:
require_once('includes/AuthPlugin.php');
- WinNTLMLDAPAutoAuth.php cahnge
change Line62-Line77:
// Submit a fake login form to authenticate the user. $username = $wgWinLDAPGCServerValue; $params = new FauxRequest(array( 'wpName' => $username, 'wpPassword' => '', 'wpDomain' => '', 'wpRemember' => '' )); // Authenticate user data will automatically create new users. $loginForm = new LoginForm($params); $result = $loginForm->authenticateUserData(); if ($result != LoginForm::SUCCESS) { error_log('Unexpected authentication failure.'); return; }
to:
// Submit a fake login form to authenticate the user. $username = $wgWinLDAPGCServerValue; $token = ''; $firsttry = true; do { $retry = false; $params = new FauxRequest(array( 'wpName' => $username, 'wpPassword' => '', 'wpDomain' => '', 'wpRemember' => '', 'wpLoginToken' => $token )); // Authenticate user data will automatically create new users. $loginForm = new LoginForm($params); $result = $loginForm->authenticateUserData(); if (firsttry && $result == LoginForm::NEED_TOKEN) { $token = $loginForm->getLoginToken(); $retry = true; }elseif ($result != LoginForm::SUCCESS) { error_log('Unexpected authentication failure.'); return; } $firsttry = false; } while ( $retry );
change Line337:
function addUser($user, $password)
to:
function addUser($user, $password, $email='', $realname='')
change Line367:
function initUser(&$user)
to:
function initUser(&$user, $autocreate=false)
change Line382:
function modifyUITemplate(&$template)
to:
function modifyUITemplate(&$template, &$type)