Jump to content

Extension talk:Windows NTLM LDAP Auto Auth

Add topic
From mediawiki.org
Latest comment: 15 years ago by Tempmantemp in topic next

group mapping for version 1.12

[edit]

this works for me but changes does not effect! Insert near line 215.

<syntaxhighlgiht lang="php"> // Check user is in securty group 

  $securityFlag = false;
     $i = 0;
  foreach ($wgWinLDAPGroupMapExternal as $securityGroup) {
     foreach ($wgWinLDAPGroupMembership as $userGroup) {
        if ($userGroup == $securityGroup) {
           $securityFlag = true;

+ $dbr = wfGetDB( DB_SLAVE ); + $user_id = $dbr->selectField( 'user', 'user_id', array( 'user_real_name' => $wgWinLDAPUserReal ), __METHOD__ ); + $dbw = wfGetDB( DB_MASTER ); + $dbw->insert( 'user_groups', array( 'ug_user' => $user_id, 'ug_group' => $wgWinLDAPGroupMapInternal[$i],), 'User::addGroup', array( 'IGNORE' ) ); + $this->debugme("Security group check passed added User $wgWinLDAPUserReal ID $user_id to group $wgWinLDAPGroupMapInternal[$i]"); </syntaxhighlgiht>

have fun ! hkl

next

[edit]
Latest comment: 15 years ago1 comment1 person in discussion

Anybody know how this compares/differs from Extension:LDAP_Authentication?--Tempmantemp 09:21, 2 February 2009 (UTC)Reply

Is it possible to Port that one to Apache/Linux? I want Single-Sign-On on my Network and Default Auth from outside... -- plvoy 21:27, 8 March 2010 (GMT)

Due to updates in file SpecialUserlogin.php in 1.15.3. this extension doesn't work. Workaround is to use (less secure) SpecialUserlogin.php from 1.15.2. instead -- Honza 1:29, 8 April 2010 (CEST)

empty mail and error mapping

[edit]

(Sorry for my very bad english)

Problems:

  1. If user are not email, this line fail : $wgWinLDAPUserEmail = $records[$i]["mail"][0];
  2. I add this lines in LocalSettings.php :


  • $wgWinLDAPGroupMapExternal = array("CN=MySuperGroup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr","CN=MySuperGroup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr","CN=MyUserGoup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr");
  • $wgWinLDAPGroupMapInternal = array("sysop","bureaucrat","user");


After connection, in my debug file I found :


  • Debug : Group membership [3]
  • Debug : Group membership [CN=****,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr]
  • Debug : Group membership [CN=MySuperGroup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr]
  • Debug : Group membership [CN=****,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr]
  • Debug : Security group check passed added to group [sysop]
  • Debug : Security group check passed added to group [bureaucrat]


The mapping seems to work but the user is not connected to groups sysop and bureaucrat (he stay just user)

What's the problem ?

Linux and IIS 7

[edit]

Is this extension useable within the Linux environment without using IIS for authentication?

Also, it says this has been tested up to IIS 5, what about IIS 7?

1.20 Installation

[edit]
  • As the extension does not use passwords, you must set $wgMinimalPasswordLength = 0; in LocalSettings.php (same 1.16 Installation notes)
  • LocalSettings.php change

change line: 

require_once('AuthPlugin.php');

to: 

require_once('includes/AuthPlugin.php');
  • WinNTLMLDAPAutoAuth.php cahnge

change Line62-Line77: 

    // Submit a fake login form to authenticate the user.
    $username = $wgWinLDAPGCServerValue;
    $params = new FauxRequest(array(
            'wpName' => $username,
            'wpPassword' => '',
            'wpDomain' => '',
            'wpRemember' => ''
            )); 
 
    // Authenticate user data will automatically create new users.
    $loginForm = new LoginForm($params);
    $result = $loginForm->authenticateUserData();
    if ($result != LoginForm::SUCCESS) {
        error_log('Unexpected authentication failure.');
        return;
    }

to: 

    // Submit a fake login form to authenticate the user.
    $username = $wgWinLDAPGCServerValue;

    $token = '';
    $firsttry = true;
    do {
    	$retry = false;
        $params = new FauxRequest(array(
                'wpName' => $username,
                'wpPassword' => '',
                'wpDomain' => '',
                'wpRemember' => '',
                'wpLoginToken' => $token
                ));

        // Authenticate user data will automatically create new users.
        $loginForm = new LoginForm($params);
        $result = $loginForm->authenticateUserData();
        
        if (firsttry && $result == LoginForm::NEED_TOKEN) {
            $token = $loginForm->getLoginToken();
            $retry = true;
        }elseif ($result != LoginForm::SUCCESS) {
            error_log('Unexpected authentication failure.');
            return;
        } 
        $firsttry = false;

    } while ( $retry );

change Line337: 

function addUser($user, $password)

to: 

function addUser($user, $password, $email='', $realname='')

change Line367: 

function initUser(&$user)

to: 

function initUser(&$user, $autocreate=false)

change Line382: 

function modifyUITemplate(&$template)

to: 

function modifyUITemplate(&$template, &$type)
Retrieved from "https://www.mediawiki.org/w/index.php?title=Extension_talk:Windows_NTLM_LDAP_Auto_Auth&oldid=5036659"