Jump to content

Topic on Extension talk:LdapAuth

do_bind: invalid dn

2 comments • 06:23, 6 November 2019 5 years ago
2
46.189.19.66 (talkcontribs)

Hello Trix Tri,


i can't bind our LDAP Users (Debian 8 openLDAP Server)

My Config...

wfLoadExtension( 'LdapAuth' );

$wgGroupPermissions['*']['autocreateaccount'] = true;

$wgLdapAuthDomainNames = 'Domain'; <- Can i use any Name here?

$wgLdapAuthServers = 'IP';

$wgLdapAuthBindDN = 'cn=user,dc=domain,dc=com';

$wgLdapAuthBindPass = 'password';

$wgLdapAuthBaseDN = 'ou=people,ou=PDF,l=location,dc=domain,dc=com';

$wgLdapAuthSearchFilter = '(&(objectClass=person)(uid=%1$s))';

$wgLdapAuthUsernameField = 'uid';

$wgLdapAuthSearchTree = true;

$wgLdapAuthUseLocal = true;

$wgLdapAuthEncryptionType = false;

$wgLdapAuthIsActiveDirectory = false;

$wgLdapAuthRequireDomain = true;


uid = user.name


In LDAP log comes this error...

ldap slapd[777]: conn=14420181 op=1 do_bind: invalid dn (user.name@Domain)


LDAP structur

uid=user.name,ou=people,ou=PDF,l=location,dc=domain,dc=com


What goes wrong?

Reply 12:10, 5 November 2019 5 years ago
TrixTri (talkcontribs)

Copy my entire config in the post 'Mediawiki 1.33' keeping the same format which is quite different to what you are using.

One thing you can modify is the search filter, mine will only allow users in a particular group, if you want to allow all users change the line to

$wgLdapAuthSearchFilter = ['domain' => '(&(objectClass=user)(sAMAccountName=%1$s))'];

Reply 06:23, 6 November 2019 5 years ago
Reply to "do_bind: invalid dn"
Retrieved from "https://www.mediawiki.org/wiki/Topic:Vaiy2p8hzm38dipq"