MediaWiki 无法让 LDAP 身份验证工作
MediaWiki cant get LDAP authentication to work
我 运行 没主意了。我无法让 LDAP 身份验证在我的网络上工作,我有一台本地机器(Linux Ubuntu 14 with mediawiki)
Domain Name - XXXX
Domain Controllers - OBI1.XXXX.local cg-p-dc-04.XXXX.local cg-p-dc-05.XXXX.local
这是我的LocalSettings.php
require_once "$IP/extensions/LdapAuthentication/LdapAuthentication.php";
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "XXXX" );
$wgLDAPServerNames = array( "XXXX" => "cg-p-dc-05.XXXX.local" );
$wgLDAPProxyAgent = array("XXXX" => "cn=serviceaccount,dc=XXXX,dc=local");
$wgLDAPProxyAgentPassword = array("XXXX"=> "XXXX01");
$wgLDAPSearchStrings = array( "XXXX" => "XXXX\USER-NAME" );
$wgLDAPEncryptionType = array( "XXXX" => "clear" );
$wgLDAPUseLocal = false;
$wgMinimalPasswordLength = 1;
$wgLDAPBaseDNs = array( "XXXX" => "dc=XXXX,dc=local" );
$wgLDAPSearchAttributes = array( "XXXX" => "sAMAccountName" );
$wgLDAPRetrievePrefs = array( "XXXX" => "true" );
$wgLDAPPreferences = array('XXXX' => array( 'email' => 'mail','realname' => 'displayname'));
$wgLDAPDebug = 3; //for debugging LDAP
$wgShowExceptionDetails = true; //for debugging MediaWiki
$wgDebugLogGroups['ldap'] = '/var/www/html/XXXXwiki/wiki.log';
error_reporting( -1 );
ini_set( 'display_errors', 1 );
这是我的日志摘录
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering validDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 User is not using a valid domain ().
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Setting domain as: invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering allowPasswordChange
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering modifyUITemplate
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering validDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 User is using a valid domain (XXXX).
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Setting domain as: XXXX
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getCanonicalName
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Username is: username
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Munged username: username
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering authenticate for username username
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering Connect
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Can't set option to LDAP! Option code and value: 0=2
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Can't set option to LDAP! Option code and value: 1=0
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getSearchString
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Doing a straight bind
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Binding as the user
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Failed to bind as uid=username,ou=people,dc=LDAP,dc=XXXX,dc=local
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering strict.
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Returning true in strict().
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering allowPasswordChange
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
无论我尝试什么样的设置,我仍然得到 Incorrect password entered. Please try again.
我在 Mediawiki 支持上问过这个问题,但没有得到任何反馈
heiglandreas 是对的,因为您正在使用 AD(假设是因为您正在寻找 sAMAccountName),您需要先绑定扩展。
因此您应该添加以下指令:
$wgLDAPProxyAgent = array('XXXXX' => 'cn=someone,dc=XXXX,dc=local');
$wgLDAPProxyAgentPassword = array('XXXX' => 'password');
显然 cn=someone,dc=XXXX,dc=local 和密码应该更改以反映您 AD 中的真实凭据。
我已经设法解决了这个问题。似乎我的 linux 框不喜欢我的域控制器的主机名的想法,我不得不恢复使用这些机器的 IP 地址以使其工作。
我 运行 没主意了。我无法让 LDAP 身份验证在我的网络上工作,我有一台本地机器(Linux Ubuntu 14 with mediawiki)
Domain Name - XXXX
Domain Controllers - OBI1.XXXX.local cg-p-dc-04.XXXX.local cg-p-dc-05.XXXX.local
这是我的LocalSettings.php
require_once "$IP/extensions/LdapAuthentication/LdapAuthentication.php";
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "XXXX" );
$wgLDAPServerNames = array( "XXXX" => "cg-p-dc-05.XXXX.local" );
$wgLDAPProxyAgent = array("XXXX" => "cn=serviceaccount,dc=XXXX,dc=local");
$wgLDAPProxyAgentPassword = array("XXXX"=> "XXXX01");
$wgLDAPSearchStrings = array( "XXXX" => "XXXX\USER-NAME" );
$wgLDAPEncryptionType = array( "XXXX" => "clear" );
$wgLDAPUseLocal = false;
$wgMinimalPasswordLength = 1;
$wgLDAPBaseDNs = array( "XXXX" => "dc=XXXX,dc=local" );
$wgLDAPSearchAttributes = array( "XXXX" => "sAMAccountName" );
$wgLDAPRetrievePrefs = array( "XXXX" => "true" );
$wgLDAPPreferences = array('XXXX' => array( 'email' => 'mail','realname' => 'displayname'));
$wgLDAPDebug = 3; //for debugging LDAP
$wgShowExceptionDetails = true; //for debugging MediaWiki
$wgDebugLogGroups['ldap'] = '/var/www/html/XXXXwiki/wiki.log';
error_reporting( -1 );
ini_set( 'display_errors', 1 );
这是我的日志摘录
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering validDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 User is not using a valid domain ().
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Setting domain as: invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering allowPasswordChange
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering modifyUITemplate
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering validDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 User is using a valid domain (XXXX).
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Setting domain as: XXXX
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getCanonicalName
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Username is: username
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Munged username: username
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering authenticate for username username
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering Connect
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Can't set option to LDAP! Option code and value: 0=2
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Can't set option to LDAP! Option code and value: 1=0
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getSearchString
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Doing a straight bind
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Binding as the user
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Failed to bind as uid=username,ou=people,dc=LDAP,dc=XXXX,dc=local
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering strict.
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Returning true in strict().
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering allowPasswordChange
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
无论我尝试什么样的设置,我仍然得到 Incorrect password entered. Please try again.
我在 Mediawiki 支持上问过这个问题,但没有得到任何反馈
heiglandreas 是对的,因为您正在使用 AD(假设是因为您正在寻找 sAMAccountName),您需要先绑定扩展。
因此您应该添加以下指令:
$wgLDAPProxyAgent = array('XXXXX' => 'cn=someone,dc=XXXX,dc=local');
$wgLDAPProxyAgentPassword = array('XXXX' => 'password');
显然 cn=someone,dc=XXXX,dc=local 和密码应该更改以反映您 AD 中的真实凭据。
我已经设法解决了这个问题。似乎我的 linux 框不喜欢我的域控制器的主机名的想法,我不得不恢复使用这些机器的 IP 地址以使其工作。